passbolt-browser-extension 5.3.0 → 5.4.0

package/CHANGELOG.md

@@ -4,6 +4,84 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [5.4.0] - 2025-08-13
+### Added
+- PB-44201: E2EE The organisation settings offer now a simplified way to activate metadata encryption and the new resource types
+- PB-42205: E2EE encrypted metadata and new resource types are activated by default after the first administrator setup
+- PB-43255: Add support for multiple uri import export on kdbx files
+- PB-43110: ZK - WP4.2 As a signed-in user I should not be allowed to upgrade resources with missing key situation
+- PB-43712: Translate the application in Czech
+- PB-43939: ZK - WP3.2 Add an app event to get or find the metadata keys settings
+- PB-43980: Add support for custom field import export on kdbx files
+- PB-44080: ZK - WP4.1 Create a dialog explaining the missing key situation
+- PB-44081: ZK - WP4.3 As a signed-in user I should not be allowed to create resources with missing key situation in the resource workspace
+- PB-44090: ZK - WP4.4 As a signed-in user I should not be allowed to edit resources with missing key situation
+- PB-44091: ZK - WP4.5 As a signed-in user I should not be allowed to share resources with missing key situation
+- PB-44094: ZK - WP4.6 As a signed-in user I should not be allowed to import resources with missing key situation
+- PB-44095: ZK - WP4.7 As a signed-in user I should not be allowed to move resources with missing key situation
+- PB-44096: ZK - WP4.8 As a signed-in user I should not be allowed to move folders with missing key situation
+- PB-44097: ZK - WP4.9 Display a page explaining the missing key situation on the quick app
+- PB-44098: ZK - WP4.10 As a signed-in user I should not be allowed to create resources with missing key situation in the quick app
+- PB-44099: ZK - WP4.11 As a signed-in user I should not be allowed to generate password on the inform menu
+- PB-44206: ZK - WP4.14 As administrators I cannot trigger the encrypted metadata migration if I have missing metadata keys
+- PB-44211: ZK - WP3.5 Add MetadataKeysSettingsLocalStorageContextProvider to the App and the quick-app and the inform menu
+- PB-44212: CU - WP5.2 Update ExternalResourceEntity buildDtoFromResourceEntityDto to support custom fields
+- PB-44286: ZK - WP3.6 Add a quick app and inform menu event to get the metadata keys settings
+- PB-44295: ZK - WP4.15 As a signed-in user with missing keys I should not be able to create resource if metadata shared key is enforced on the inform menu
+- PB-44296: ZK - WP4.16 As a signed-in user I should not be allowed to move shared folders into personal folders with missing key situation
+- PB-44327: Display sub-folders in breadcrumbs
+- PB-44374: Extend notes v5 max length to 50_000
+
+### Fixed
+- PB-43296: Displaying resource activities should not crash the application when a resource activity does not have related user or group
+- PB-43652: The sentence to change the passphrase in the user settings workspace should have a space after.
+- PB-43657: Resources loading became noticeably slower after migrating to encrypted
+- PB-43667: Cancelling the user passphrase request should not trigger an error when sharing missing metadata key
+- PB-43676: Cancelling the user passphrase should not freeze the create resource dialog
+- PB-43719: After importing resources from Bitwarden the URIs are not separated correctly
+- PB-43784: Display the progression of the encryption of metadata in the import dialog
+- PB-43906: User should be notified of any errors while loading comments
+- PB-44079: Update/Create a method in resourceLocalStorage.js to bulk delete resources
+- PB-44161: As a user I should not see the resource description and note warning message if only one of them is concerned
+- PB-44273: Activities are not loaded when new resource is clicked after load more activities of a previous resource
+
+### Maintenance
+- PB-43585: Azure SSO login_hint settings can now be configured
+- PB-43908: Move logic of commentModel file to a service and update assertions in controllers
+- PB-44076: Create a Controller to handle Resource Delete
+- PB-44077: Create a dedicated Service to handle resource deletion
+- PB-44396: the endpoint complete/recover.json is now used instead of the legacy endpoint
+
+### Security
+- PB-43730: Upgrade vulnerable library brace-expansion
+
+## [5.3.2] - 2025-07-17
+### Added
+- PB-25265 Flush clipboard strategy
+- PB-43095 Display the metadata issue in the HealthCheck served by the UI
+- PB-43403 Search resources should take into account available custom fields information in the web application
+
+### Improved
+- PB-43474 As LU I should be able to clear the search field with a button
+
+### Fixed
+- PB-43916 Fix hitting the key enter on the search fields
+- PB-43996 Users should access encrypted metadata section of the administration guide on the help site when clicking on the documentation CTA from the sidebar
+
+### Maintenance
+- PB-43491 The resource activities should use a service worker service to request the service worker
+- PB-43496 The user should be notified if an error occurs while displaying additional resource activities
+- PB-43501 Cover ActionLogService API service and rename class as per naming convention
+- PB-43502 Move logic of ActionLogModel into FindActionLogService
+- PB-43506 Move logic of event passbolt.actionlogs.find-all-for into its dedicated Controller
+- PB-43738 Create DeleteUserService to call the userService deleteDryRun
+- PB-43739 Create DeleteDryRunUserController to call the DeleteUserService
+- PB-43750 An unexpected error should be displayed on delete user
+- PB-43904 Add a service to request or send data CommentsServiceWorkerService
+- PB-43907 Add tests for commentService API service and rename the service class as per naming convention
+- PB-43938 Create a GetOrFindMetadataKeysSettingsController to retrieve the metadata keys settings
+- PB-43940 Create a MetadataKeysSettingsLocalStorageContextProvider to retrieve the metadata keys settings
+
 ## [5.3.0] - 2025-06-09
 
 ### Added
@@ -2278,7 +2356,10 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.2.0...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.4.0...HEAD
+[5.4.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.3.3...v5.4.0
+[5.3.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.3.0...v5.3.2
+[5.3.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.2.0...v5.3.0
 [5.2.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.1.1...v5.2.0
 [5.1.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.1.0...v5.1.1
 [5.1.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.0.1...v5.1.0

package/Gruntfile.js

@@ -119,7 +119,7 @@ module.exports = function (grunt) {
       service_worker: {
         files: [
           { expand: true, cwd: path.src_chrome_mv3, src: 'serviceWorker.js', dest: path.build + 'serviceWorker' },
-          { expand: true, cwd: `${path.src_chrome_mv3}/offscreens`, src: 'fetch.html', dest: `${path.build}/offscreens` }
+          { expand: true, cwd: `${path.src_chrome_mv3}/offscreens`, src: 'offscreen.html', dest: `${path.build}/offscreens` },
         ]
       },
       web_accessible_resources: {

package/RELEASE_NOTES.md

@@ -1,56 +1,67 @@
-Release song: https://www.youtube.com/watch?v=ubWL8VAPoYw
+Release song: https://www.youtube.com/watch?v=kymdKYtkJbQ
 
-Passbolt 5.3 adds custom fields, one of the five most‑requested features from the community. Built on top of encrypted‑metadata introduced earlier this year, custom fields let users attach additional key‑value pairs to a resource or as a standalone one. Typical use‑cases include centralising CI/CD job variables and storing environment‑specific configuration values that need more structure than a general note.
+Passbolt v5.4.0 ships with encrypted metadata and the accompanying new resource types promoted to stable. These capabilities have been battle-tested for months, and the last remaining edge cases have been smoothed out so they can now be enabled for everyone.
 
-Custom fields rely on encrypted metadata, therefore the feature is still in beta and is not yet available on Passbolt Cloud. A step‑by‑step guide on how to enable the encrypted metadata  on a self‑hosted instance will be available in a blog post that will be published soon. The encrypted‑metadata feature is scheduled to be marked as stable in Passbolt 5.4, planned for August 2025.
+Removing the beta label means that every new instance starts with encrypted metadata activated by default. As a result, features introduced in previous releases, such as icons, multiple URIs and custom fields, are available from day one without any action from end-users.
 
-As part of our continuous performance work, this release concentrates on folder browsing. Loading folders and their resources is now faster and reduces the load on API and client, improving day-to-day usability for organizations having thousands of credentials under management.
+For existing instances, the activation process has been simplified: administrators can decide with a single click whether their organisation is ready or would prefer to postpone the launch. Once enabled, the instance immediately supports the new resource types and their extended capabilities. Because the change may disrupt external integrations, existing content is not migrated automatically; migration remains the responsibility of content owners or administrators. It can be performed item-by-item in the resource workspace or organisation-wide with the resource-metadata administration migration tool.
 
-Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues, test patches and suggest improvements. For a complete list of changes, consult the changelog.
+Revisiting resource capabilities was also an opportunity to increase the maximum size of secret notes to 50 000 characters, leaving ample room for full certificate chains, keys of any flavour or any long text you need to keep encrypted.
+
+This release further improves cryptographic performance by introducing elliptic-curve keys (Curve25519/Ed25519) for new users. These keys provide security comparable to RSA-3072 while significantly reducing processing time and payload size.
+
+Performance has been tuned for large organisations that manage substantial numbers of users or resources. Among other improvements: Users' workspace now opens more quickly, and deleting multiple resources generates fewer I/O operations.
+
+Czech joins the list of supported languages, allowing native speakers to use Passbolt entirely in their own words, vítejte!
+
+Many thanks to everyone who reported issues and tested encrypted metadata over the past months. Your feedback made this release possible and brings these new features to all users today.
 
 ### Added
-- PB-43269 Create the entity CustomFieldEntity
-- PB-43271 Create the entity collection CustomFieldsCollection
-- PB-43273 Create the entity SecretDataV5StandaloneCustomFieldsCollection
-- PB-43275 Update the resource types schema definitions
-- PB-43277 Update the ResourceMetadataEntity
-- PB-43278 Update the ResourceFormEntity
-- PB-43279 Update the Secret Entities
-- PB-43283 Display a new entry the create/edit dialog to set custom fields on the left sidebar and the menu
-- PB-43284 Create the CustomFieldForm for the create/edit dialog
-- PB-43285 Handle the CustomFieldForm warnings and limitation
-- PB-43286 Update create/edit resource to select secret custom fields for a standalone custom fields
-- PB-43287 Display the Custom Fields section on the right sidebar
-- PB-43289 Display standalone custom fields in the component DisplayResourceCreationMenu
-- PB-43290 Display standalone custom fields in the component DisplayResourcesWorkspaceMainMenu
-- PB-43291 Display the URIs section in the right sidebar
-- PB-43374 Add validation on keys and values of each elements of custom fields for the resource form entity
-- PB-43377 Add set collection into entity v2
-- PB-43145 Find a list of resources based on IDs and that are suitable for local storage from the API
-- PB-43146 Find a list of resources based on a parent folder id and that are suitable for the local storage from the API
-- PB-43133 Display padding below tags in resource workspace left sidebar
-- PB-42185 The folder caret that expands or collapses folders in the tree should have a larger clickable area to make it easier to use
-- PB-43222 Improve the group dialog to match the new share dimensions
-- PB-43147 Find and update resources based on parent folder id for the local storage
-- PB-43148 Create a connector for finding resources based on a parent id for the styleguide to call it later
-- PB-43149 Create a ResourcesServiceWorkerService to call the service worker for resource related operations
-- PB-43150 Implement the optimised call in the Styleguide when filtering by a folder
-- PB-43151 Optimise the data retrieved from the API such that updates are not done if unnecessary
-- PB-43156 Clarify implications for backups and other devices before changing the passphrase in the user settings workspace
-- PB-43489 Display unexpected error if there is any issue during the secret decryption
+- PB-44201: E2EE The organisation settings offer now a simplified way to activate metadata encryption and the new resource types
+- PB-42205: E2EE encrypted metadata and new resource types are activated by default after the first administrator setup
+- PB-43255: Add support for multiple uri import export on kdbx files
+- PB-43110: ZK - WP4.2 As a signed-in user I should not be allowed to upgrade resources with missing key situation
+- PB-43712: Translate the application in Czech
+- PB-43939: ZK - WP3.2 Add an app event to get or find the metadata keys settings
+- PB-43980: Add support for custom field import export on kdbx files
+- PB-44080: ZK - WP4.1 Create a dialog explaining the missing key situation
+- PB-44081: ZK - WP4.3 As a signed-in user I should not be allowed to create resources with missing key situation in the resource workspace
+- PB-44090: ZK - WP4.4 As a signed-in user I should not be allowed to edit resources with missing key situation
+- PB-44091: ZK - WP4.5 As a signed-in user I should not be allowed to share resources with missing key situation
+- PB-44094: ZK - WP4.6 As a signed-in user I should not be allowed to import resources with missing key situation
+- PB-44095: ZK - WP4.7 As a signed-in user I should not be allowed to move resources with missing key situation
+- PB-44096: ZK - WP4.8 As a signed-in user I should not be allowed to move folders with missing key situation
+- PB-44097: ZK - WP4.9 Display a page explaining the missing key situation on the quick app
+- PB-44098: ZK - WP4.10 As a signed-in user I should not be allowed to create resources with missing key situation in the quick app
+- PB-44099: ZK - WP4.11 As a signed-in user I should not be allowed to generate password on the inform menu
+- PB-44206: ZK - WP4.14 As administrators I cannot trigger the encrypted metadata migration if I have missing metadata keys
+- PB-44211: ZK - WP3.5 Add MetadataKeysSettingsLocalStorageContextProvider to the App and the quick-app and the inform menu
+- PB-44212: CU - WP5.2 Update ExternalResourceEntity buildDtoFromResourceEntityDto to support custom fields
+- PB-44286: ZK - WP3.6 Add a quick app and inform menu event to get the metadata keys settings
+- PB-44295: ZK - WP4.15 As a signed-in user with missing keys I should not be able to create resource if metadata shared key is enforced on the inform menu
+- PB-44296: ZK - WP4.16 As a signed-in user I should not be allowed to move shared folders into personal folders with missing key situation
+- PB-44327: Display sub-folders in breadcrumbs
+- PB-44374: Extend notes v5 max length to 50_000
 
 ### Fixed
-- PB-43109 Fix: from the sidebar when upgrade from v4 to v5 goes wrong the error message in the notification
-- PB-43118 Hide the "Share metadata keys" button in the users workspace action bar for the current signed-in user
-- PB-43215 Fix account recovery creator name
-- PB-43063 Fix group edit dialog double warning message has broken UI
-- PB-43117 Hide the "Share metadata keys" button in the users workspace action bar after sharing missing metadata keys with a user
-- PB-43064 Fix group edit dialog can show a mix of error and warning messages
-- PB-43150: fix folder not being reloaded
-- PB-43424 Clicking on the "open in a new tab” call to action  in the quick application should open the resource url in a new tab
-- PB-43108 Display attention required icon on "metadata keys" label in the user details sidebar if the user is not having access to some metadata keys
-- PB-43217 The default icon stroke width is too thick in the grid and doesn't match the custom icons
-- PB-43220 Copy URL field action button lacks padding and is broken in the SSO settings
-- PB-43168 Align vertically resources workspace select check-boxes
-- PB-43211 The feedback message notifying the administrator when a metadata key has been shared with a user contains a typo
-- PB-43471 Center vertically the icon on the create and edit dialog
+- PB-43296: Displaying resource activities should not crash the application when a resource activity does not have related user or group
+- PB-43652: The sentence to change the passphrase in the user settings workspace should have a space after.
+- PB-43657: Resources loading became noticeably slower after migrating to encrypted
+- PB-43667: Cancelling the user passphrase request should not trigger an error when sharing missing metadata key
+- PB-43676: Cancelling the user passphrase should not freeze the create resource dialog
+- PB-43719: After importing resources from Bitwarden the URIs are not separated correctly
+- PB-43784: Display the progression of the encryption of metadata in the import dialog
+- PB-43906: User should be notified of any errors while loading comments
+- PB-44079: Update/Create a method in resourceLocalStorage.js to bulk delete resources
+- PB-44161: As a user I should not see the resource description and note warning message if only one of them is concerned
+- PB-44273: Activities are not loaded when new resource is clicked after load more activities of a previous resource
+
+### Maintenance
+- PB-43585: Azure SSO login_hint settings can now be configured
+- PB-43908: Move logic of commentModel file to a service and update assertions in controllers
+- PB-44076: Create a Controller to handle Resource Delete
+- PB-44077: Create a dedicated Service to handle resource deletion
+- PB-44396: the endpoint complete/recover.json is now used instead of the legacy endpoint
+
+### Security
+- PB-43730: Upgrade vulnerable library brace-expansion

package/crowdin.yml

@@ -20,4 +20,5 @@ export_languages:
   - sl
   - sv
   - uk
+  - cs
 commit_message: '[skip-ci]'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "5.3.0",
+  "version": "5.4.0",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2025 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -22,7 +22,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^6.1.1",
     "papaparse": "^5.5.2",
-    "passbolt-styleguide": "^5.3.1",
+    "passbolt-styleguide": "^5.4.3",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
@@ -75,12 +75,13 @@
       "cheerio": {
         "undici": "6.21.2"
       }
-    }
+    },
+    "brace-expansion": "^1.1.12"
   },
   "scripts": {
     "build": "npx grunt build",
     "build:background-page": "webpack --config webpack.background-page.config.js",
-    "build:service-worker": "webpack --config webpack.service-worker.config.js; webpack --config webpack-offscreens.fetch.config.js",
+    "build:service-worker": "webpack --config webpack.service-worker.config.js; webpack --config webpack-offscreens.config.js",
     "build:content-scripts": "npm run build:content-scripts:app; npm run build:content-scripts:browser-integration; npm run build:content-scripts:public-website",
     "build:content-scripts:app": "webpack --config webpack-content-scripts.config.js",
     "build:content-scripts:browser-integration": "webpack --config webpack-content-scripts.browser-integration.config.js",
@@ -89,7 +90,7 @@
     "build:web-accessible-resources:app": "webpack --config webpack-data.config.js; webpack --config webpack-data.download.config.js",
     "build:web-accessible-resources:browser-integration": "webpack --config webpack-data.in-form-call-to-action.config.js; webpack --config webpack-data.in-form-menu.config.js",
     "dev:build:background-page": "webpack --env debug=true --config webpack.background-page.config.js",
-    "dev:build:service-worker": "webpack --env debug=true --config webpack.service-worker.config.js; webpack --env debug=true --config webpack-offscreens.fetch.config.js",
+    "dev:build:service-worker": "webpack --env debug=true --config webpack.service-worker.config.js; webpack --env debug=true --config webpack-offscreens.config.js",
     "dev:build:content-scripts": "npm run dev:build:content-scripts:app; npm run dev:build:content-scripts:browser-integration; npm run dev:build:content-scripts:public-website",
     "dev:build:content-scripts:app": "webpack --env debug=true --config webpack-content-scripts.config.js",
     "dev:build:content-scripts:browser-integration": "webpack --env debug=true --config webpack-content-scripts.browser-integration.config.js",
@@ -112,7 +113,7 @@
     "lint:eslint-fix": "eslint -c .eslintrc.json --ext js --ext jsx --fix src",
     "i18n:externalize": "i18next -c ./i18next-parser.config.js",
     "test": "npm run test:unit",
-    "test:unit": "jest --no-cache ./src/all/ ./src/chrome-mv3/",
+    "test:unit": "jest --no-cache ./src/all/ ./src/chrome-mv3/ ./src/chrome/",
     "test:coverage": "jest --no-cache ./src/all/ ./src/chrome-mv3/ --coverage",
     "test:ci:coverage": "npm run test:coverage -- --runInBand"
   }

package/src/all/_locales/cs/messages.json

@@ -0,0 +1,10 @@
+{
+  "appName": {
+    "message": "Passbolt - Open source správce hesel",
+    "description": "The application name of the extension, displayed in the web store. 45 characters max."
+  },
+  "appDescription": {
+    "message": "Rozšíření Passbolt pro open source správce hesel pro týmy.",
+    "description": "The description of the extension, displayed in the web store. 85 characters max."
+  }
+}

package/src/all/background_page/controller/InformMenuController/InformMenuController.js

@@ -88,13 +88,13 @@ class InformMenuController {
     const webIntegrationWorker = await WorkerService.get('WebIntegration', this.worker.tab.id);
     const {username, password: secret_clear} = await webIntegrationWorker.port.request('passbolt.web-integration.get-credentials');
 
-    // Retrieve resource name and uri from tab.
+    // Retrieve resource name and uris from tab.
     const tab = await BrowserTabService.getCurrent();
     const name = tab.title;
-    const uri = tab.url.substr(0, ResourceMetadataEntity.URI_MAX_LENGTH);
+    const uris = [tab.url.substr(0, ResourceMetadataEntity.URI_MAX_LENGTH)];
 
     // Store the resource to save in cache.
-    const resourceDto = {name: name, username: username, uri: uri, secret_clear: secret_clear};
+    const resourceDto = {name: name, username: username, uris: uris, secret_clear: secret_clear};
     const resource = new ExternalResourceEntity(resourceDto);
     await ResourceInProgressCacheService.set(resource);
 

package/src/all/background_page/controller/auth/redirectPostLoginController.js

@@ -0,0 +1,57 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+export default class RedirectPostLoginController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {AbstractAccountEntity} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.account = account;
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec() {
+    try {
+      await this.exec();
+      this.worker.port.emit(this.requestId, 'SUCCESS');
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Redirects the user to the app main page
+   * or to the redirect url if a `redirect` parameter is given in the worker URL.
+   * @returns {Promise<void>}
+   */
+  async exec() {
+    const workerUrl = new URL(this.worker.tab.url);
+    const redirectTo = workerUrl.searchParams.get("redirect");
+
+    const url = /^\/[A-Za-z0-9\-\/]*$/.test(redirectTo)
+      ? `${this.account.domain}${redirectTo}`
+      : this.account.domain;
+
+    chrome.tabs.update(this.worker.tab.id, {url});
+  }
+}

package/src/all/background_page/controller/auth/redirectPostLoginController.test.js

@@ -0,0 +1,82 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+import AccountEntity from "../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../model/entity/account/accountEntity.test.data";
+import RedirectPostLoginController from "./redirectPostLoginController";
+
+beforeEach(() => {
+  jest.resetAllMocks();
+});
+
+describe("RedirectPostLoginController", () => {
+  describe("::exec", () => {
+    it("should redirect to the main entry point if no redirect is set", async() => {
+      expect.assertions(2);
+
+      const worker = {
+        tab: {
+          id: 42,
+          url: "https://www.passbolt.com/test",
+        },
+      };
+      const account = new AccountEntity(defaultAccountDto());
+      const controller = new RedirectPostLoginController(worker, null, account);
+      jest.spyOn(chrome.tabs, "update").mockImplementation(() => {});
+
+      await controller.exec();
+
+      expect(chrome.tabs.update).toHaveBeenCalledTimes(1);
+      expect(chrome.tabs.update).toHaveBeenCalledWith(worker.tab.id, {url: account.domain});
+    });
+
+    it("should redirect to the given URL if a redirect is set", async() => {
+      expect.assertions(2);
+
+      const worker = {
+        tab: {
+          id: 42,
+          url: "https://www.passbolt.com/test?redirect=/app/administration",
+        },
+      };
+      const account = new AccountEntity(defaultAccountDto());
+      const controller = new RedirectPostLoginController(worker, null, account);
+      jest.spyOn(chrome.tabs, "update").mockImplementation(() => {});
+
+      await controller.exec();
+
+      expect(chrome.tabs.update).toHaveBeenCalledTimes(1);
+      expect(chrome.tabs.update).toHaveBeenCalledWith(worker.tab.id, {url: `${account.domain}/app/administration`});
+    });
+
+    it("should not redirect to the given URL if it is not valid", async() => {
+      expect.assertions(2);
+
+      const worker = {
+        tab: {
+          id: 42,
+          url: "https://www.passbolt.com/test?redirect=https://localhost",
+        },
+      };
+      const account = new AccountEntity(defaultAccountDto());
+      const controller = new RedirectPostLoginController(worker, null, account);
+      jest.spyOn(chrome.tabs, "update").mockImplementation(() => {});
+
+      await controller.exec();
+
+      expect(chrome.tabs.update).toHaveBeenCalledTimes(1);
+      expect(chrome.tabs.update).toHaveBeenCalledWith(worker.tab.id, {url: account.domain});
+    });
+  });
+});

package/src/all/background_page/controller/auth/redirectToAdminWorkspaceController.js

@@ -0,0 +1,50 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+export default class RedirectToAdminWorkspaceController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {AbstractAccountEntity} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.account = account;
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec() {
+    try {
+      await this.exec();
+      this.worker.port.emit(this.requestId, 'SUCCESS');
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Redirects the user to the admin workspace
+   * @returns {Promise<void>}
+   */
+  async exec() {
+    const url = `${this.account.domain}/app/administration`;
+    chrome.tabs.update(this.worker.tab.id, {url});
+  }
+}

package/src/all/background_page/controller/auth/redirectToAdminWorkspaceController.test.js

@@ -0,0 +1,45 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+import AccountEntity from "../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../model/entity/account/accountEntity.test.data";
+import RedirectToAdminWorkspaceController from "./redirectToAdminWorkspaceController";
+
+beforeEach(() => {
+  jest.resetAllMocks();
+});
+
+describe("RedirectToAdminWorkspaceController", () => {
+  describe("::exec", () => {
+    it("should redirect to the administration workspace", async() => {
+      expect.assertions(2);
+
+      const worker = {
+        tab: {
+          id: 42,
+        },
+      };
+      const account = new AccountEntity(defaultAccountDto());
+      const expectedUrl = `${account.domain}/app/administration`;
+      console.log(expectedUrl);
+      const controller = new RedirectToAdminWorkspaceController(worker, null, account);
+      jest.spyOn(chrome.tabs, "update").mockImplementation(() => {});
+
+      await controller.exec();
+
+      expect(chrome.tabs.update).toHaveBeenCalledTimes(1);
+      expect(chrome.tabs.update).toHaveBeenCalledWith(worker.tab.id, {url: expectedUrl});
+    });
+  });
+});

package/src/all/background_page/controller/clipboard/cancelClipboardContentFlushController.js

@@ -0,0 +1,51 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.3.2
+ */
+
+import CopyToClipboardService from "../../service/clipboard/copyToClipboardService";
+
+export default class CancelClipboardContentFlushController {
+  /**
+   * CancelClipboardContentFlushController constructor
+   * @param {Worker} worker
+   * @param {string} requestId uuid
+   */
+  constructor(worker, requestId) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.copyToClipboardService = new CopyToClipboardService();
+  }
+
+  /**
+   * Wrapper of exec function to run it with worker.
+   * @return {Promise<void>}
+   */
+  async _exec() {
+    try {
+      await this.exec();
+      this.worker.port.emit(this.requestId, "SUCCESS");
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, "ERROR", error);
+    }
+  }
+
+  /**
+   * Cancel flushing of the clipboard content
+   *
+   * @return {Promise<void>}
+   */
+  async exec() {
+    await this.copyToClipboardService.clearAlarm();
+  }
+}