passbolt-browser-extension 5.10.4 → 5.11.1

package/.gitlab-ci/jobs/publish.yml

@@ -39,7 +39,17 @@ publish-edge:
 
 publish-to-npmjs:
   stage: publish
-  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:24
+  id_tokens:
+    NPM_ID_TOKEN:
+      aud: "npm:registry.npmjs.org"
+    SIGSTORE_ID_TOKEN:
+      aud: sigstore
+  when: manual
+  resource_group: publish/npm
+  environment:
+    name: publish/npm
+    url: https://www.npmjs.com/package/passbolt-browser-extension
   rules:
     - if: "$CI_COMMIT_TAG"
   script:

package/.gitlab-ci/scripts/bin/publish_npm.sh

@@ -9,10 +9,6 @@ CI_SCRIPTS_DIR=$(dirname "$0")/..
 # shellcheck source=.gitlab-ci/scripts/lib/version-check.sh
 source "$CI_SCRIPTS_DIR"/lib/version-check.sh
 
-echo //registry.npmjs.org/:_authToken="$NPM_PUBLISH_TOKEN" > .npmrc
-echo email="$NPM_PUBLISH_EMAIL" >> .npmrc
-echo always-auth=true >> .npmrc
-
 if is_release_candidate "$CI_COMMIT_TAG"; then
   npm publish --tag next
 elif is_release_alpha "$CI_COMMIT_TAG"; then
@@ -23,4 +19,4 @@ elif is_stable "$CI_COMMIT_TAG"; then
   npm publish
 else
    echo "The tag format is not supported"
-fi
+fi

package/.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.30.0  # v8.30.0
+    hooks:
+      - id: gitleaks

package/CHANGELOG.md

@@ -4,6 +4,55 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [5.11.0] - 2026-04-07
+### Added
+- PB-49733 SMTP-OAUTH - WP2.1 Update SmtpSettingsService to SmtpSettingsApiService
+- PB-49734 SMTP-OAUTH - WP1.1 Create the SmtpSettingsEntity
+- PB-49737 SMTP-OAUTH - WP2.2 Update SmtpTestSettingsService to SmtpTestSettingsApiService
+- PB-49738 SMTP-OAUTH - WP2.3 Split SmtpSettingsModel to new architecture pattern
+- PB-49739 SMTP-OAUTH - WP2.4 Split SmtpTestSettingsModel to new architecture pattern
+- PB-49740 SMTP-OAUTH - WP3.1 Adapt context with the new SMTP entities
+- PB-49741 SMTP-OAUTH - WP3.2 Adapt ManageSmtpAdministationSettings to handle the new OAUTH fields
+- PB-50058 OAuth SMTP: add the new styleguide to backend
+- PB-50135 SSO with PingOne
+- PB-50157 Enable avatar upload for Safari
+- PB-50254 SCIM-WP1.2 Adapt form to handle the new date field and display warning message when expired
+- PB-50263 Add a username selector compatible with ProxMox
+
+### Fixed
+- PB-46678 Fix quickaccess closing issue on Safari
+- PB-49237 DisplayUserBadgeMenu attention required should be displayed on Administration page served by API
+- PB-49287 When deleting a user, the URL must changed not to reference the deleted user id
+- PB-49476 Fix autofill for websites using identifier as name for username field
+- PB-49619 Fix username input field selector for OVH
+- PB-49849 Sync generator password policy with the administration after save
+- PB-49866 Fix the expiry column in the resource workspace grid is not present anymore
+- PB-49882 Fix username input field selector for Supermicro IPMI WebUI
+- PB-50023 Fix multifield OTP selector matching hidden inputs
+- PB-50077 Fix React router issue that reloads the page unexpectedly
+- PB-50177 Fix autofill issues for two websites
+
+### Maintenance
+- PB-49129 Delegate tab opening to service worker in order to send all cookie via Safari
+- PB-49459 Timeouts not cleared properly when filtering resources/users grids by keywords
+- PB-49705 Add missing TOTP unit tests
+- PB-49730 Setup an environment for publishing to npmjs registry
+- PB-49998 Add required `data_collection_permissions` for Firefox and set it to `none`
+- PB-50013 Make Safari download custom avatars
+- PB-50118 Major upgrade for locutus (Critical) - passbolt-browser-extension
+- PB-50158 Add Safari enablement through a feature flag
+- PB-50200 Move the logic of passbolt.groups.create to GroupCreateController
+- PB-50201 Update group create call in groupApiService to contain "my_group_user" as urlOptions
+- PB-50202 Add supported formats documentation link in export dialog
+- PB-50225 Create a CreateGroupService.js file and move the create call to api service inside it
+- PB-50338 - Fix phantom @babel/preset-react
+
+### Security
+- PB-49608 Fix ReDoS vulnerability in PGP armor regex validation
+- PB-50271 Fix GHSA-25h7-pfq9-p65f - HIGH CVSS3.1
+- PB-50272 Fix brace-expansion vulnerabilities
+
+
 ## [5.9.0] - 2026-01-21
 ### Fixed
 - PB-43511 Display the "Migrate metadata" admin home page card icon with a 2px stroke width

package/RELEASE_NOTES.md

@@ -1,7 +1,97 @@
-Passbolt 5.10.4 is a hotfix release. It resolves a bug on the resources workspace where filtering resources by URIs would cause the application to crash, a regression surfaced by the latest upgrade of the UI framework.
+Passbolt 5.11.0 introduces improvements to enterprise authentication and integration capabilities, alongside continued security hardening.
 
-If you encountered the issue before updating, resetting your column customization in the workspace will restore normal behavior.
+This release adds support for OAuth-based SMTP authentication for Microsoft Exchange Online and expands SSO coverage with PingOne. It also includes the finalisation of SCIM following external audit fixes.
+
+## SMTP OAuth support for Microsoft Exchange Online 
+
+Passbolt 5.11 introduces OAuth 2.0 support for SMTP with Microsoft Exchange Online, replacing legacy username/password authentication.
+
+Administrators can configure the OAuth (Client Credentials) method by registering an application in Microsoft Entra ID and providing the required tenant ID, client ID, client secret, and service account email.
+
+At runtime, Passbolt retrieves short-lived access tokens to authenticate SMTP connections without user interaction, improving security and aligning with modern authentication standards.
+
+
+## PingOne SSO support (Passbolt Pro)
+
+Passbolt 5.11 adds support for PingOne as a new SSO provider, enabling organisations to authenticate users via their existing Ping Identity infrastructure.
+
+The integration is based on OpenID Connect (OIDC) using the Authorization Code flow, with Passbolt delegating authentication to PingOne and receiving a verified user identity via ID tokens.
+
+Administrators can configure PingOne from the SSO settings using the required environment ID, client ID, client secret, and base URL, with a dry-run option available to validate the setup before activation. Once enabled, users are redirected to PingOne for authentication and seamlessly logged into Passbolt, including during account recovery.
+
+This addition expands Passbolt’s SSO coverage for enterprise environments and removes a key adoption blocker for organisations standardised on Ping Identity.
+
+## SCIM: audit fixes and general availability (Passbolt Pro)
+
+Following the external security audit conducted by Cure53, this release includes fixes addressing the identified findings in the SCIM provisioning implementation.
+
+With these changes, SCIM is now considered stable and exits beta.
+
+The audit-driven improvements strengthen validation, error handling, and overall robustness of the provisioning flow. SCIM is now ready for production use in environments requiring automated user lifecycle management.
+
+## Security improvements
+
+This release continues the ongoing security hardening effort across the platform.
+
+In addition to the SCIM audit fixes, improvements have been made to align with external audit recommendations and reduce potential attack surface in authentication and integration layers.
+
+## Maintenance & performance
+
+This release includes general performance improvements, particularly around background job processing and email delivery workflows.
+
+Email-related operations are now more efficient and better distributed, reducing bottlenecks in high-load environments.
+
+As usual, additional optimisations are already in progress for upcoming releases.
+
+## Conclusion
+
+As usual, the release is also packed with additional improvements and fixes. Check out the changelog to learn more.
+
+Many thanks to everyone who provided feedback, reported bugs, and contributed to making passbolt better!
+
+### Added
+- PB-49733 SMTP-OAUTH - WP2.1 Update SmtpSettingsService to SmtpSettingsApiService
+- PB-49734 SMTP-OAUTH - WP1.1 Create the SmtpSettingsEntity
+- PB-49737 SMTP-OAUTH - WP2.2 Update SmtpTestSettingsService to SmtpTestSettingsApiService
+- PB-49738 SMTP-OAUTH - WP2.3 Split SmtpSettingsModel to new architecture pattern
+- PB-49739 SMTP-OAUTH - WP2.4 Split SmtpTestSettingsModel to new architecture pattern
+- PB-49740 SMTP-OAUTH - WP3.1 Adapt context with the new SMTP entities
+- PB-49741 SMTP-OAUTH - WP3.2 Adapt ManageSmtpAdministationSettings to handle the new OAUTH fields
+- PB-50058 OAuth SMTP: add the new styleguide to backend
+- PB-50135 SSO with PingOne
+- PB-50157 Enable avatar upload for Safari
+- PB-50254 SCIM-WP1.2 Adapt form to handle the new date field and display warning message when expired
+- PB-50263 Add a username selector compatible with ProxMox
 
 ### Fixed
-- PB-50034 As a user I should be able to sort by uris
+- PB-46678 Fix quickaccess closing issue on Safari
+- PB-49237 DisplayUserBadgeMenu attention required should be displayed on Administration page served by API
+- PB-49287 When deleting a user, the URL must changed not to reference the deleted user id
+- PB-49476 Fix autofill for websites using identifier as name for username field
+- PB-49619 Fix username input field selector for OVH
+- PB-49849 Sync generator password policy with the administration after save
+- PB-49866 Fix the expiry column in the resource workspace grid is not present anymore
+- PB-49882 Fix username input field selector for Supermicro IPMI WebUI
+- PB-50023 Fix multifield OTP selector matching hidden inputs
+- PB-50077 Fix React router issue that reloads the page unexpectedly
+- PB-50177 Fix autofill issues for two websites
+
+### Maintenance
+- PB-49129 Delegate tab opening to service worker in order to send all cookie via Safari
 - PB-49459 Timeouts not cleared properly when filtering resources/users grids by keywords
+- PB-49705 Add missing TOTP unit tests
+- PB-49730 Setup an environment for publishing to npmjs registry
+- PB-49998 Add required `data_collection_permissions` for Firefox and set it to `none`
+- PB-50013 Make Safari download custom avatars
+- PB-50118 Major upgrade for locutus (Critical) - passbolt-browser-extension
+- PB-50158 Add Safari enablement through a feature flag
+- PB-50200 Move the logic of passbolt.groups.create to GroupCreateController
+- PB-50201 Update group create call in groupApiService to contain "my_group_user" as urlOptions
+- PB-50202 Add supported formats documentation link in export dialog
+- PB-50225 Create a CreateGroupService.js file and move the create call to api service inside it
+- PB-50338 - Fix phantom @babel/preset-react
+
+### Security
+- PB-49608 Fix ReDoS vulnerability in PGP armor regex validation
+- PB-50271 Fix GHSA-25h7-pfq9-p65f - HIGH CVSS3.1
+- PB-50272 Fix brace-expansion vulnerabilities

package/build-safari-extension/Passbolt-Safari-Extension/Passbolt - password manager Extension/services/fetch/fetchService.swift

@@ -23,6 +23,14 @@
 
 import Foundation
 
+private extension Data {
+    mutating func append(_ string: String) {
+        if let data = string.data(using: .utf8) {
+            append(data)
+        }
+    }
+}
+
 final class FetchService {
 
     // Runs a fetch on the API with profile isolation.
@@ -35,19 +43,31 @@ final class FetchService {
     //   profileUUID: The Safari profile UUID for session isolation
     static func fetch(url: URL, options: [String: Any], profileUUID: String) async throws -> [String: Any] {
         let method = options["method"] as? String ?? "GET"
-        let body = options["body"] as? String ?? ""
         let headers = options["headers"] as? [String: String] ?? [:]
         let cookies = options["cookies"] as? String
 
         var httpRequest = URLRequest(url: url)
         httpRequest.httpMethod = method
-        httpRequest.httpBody = body.data(using: .utf8)
+
+        // Build the body: structured FormData array (may contain files) or plain string
+        if let formDataArray = options["body"] as? [[String: Any]] {
+            let boundary = UUID().uuidString
+            httpRequest.httpBody = buildMultipartBody(formDataArray: formDataArray, boundary: boundary)
+            httpRequest.setValue("multipart/form-data; boundary=\(boundary)", forHTTPHeaderField: "Content-Type")
+        } else {
+            let body = options["body"] as? String ?? ""
+            httpRequest.httpBody = body.data(using: .utf8)
+        }
 
         // SECURITY: Add cache-control headers to prevent response caching
         httpRequest.setValue("no-cache, no-store, must-revalidate", forHTTPHeaderField: "Cache-Control")
         httpRequest.setValue("no-cache", forHTTPHeaderField: "Pragma")
 
         for header in headers {
+            // Skip Content-Type when we already set it for multipart
+            if header.key.lowercased() == "content-type" && httpRequest.value(forHTTPHeaderField: "Content-Type")?.contains("multipart") == true {
+                continue
+            }
             httpRequest.setValue(String(describing: header.value), forHTTPHeaderField: String(describing: header.key))
         }
 
@@ -59,6 +79,74 @@ final class FetchService {
         return try await doFetch(request: httpRequest, profileUUID: profileUUID)
     }
 
+    /// Build a multipart/form-data body from the structured FormData array sent by JavaScript.
+    /// Each entry has: key, value, type ("SCALAR" or "FILE"), and optionally name (for files).
+    /// File values use the data URL format: "data:<mimeType>;base64,<base64Data>"
+    private static func buildMultipartBody(formDataArray: [[String: Any]], boundary: String) -> Data {
+        var body = Data()
+
+        for entry in formDataArray {
+            guard let key = entry["key"] as? String,
+                  let value = entry["value"] as? String,
+                  let type = entry["type"] as? String else {
+                continue
+            }
+
+            let sanitizedKey = sanitizeHeaderValue(key)
+            body.append("--\(boundary)\r\n")
+
+            if type == "FILE" {
+                let rawFilename = entry["name"] as? String ?? "file"
+                let sanitizedFilename = sanitizeFilename(rawFilename)
+                let (mimeType, fileData) = decodeDataURL(value)
+                let sanitizedMimeType = sanitizeHeaderValue(mimeType)
+
+                body.append("Content-Disposition: form-data; name=\"\(sanitizedKey)\"; filename=\"\(sanitizedFilename)\"\r\n")
+                body.append("Content-Type: \(sanitizedMimeType)\r\n\r\n")
+                body.append(fileData)
+                body.append("\r\n")
+            } else {
+                body.append("Content-Disposition: form-data; name=\"\(sanitizedKey)\"\r\n\r\n")
+                body.append("\(value)\r\n")
+            }
+        }
+
+        body.append("--\(boundary)--\r\n")
+        return body
+    }
+
+    /// Sanitize a filename for use in Content-Disposition headers.
+    /// Strips path traversal components, quotes, and CRLF characters.
+    private static func sanitizeFilename(_ raw: String) -> String {
+        let nameOnly = raw.components(separatedBy: CharacterSet(charactersIn: "/\\")).last ?? "file"
+        return sanitizeHeaderValue(nameOnly)
+    }
+
+    /// Sanitize a value interpolated into an HTTP header by removing quotes and CRLF.
+    private static func sanitizeHeaderValue(_ raw: String) -> String {
+        raw.replacingOccurrences(of: "\"", with: "")
+           .replacingOccurrences(of: "\r", with: "")
+           .replacingOccurrences(of: "\n", with: "")
+    }
+
+    /// Decode a data URL (e.g. "data:image/png;base64,iVBOR...") into its MIME type and binary data.
+    private static func decodeDataURL(_ dataURL: String) -> (mimeType: String, data: Data) {
+        let parts = dataURL.components(separatedBy: ",")
+        guard parts.count == 2,
+              let base64Data = Data(base64Encoded: parts[1]) else {
+            return ("application/octet-stream", Data())
+        }
+
+        // Extract MIME type from "data:image/png;base64"
+        let header = parts[0]
+        let mimeType = header
+            .replacingOccurrences(of: "data:", with: "")
+            .components(separatedBy: ";")
+            .first ?? "application/octet-stream"
+
+        return (mimeType, base64Data)
+    }
+
     // The actual fetch sent to the API using a profile-isolated session
     private static func doFetch(request: URLRequest, profileUUID: String) async throws -> [String: Any] {
         // SECURITY: Use profile-specific session, NEVER URLSession.shared

package/eslint.config.mjs

@@ -1,5 +1,4 @@
 import globals from "globals";
-import babelParser from "@babel/eslint-parser";
 import path from "path";
 import { fileURLToPath } from "url";
 
@@ -32,18 +31,13 @@ export default [
     files: ["**/*.{js,jsx,mjs,cjs}"],
 
     languageOptions: {
-      parser: babelParser,
       ecmaVersion: 2024,
       sourceType: "module",
 
       parserOptions: {
-        requireConfigFile: false,
         ecmaFeatures: {
           jsx: true,
         },
-        babelOptions: {
-          presets: ["@babel/preset-react"],
-        },
       },
 
       globals: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "5.10.4",
+  "version": "5.11.1",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2025 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -19,10 +19,9 @@
     "ip-regex": "^5.0.0",
     "jssha": "~3.3.1",
     "kdbxweb": "2.1.1",
-    "locutus": "~2.0.39",
     "openpgp": "^6.1.1",
     "papaparse": "^5.5.2",
-    "passbolt-styleguide": "^5.10.7",
+    "passbolt-styleguide": "^5.11.3",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
@@ -33,31 +32,30 @@
   },
   "devDependencies": {
     "@babel/core": "^7.23.2",
-    "@babel/eslint-parser": "^7.22.9",
     "@babel/helpers": "^7.26.10",
     "@babel/plugin-transform-runtime": "^7.22.9",
     "@babel/preset-env": "^7.22.9",
-    "@babel/preset-react": "^7.22.5",
+    "@babel/preset-react": "^7.28.5",
     "@babel/runtime": "^7.27.0",
     "@babel/runtime-corejs3": "^7.26.10",
-    "@eslint/js": "^9.37.0",
+    "@eslint/js": "^9.39.4",
     "@svgr/webpack": "^8.1.0",
     "babel-jest": "^29.6.2",
     "babel-loader": "^8.2.3",
     "buffer": "^6.0.3",
     "crx": "^5.0.1",
-    "eslint": "^9.37.0",
+    "eslint": "^9.39.4",
     "eslint-config-prettier": "^10.1.8",
     "eslint-import-resolver-alias": "^1.1.2",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jest": "^29.0.1",
-    "eslint-plugin-n": "^17.23.1",
-    "eslint-plugin-no-unsanitized": "^4.1.4",
-    "eslint-plugin-prettier": "^5.5.4",
+    "eslint-plugin-jest": "^29.15.1",
+    "eslint-plugin-n": "^17.24.0",
+    "eslint-plugin-no-unsanitized": "^4.1.5",
+    "eslint-plugin-prettier": "^5.5.5",
     "eslint-plugin-promise": "^7.2.1",
     "eslint-plugin-react": "^7.37.5",
-    "eslint-plugin-regexp": "^2.10.0",
-    "eslint-plugin-security": "^3.0.1",
+    "eslint-plugin-regexp": "^3.1.0",
+    "eslint-plugin-security": "^4.0.0",
     "filereader": "^0.10.3",
     "formdata-node": "^6.0.3",
     "globals": "^16.4.0",

package/src/all/background_page/controller/auth/authLogoutController.js

@@ -54,8 +54,17 @@ class AuthLogoutController {
       return;
     }
 
-    const url = this.apiClientOptions.getBaseUrl().toString();
-    await browser.tabs.update(this.worker.tab.id, { url });
+    /*
+     * Use tabs.reload instead of tabs.update to ensure the page is fully
+     * reloaded from the server. A tabs.update navigation may restore the
+     * page from the browser's Back/Forward Cache (BFCache), resulting in
+     * a stale page with a dead extension message port after sign-out.
+     *
+     * See: PB-50644
+     */
+    await browser.tabs.reload(this.worker.tab.id);
+    // const url = this.apiClientOptions.getBaseUrl().toString();
+    // await browser.tabs.update(this.worker.tab.id, { url });
   }
 }
 

package/src/all/background_page/controller/auth/authLogoutController.test.js

@@ -34,7 +34,7 @@ describe("AuthLogoutController", () => {
     });
 
     it("Should sign-out the user and redirect after.", async () => {
-      expect.assertions(3);
+      expect.assertions(2);
       const logoutSpy = jest.spyOn(AuthModel.prototype, "logout").mockImplementation(() => {});
 
       const worker = {
@@ -48,10 +48,19 @@ describe("AuthLogoutController", () => {
       await controller.exec(true);
 
       expect(logoutSpy).toHaveBeenCalledTimes(1);
-      expect(browser.tabs.update).toHaveBeenCalledTimes(1);
-      expect(browser.tabs.update).toHaveBeenCalledWith(worker.tab.id, {
-        url: apiClientOptions.getBaseUrl().toString(),
-      });
+      expect(browser.tabs.reload).toHaveBeenCalledTimes(1);
+      /*
+       * Use tabs.reload instead of tabs.update to ensure the page is fully
+       * reloaded from the server. A tabs.update navigation may restore the
+       * page from the browser's Back/Forward Cache (BFCache), resulting in
+       * a stale page with a dead extension message port after sign-out.
+       *
+       * See: PB-50644
+       */
+      // expect(browser.tabs.update).toHaveBeenCalledTimes(1);
+      // expect(browser.tabs.update).toHaveBeenCalledWith(worker.tab.id, {
+      //   url: apiClientOptions.getBaseUrl().toString(),
+      // });
     });
   });
 });

package/src/all/background_page/controller/group/groupCreateController.js

@@ -0,0 +1,58 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.11.0
+ */
+import CreateGroupService from "../../service/group/createGroupService";
+import GroupEntity from "../../model/entity/group/groupEntity";
+
+class GroupCreateController {
+  /**
+   * GroupCreateController constructor
+   *
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   * @param {AccountEntity} account The account associated to the worker.
+   */
+  constructor(worker, requestId, apiClientOptions, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.createGroupService = new CreateGroupService(apiClientOptions, account);
+  }
+
+  /**
+   * Controller executor.
+   * @param {object} groupDto The group data
+   * @returns {Promise<void>}
+   */
+  async _exec(groupDto) {
+    try {
+      const group = await this.exec(groupDto);
+      this.worker.port.emit(this.requestId, "SUCCESS", group);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, "ERROR", error);
+    }
+  }
+
+  /**
+   * Create a group.
+   * @param {object} groupDto The group data
+   * @returns {Promise<GroupEntity>}
+   */
+  async exec(groupDto) {
+    const groupEntity = new GroupEntity(groupDto);
+    return this.createGroupService.create(groupEntity);
+  }
+}
+
+export default GroupCreateController;

package/src/all/background_page/controller/group/groupCreateController.test.js

@@ -0,0 +1,67 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.11.0
+ */
+import AccountEntity from "../../model/entity/account/accountEntity";
+import { defaultAccountDto } from "../../model/entity/account/accountEntity.test.data";
+import { defaultApiClientOptions } from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import GroupCreateController from "./groupCreateController";
+import { defaultGroupDto } from "passbolt-styleguide/src/shared/models/entity/group/groupEntity.test.data";
+import GroupEntity from "../../model/entity/group/groupEntity";
+
+describe("GroupCreateController", () => {
+  let controller, account, apiClientOptions;
+
+  beforeEach(async () => {
+    account = new AccountEntity(defaultAccountDto());
+    apiClientOptions = defaultApiClientOptions();
+    controller = new GroupCreateController(null, null, apiClientOptions, account);
+  });
+
+  describe("GroupCreateController::exec", () => {
+    it("Should create a group via the service.", async () => {
+      expect.assertions(2);
+
+      const groupDto = defaultGroupDto({}, { withGroupsUsers: true, withMyGroupUser: true });
+      const createdGroupEntity = new GroupEntity(groupDto);
+
+      jest.spyOn(controller.createGroupService, "create").mockResolvedValue(createdGroupEntity);
+
+      const result = await controller.exec(groupDto);
+
+      expect(result).toBeInstanceOf(GroupEntity);
+      expect(result.name).toEqual(groupDto.name);
+    });
+
+    it("Should call the service with a GroupEntity.", async () => {
+      expect.assertions(2);
+
+      const groupDto = defaultGroupDto({}, { withGroupsUsers: true, withMyGroupUser: true });
+      const createdGroupEntity = new GroupEntity(groupDto);
+
+      jest.spyOn(controller.createGroupService, "create").mockResolvedValue(createdGroupEntity);
+
+      await controller.exec(groupDto);
+
+      expect(controller.createGroupService.create).toHaveBeenCalledTimes(1);
+      expect(controller.createGroupService.create).toHaveBeenCalledWith(expect.any(GroupEntity));
+    });
+
+    it("Should throw if the group dto is invalid.", async () => {
+      expect.assertions(1);
+
+      const groupDto = { name: "" };
+
+      await expect(controller.exec(groupDto)).rejects.toThrow();
+    });
+  });
+});

package/src/all/background_page/controller/tab/openResourceUriTabController.js

@@ -0,0 +1,60 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.11.0
+ */
+
+import sanitizeUrl, { urlProtocols } from "passbolt-styleguide/src/react-extension/lib/Sanitize/sanitizeUrl";
+import BrowserTabService from "../../service/ui/browserTab.service";
+
+export default class OpenResourceUriTabController {
+  /**
+   * @constructor
+   * @param {Worker} worker The associated worker.
+   * @param {string} requestId The associated request id.
+   */
+  constructor(worker, requestId) {
+    this.worker = worker;
+    this.requestId = requestId;
+  }
+
+  /**
+   * Wrapper of exec function to run it with worker.
+   * @return {Promise<void>}
+   */
+  async _exec() {
+    try {
+      await this.exec.apply(this, arguments);
+      this.worker.port.emit(this.requestId, "SUCCESS");
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, "ERROR", error);
+    }
+  }
+
+  /**
+   * Opens the given url in a new tab
+   * @param {string} uriString the URI to try to open on a new tab
+   * @returns {Promise<void>}
+   */
+  async exec(urlString) {
+    const url = sanitizeUrl(urlString, {
+      whiteListedProtocols: [urlProtocols.HTTPS, urlProtocols.HTTP],
+      defaultProtocol: urlProtocols.HTTPS,
+    });
+
+    if (!url) {
+      throw new Error("The given URL is not valid for opening in a new tab.");
+    }
+
+    await BrowserTabService.openTab(url);
+  }
+}