Merge branch 'main' into f-droid

.github/workflows/auth-lint.yml

@@ -9,7 +9,7 @@ on:
             - ".github/workflows/auth-lint.yml"
 
 env:
-    FLUTTER_VERSION: "3.19.3"
+    FLUTTER_VERSION: "3.22.2"
 
 jobs:
     lint:

.github/workflows/auth-release.yml

@@ -29,7 +29,7 @@ on:
             - "auth-v*"
 
 env:
-    FLUTTER_VERSION: "3.19.3"
+    FLUTTER_VERSION: "3.22.2"
 
 jobs:
     build-ubuntu:

.github/workflows/infra-deploy-staff.yml

@@ -1,45 +1,43 @@
 name: "Deploy (staff)"
 
 on:
-    # Run on every push to main that changes web/apps/staff/
+    # Run on every push to main that changes infra/staff/
     push:
         branches: [main]
         paths:
-            - "web/apps/staff/**"
-            - ".github/workflows/web-deploy-staff.yml"
+            - "infra/staff/**"
+            - ".github/workflows/infra-deploy-staff.yml"
     # Also allow manually running the workflow
     workflow_dispatch:
 
 jobs:
-    deploy:
+    lint:
         runs-on: ubuntu-latest
 
         defaults:
             run:
-                working-directory: web
+                working-directory: infra/staff
 
         steps:
             - name: Checkout code
               uses: actions/checkout@v4
-              with:
-                  submodules: recursive
 
             - name: Setup node and enable yarn caching
               uses: actions/setup-node@v4
               with:
                   node-version: 20
                   cache: "yarn"
-                  cache-dependency-path: "web/yarn.lock"
+                  cache-dependency-path: "infra/staff/yarn.lock"
 
             - name: Install dependencies
               run: yarn install
 
-            - name: Build staff
-              run: yarn build:staff
+            - name: Build
+              run: yarn build
 
-            - name: Publish staff
+            - name: Publish
               uses: cloudflare/wrangler-action@v3
               with:
                   accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
                   apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/staff web/apps/staff/dist
+                  command: pages deploy --project-name=ente --commit-dirty=true --branch=deploy/staff infra/staff/dist

.github/workflows/infra-lint-staff.yml

@@ -0,0 +1,34 @@
+name: "Lint (staff)"
+
+on:
+    # Run on every push to a branch other than main that changes infra/staff/
+    push:
+        branches-ignore: [main]
+        paths:
+            - "infra/staff/**"
+            - ".github/workflows/infra-deploy-staff.yml"
+
+jobs:
+    deploy:
+        runs-on: ubuntu-latest
+
+        defaults:
+            run:
+                working-directory: infra/staff
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Setup node and enable yarn caching
+              uses: actions/setup-node@v4
+              with:
+                  node-version: 20
+                  cache: "yarn"
+                  cache-dependency-path: "infra/staff/yarn.lock"
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Lint
+              run: yarn lint

.github/workflows/mobile-internal-release.yml

@@ -4,7 +4,7 @@ on:
     workflow_dispatch: # Allow manually running the action
 
 env:
-    FLUTTER_VERSION: "3.22.0"
+    FLUTTER_VERSION: "3.22.2"
 
 jobs:
     build:

.github/workflows/mobile-lint.yml

@@ -10,7 +10,7 @@ on:
 
 env:
 
-    FLUTTER_VERSION: "3.22.0"
+    FLUTTER_VERSION: "3.22.2"
 
 jobs:
     lint:

.github/workflows/mobile-release.yml

@@ -9,7 +9,7 @@ on:
             - "photos-v*"
 
 env:
-    FLUTTER_VERSION: "3.22.0"
+    FLUTTER_VERSION: "3.22.2"
 
 jobs:
     build:

README.md

@@ -70,7 +70,7 @@ want to give back, please check out Ente Photos or spread the word.
 [<img height="42" src=".github/assets/app-store-badge.svg">](https://apps.apple.com/app/id6444121398)
 [<img height="42" src=".github/assets/play-store-badge.png">](https://play.google.com/store/apps/details?id=io.ente.auth)
 [<img height="42" src=".github/assets/f-droid-badge.png">](https://f-droid.org/packages/io.ente.auth/)
-[<img height="42" src=".github/assets/desktop-badge.png">](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
+[<img height="42" src=".github/assets/desktop-badge.png">](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v3)
 [<img height="42" src=".github/assets/web-badge.svg">](https://auth.ente.io)
 
 </div>

SECURITY.md

@@ -1,51 +1,54 @@
+# Security Policy
+
 Ente believes that working with security researchers across the globe is crucial
 to keeping our users safe. If you believe you've found a security issue in our
-product or service, we encourage you to notify us, by email (security@ente.io)
-or by [filling this
-form](https://github.com/ente-io/ente/security/advisories/new) We welcome
-working with you to resolve the issue promptly. Thanks in advance!
+product or service, we encourage you to notify us by email at security@ente.io
+or by
+[filling out this form](https://github.com/ente-io/ente/security/advisories/new).
+We welcome working with you to resolve the issue promptly. Thanks in advance!
 
 ## Disclosure Policy
 
-- Let us know as soon as possible upon discovery of a potential security issue,
-  and we'll make every effort to quickly resolve the issue.
-- Provide us a reasonable amount of time to resolve the issue before any
-  disclosure to the public or a third-party. We may publicly disclose the issue
-  before resolving it, if appropriate.
-- Make a good faith effort to avoid privacy violations, destruction of data, and
-  interruption or degradation of our service. Only interact with accounts you
-  own or with explicit permission of the account holder.
-- If you would like to encrypt your report, please use the PGP key with long ID
-  `E273695C0403F34F74171932DF6DDDE98EBD2394` (available in the public keyserver
-  pool).
+-   Let us know as soon as possible upon discovery of a potential security
+    issue, and we'll make every effort to quickly resolve the issue.
+-   Provide us with a reasonable amount of time to resolve the issue before any
+    disclosure to the public or a third party. We may publicly disclose the
+    issue before resolving it if appropriate.
+-   Make a good faith effort to avoid privacy violations, destruction of data,
+    and interruption or degradation of our service. Only interact with accounts
+    you own or with the explicit permission of the account holder.
+-   If you would like to encrypt your report, please use the PGP key with long
+    ID `E273695C0403F34F74171932DF6DDDE98EBD2394` (available in the public
+    keyserver pool).
 
 ## In-scope
 
-- Security issues in any current release of Ente's services. Product downloads
-  are available at https://ente.io. Source code is available at
-  https://github.com/ente-io.
+-   Security issues in any current release of Ente's services. Product downloads
+    are available at [https://ente.io](https://ente.io). Source code is
+    available at [https://github.com/ente-io](https://github.com/ente-io).
 
 ## Exclusions
 
-The following bug classes are out-of scope:
+The following bug classes are out of scope:
 
-- Bugs that are already reported on any of [Ente's issue
-  trackers](https://github.com/ente-io), or that we already know of (Note that
-  some of our issue tracking is private)
-- Issues in an upstream software dependency (ex: Flutter, Next.js etc) which are
-  already reported to the upstream maintainer
-- Attacks requiring physical access to a user's device
-- Self-XSS
-- Issues related to software or protocols not under ente's control
-- Vulnerabilities in outdated versions of ente
-- Missing security best practices that do not directly lead to a vulnerability
-- Issues that do not have any impact on the general public
+-   Bugs that are already reported on any of
+    [Ente's issue trackers](https://github.com/ente-io) or that we already know
+    of (note that some of our issue tracking is private).
+-   Issues in an upstream software dependency (e.g., Flutter, Next.js, etc.)
+    that are already reported to the upstream maintainer.
+-   Attacks requiring physical access to a user's device.
+-   Self-XSS.
+-   Issues related to software or protocols not under Ente's control.
+-   Vulnerabilities in outdated versions of Ente.
+-   Missing security best practices that do not directly lead to a
+    vulnerability.
+-   Issues that do not have any impact on the general public.
 
 While researching, we'd like to ask you to refrain from:
 
-- Denial of service
-- Spamming
-- Social engineering (including phishing) of Ente staff or contractors
-- Any physical attempts against Ente property or data centers
+-   Denial of service
+-   Spamming
+-   Social engineering (including phishing) of Ente staff or contractors
+-   Any physical attempts against Ente property or data centers
 
 Thank you for helping keep Ente and our users safe!

auth/README.md

@@ -12,7 +12,7 @@ multi-device sync.
 ### Android
 
 This repository's [GitHub
-releases](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
+releases](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v3)
 contains APKs, built straight from source. These builds keep themselves updated,
 without relying on third party stores.
 
@@ -33,7 +33,7 @@ You can alternatively install the build from PlayStore or F-Droid.
 
 ### Desktop
 
-You can [**download**](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v2)
+You can [**download**](https://github.com/ente-io/ente/releases?q=tag%3Aauth-v3)
 a native desktop app from this repository's GitHub releases. The desktop app
 works on Windows, Linux and macOS.
 

auth/android/app/src/main/res/mipmap-anydpi-v26/launcher_icon.xml

@@ -2,4 +2,5 @@
 <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
   <background android:drawable="@drawable/ic_launcher_background"/>
   <foreground android:drawable="@drawable/ic_launcher_foreground"/>
+  <monochrome android:drawable="@drawable/ic_launcher_foreground"/>
 </adaptive-icon>

auth/assets/custom-icons/_data/custom-icons.json

@@ -17,11 +17,17 @@
     {
       "title": "AscendEX"
     },
+    {
+      "title": "Bitfinex"
+    },
     {
       "title": "BitMEX"
     },
     {
-      "title": "Bitfinex"
+      "title": "BitSkins"
+    },
+    {
+      "title": "Bitstamp"
     },
     {
       "title": "Bitvavo",
@@ -33,15 +39,11 @@
     {
       "title": "Bloom Host",
       "slug": "bloom_host",
-      "altNames": [
-        "Bloom Host Billing"
-      ]
+      "altNames": ["Bloom Host Billing"]
     },
     {
       "title": "BorgBase",
-      "altNames": [
-        "borg"
-      ],
+      "altNames": ["borg"],
       "slug": "BorgBase"
     },
     {
@@ -54,16 +56,19 @@
     {
       "title": "CERN"
     },
+    {
+      "title": "ChangeNOW"
+    },
     {
       "title": "Channel Island Hosting",
       "slug": "cih",
       "hex": "D14633"
     },
     {
-      "title": "ConfigCat"
+      "title": "Cloudflare"
     },
     {
-      "title": "Cloudflare"
+      "title": "ConfigCat"
     },
     {
       "title": "Control D",
@@ -75,17 +80,21 @@
     },
     {
       "title": "DCS",
-      "altNames": [
-        "Digital Combat Simulator"
-      ],
+      "altNames": ["Digital Combat Simulator"],
       "slug": "dcs"
     },
     {
       "title": "DEGIRO"
     },
+    {
+      "title": "DirectAdmin"
+    },
     {
       "title": "Discourse"
     },
+    {
+      "title": "DMarket"
+    },
     {
       "title": "Doppler"
     },
@@ -123,14 +132,15 @@
     {
       "title": "GitLab"
     },
+    {
+      "title": "GMX"
+    },
     {
       "title": "Google"
     },
     {
       "title": "Gosuslugi",
-      "altNames": [
-        "Госуслуги"
-      ],
+      "altNames": ["Госуслуги"],
       "slug": "Gosuslugi"
     },
     {
@@ -141,21 +151,28 @@
       "slug": "healthchecks"
     },
     {
-      "title": "ING"
+      "title": "Hivelocity"
     },
     {
-      "title": "INWX"
+      "title": "IceDrive",
+      "slug": "Icedrive"
+    },
+    {
+      "title": "ING"
     },
     {
       "title": "Instagram"
     },
     {
-      "title": "IVPN",
-      "slug": "IVPN"
+      "title": "INWX"
     },
     {
-      "title": "IceDrive",
-      "slug": "Icedrive"
+      "title": "Itch.io",
+      "slug": "itch_io"
+    },
+    {
+      "title": "IVPN",
+      "slug": "IVPN"
     },
     {
       "title": "Jagex",
@@ -164,10 +181,6 @@
     {
       "title": "Kagi"
     },
-    {
-      "title": "KPN",
-      "color": "00CC00"
-    },
     {
       "title": "Kick",
       "hex": "53FC19"
@@ -178,6 +191,10 @@
     {
       "title": "Koofr"
     },
+    {
+      "title": "KPN",
+      "color": "00CC00"
+    },
     {
       "title": "Kraken",
       "hex": "5848D5"
@@ -199,52 +216,48 @@
     {
       "title": "Local",
       "slug": "local_wp",
-      "altNames": [
-        "LocalWP",
-        "Local WP",
-        "Local Wordpress"
-      ]
+      "altNames": ["LocalWP", "Local WP", "Local Wordpress"]
+    },
+    {
+      "title": "Marketplace.tf",
+      "slug": "marketplacedottf"
     },
     {
       "title": "Mastodon",
-      "altNames": [
-        "mstdn",
-        "fediscience",
-        "mathstodon",
-        "fosstodon"
-      ],
+      "altNames": ["mstdn", "fediscience", "mathstodon", "fosstodon"],
       "slug": "mastodon",
       "hex": "6364FF"
     },
     {
       "title": "Mercado Livre",
       "slug": "mercado_livre",
-      "altNames": [
-        "Mercado Libre",
-        "MercadoLibre",
-        "MercadoLivre"
-      ]
-    },
-    {
-      "title": "Murena",
-      "altNames": [
-        "eCloud"
-      ],
-      "slug": "ecloud"
+      "altNames": ["Mercado Libre", "MercadoLibre", "MercadoLivre"]
     },
     {
       "title": "Microsoft"
     },
+    {
+      "title": "Migros"
+    },
     {
       "title": "Mintos"
     },
     {
       "title": "Mozilla"
     },
+    {
+      "title": "Murena",
+      "altNames": ["eCloud"],
+      "slug": "ecloud"
+    },
     {
       "title": "MyFRITZ!Net",
       "slug": "myfritz"
     },
+    {
+      "title": "Name.com",
+      "slug": "name_com"
+    },
     {
       "title": "NextDNS"
     },
@@ -314,6 +327,14 @@
     {
       "title": "Proxmox"
     },
+    {
+      "title": "Real-Debrid",
+      "slug": "real_debrid"
+    },
+    {
+      "title": "Registro.br",
+      "slug": "registro_br"
+    },
     {
       "title": "Revolt",
       "hex": "858585"
@@ -347,6 +368,9 @@
       "title": "Skiff",
       "hex": "EF5A3C"
     },
+    {
+      "title": "Skinport"
+    },
     {
       "title": "Snapchat"
     },
@@ -355,6 +379,9 @@
       "slug": "standardnotes",
       "hex": "2173E6"
     },
+    {
+      "title": "Surfshark"
+    },
     {
       "title": "Synology DSM",
       "slug": "synology_dsm"
@@ -366,9 +393,7 @@
     },
     {
       "title": "Techlore",
-      "altNames": [
-        "Techlore Courses"
-      ]
+      "altNames": ["Techlore Courses", "Techlore Forums"]
     },
     {
       "title": "Termius",
@@ -402,6 +427,10 @@
       "title": "Ubisoft",
       "hex": "4285f4"
     },
+    {
+      "title": "Ubuntu One",
+      "slug": "ubuntu_one"
+    },
     {
       "title": "Unity",
       "hex": "858585"
@@ -425,28 +454,26 @@
       "title": "WYZE",
       "slug": "wyze"
     },
+    {
+      "title": "WorkOS",
+      "slug": "workos",
+      "altNames": ["Work OS"]
+    },
     {
       "title": "X",
-      "altNames": [
-        "twitter"
-      ],
+      "altNames": ["twitter"],
       "slug": "x"
     },
     {
       "title": "Yandex",
-      "altNames": [
-        "Ya",
-        "Яндекс"
-      ],
+      "altNames": ["Ya", "Яндекс"],
       "slug": "Yandex"
     },
     {
       "title": "YNAB",
-      "altNames": [
-        "You Need A Budget"
-      ],
+      "altNames": ["You Need A Budget"],
       "slug": "ynab",
       "hex": "3B5EDA"
     }
   ]
-}
+}

auth/assets/custom-icons/icons/Notesnook.svg

@@ -1,20 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg"
-  xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 339 339">
-  <defs />
-  <defs>
-    <linearGradient id="b" x1="193.9" x2="198.7" y1="166.8" y2="223.3" gradientTransform="rotate(5 4448 -4204) scale(2.93671)" gradientUnits="userSpaceOnUse" xlink:href="#a" />
-    <linearGradient id="a">
-      <stop offset="0" />
-      <stop offset="1" stop-color="#fff9f9" stop-opacity="0" />
-    </linearGradient>
-    <linearGradient id="c" x1="167.8" x2="270.6" y1="76.9" y2="64.2" gradientTransform="rotate(5 465 -2050) scale(1.50082)" gradientUnits="userSpaceOnUse" xlink:href="#a" />
-  </defs>
-  <g transform="translate(0 42)">
-    <path fill="url(#b)" d="M160 205l154 42-141 44-155-42z" />
-    <path fill="url(#c)" d="M160-35v240l154 42 1-253z" />
-    <path fill="none" stroke-width="1.2" d="M160 205V-35m0 240L18 249m142-44l154 41" />
-    <path d="M84 109l35 54V98l21-7v91l-27 9-35-54v65l-21 6v-91z" />
-    <rect width="86.1" height="12.6" x="185" y="97" fill="#bebebe" ry="2.3" transform="skewY(15) scale(.9669 1)" />
-    <path fill="#bebebe" d="M181 169l99 26 2 3v8c0 1-1 2-2 1l-99-26-2-3v-7c0-2 1-2 2-2zm0-47l99 27 2 2v8l-2 2-99-27c-1 0-2-1-2-3v-7l2-2z" />
-  </g>
-</svg>

auth/assets/custom-icons/icons/bitstamp.svg

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="layer" xmlns="http://www.w3.org/2000/svg"
+  xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+  viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#003B2F;}
+</style>
+<path class="st0" d="M108.8,331.4c0-11.4-6.6-20.5-17.3-24.2c8.1-3.7,13.7-11.4,13.7-21.3c0-15.5-13-26.3-31.5-26.3H21v13.2
+	c8.3,0,15,6.7,15,15s-6.7,15-15,15v11.9c8.3,0,15,6.7,15,15s-6.7,15-15,15V359h55c18.9,0,32.6-11.2,32.6-27.5 M49.3,273.9H71
+	c8.9,0,15.2,5.8,15.2,13.9s-6.3,13.7-15.2,13.7H49.3C49.3,301.5,49.3,273.9,49.3,273.9z M49.3,344.5v-30H73
+	c9.8,0,16.4,6.1,16.4,14.9s-6.6,15.1-16.4,15.1C73,344.5,49.3,344.5,49.3,344.5z M130.2,254.4c6.6,0,11.4,4.7,11.4,11.4
+	s-4.7,11.4-11.4,11.4c-6.6,0-11.2-4.7-11.2-11.4S123.7,254.4,130.2,254.4 M120.7,286.5h18.9v72.4h-18.9V286.5L120.7,286.5z
+	 M176.2,286.4h20.1v14.4h-20.1v34.6c0,5.5,4.4,10.1,9.9,10.2c2.9,0,6.1-0.4,9.6-1.3l2.5,14.2c-5.8,1.5-11.2,2.2-16.4,2.2
+	c-14.5,0-24.6-9.5-24.6-23.4v-67.4c0-2.6,2.1-4.7,4.7-4.7h14.2V286.4L176.2,286.4z M234.6,284.7c8.4,0,17.4,1.7,26.6,5l-4.1,13.6
+	c-7.3-2.8-14.5-4.6-21-4.6c-6.5,0-11.2,3.1-11.2,7.8c0,13.1,38.7,3.6,38.7,31.6c0,13.2-11.9,22.5-29,22.5c-8.9,0-18.6-2-28.8-5.8
+	l4-13.5c8.4,3.4,16.4,5.2,23.4,5.2c7,0,11.9-3.4,11.9-8.4c0-13.7-38.6-4.1-38.6-31.6c0-12.7,11.5-21.9,28.3-21.9 M293.7,286.4h20.1
+	v14.4h-20.1v34.6c0,5.5,4.4,10.1,9.9,10.2c2.9,0,6.1-0.4,9.6-1.3l2.5,14.2c-5.8,1.5-11.2,2.2-16.4,2.2c-14.5,0-24.6-9.5-24.6-23.4
+	v-67.4c0-2.7,2.2-4.7,4.7-4.7h14.2V286.4z M413.8,286.4h15.1l2.4,9.9c5.8-7.5,14.2-11.6,23.8-11.6c10.5,0,19,5,23.2,13.3
+	c6.6-8.6,15.7-13.3,26.2-13.3c15.8,0,27.1,11,27.1,26.4v47.7h-18.9v-44.8c0-8.1-5.8-13.9-14-13.9c-9.6,0-16.4,7.3-16.4,17.6v41.1
+	h-18.9v-44.8c0-8.1-5.8-13.9-13.9-13.9c-9.8,0-16.5,7.3-16.5,17.6v41.1h-18.9v-72.4H413.8z M547.1,286.4h15.1l2.4,9.3
+	c5.3-7.1,13.6-11.1,23.2-11.1c19.5,0,33.3,15.7,33.3,38c0,22.3-13.7,37.9-33.3,37.9c-8.9,0-16.5-3.6-21.8-10v32.2
+	c0,2.6-2.1,4.7-4.7,4.7H547L547.1,286.4L547.1,286.4z M582.8,299.6c-10,0-17.2,7.5-17.2,18.2v9.8c0,10.5,7.1,18.2,17.2,18.2
+	c11.1,0,18.9-9.6,18.9-23C601.8,309.4,593.9,299.7,582.8,299.6 M378.1,327.5c0,10.5-7.1,18.2-17.2,18.2c-11.1,0-18.9-9.6-18.9-23
+	c0-13.4,7.8-23.1,18.9-23.1c10,0,17.2,7.5,17.2,18.2V327.5L378.1,327.5z M396.7,323.3L396.7,323.3v-36.9h-15.1l-2.4,9.3
+	c-5.3-7.1-13.6-11.1-23.2-11.1c-19.5,0-33.3,15.7-33.3,38c0,22.3,13.7,37.9,33.3,37.9c1.1,0,2.2,0,3.3-0.2
+	c8.2-0.8,15.1-4.7,19.9-10.9l2.4,9.3h15.1L396.7,323.3L396.7,323.3z"/>
+</svg>

auth/assets/custom-icons/icons/directadmin.svg

@@ -0,0 +1,8 @@
+<svg width="100" height="100" version="1.1" viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
+	<g transform="rotate(-45 57.071 32.929)">
+		<path fill="#31B7E9" d="m20 0v20h-20v18h40v-38z"/>
+		<rect fill="#0682B4" y="36" width="40" height="4"/>
+		<path fill="#31B7E9" d="m50 0v50h-50v18h70v-68z"/>
+		<rect fill="#0682B4" y="66" width="70" height="4"/>
+	</g>
+</svg>

auth/assets/custom-icons/icons/dmarket.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 2000 1948.02"><defs><style>.cls-1,.cls-2{opacity:0.25;isolation:isolate;}.cls-1{fill:url(#linear-gradient);}.cls-2{fill:url(#linear-gradient-2);}.cls-3{fill:url(#linear-gradient-3);}.cls-4{fill:url(#linear-gradient-4);}</style><linearGradient id="linear-gradient" x1="83.62" y1="947.07" x2="878.54" y2="947.07" gradientTransform="matrix(1, 0, 0, -1, 0, 1923)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#00ba96"/><stop offset="0.52" stop-color="#00d9af"/><stop offset="1" stop-color="#00d9af"/></linearGradient><linearGradient id="linear-gradient-2" x1="1144.49" y1="948.99" x2="2001.4" y2="948.99" gradientTransform="matrix(1, 0, 0, -1, 0, 1923)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#008d85"/><stop offset="1" stop-color="#00ffe0"/></linearGradient><linearGradient id="linear-gradient-3" x1="250.91" y1="949" x2="1904.03" y2="949" gradientTransform="matrix(1, 0, 0, -1, 0, 1923)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#008d94"/><stop offset="1" stop-color="#00ffe0"/></linearGradient><linearGradient id="linear-gradient-4" y1="947.06" x2="794.89" y2="947.06" gradientTransform="matrix(1, 0, 0, -1, 0, 1923)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#00ba96"/><stop offset="0.52" stop-color="#00d9af"/><stop offset="1" stop-color="#00faaf"/></linearGradient></defs><title>dmt</title><g id="Layer_2" data-name="Layer 2"><g id="Layer_1-2" data-name="Layer 1"><path class="cls-1" d="M857,890.24,625.08,489,389.28,83.76a168.38,168.38,0,0,0-54.57-56.49h-1.95a148.49,148.49,0,0,0-56.52,58.44L100.85,389.6a138.94,138.94,0,0,0,0,140.26L311.32,894.13c15.59,25.32,21.44,54.54,21.44,83.76h0a178.34,178.34,0,0,1-21.44,83.76L102.8,1422a138.94,138.94,0,0,0,0,140.26l175.39,303.89c13.64,23.38,33.13,44.8,56.52,58.44h2c23.39-13.64,40.93-33.12,54.57-56.49l233.86-405.18L857,1057.76A171,171,0,0,0,857,890.24Z"/><path class="cls-2" d="M1975.62,878.55,1741.76,475.31,1502.06,60.39a171.53,171.53,0,0,0-42.87-48.7C1449.44,3.9,1439.69,0,1428,0c-122.78,0-206.58,3.9-268.94,3.9-9.74,0-15.59,11.69-13.64,21.43l60.41,339c0,3.9,0,7.79-1.95,11.69-23.39,42.86-21.44,95.45,3.9,138.31l214.37,374c15.59,27.27,23.39,56.49,23.39,85.71s-7.8,58.44-23.39,85.71l-216.32,374c-25.33,42.86-25.33,95.45-3.9,138.31,2,3.9,2,7.79,2,11.69l-60.41,337c-2,9.74,3.9,21.43,13.64,21.43,56.52,0-23.39,5.84,276.73,5.84,5.85,0,13.64-2,19.49-3.9,21.44-7.79,35.08-33.12,46.77-54.54l239.71-416.87,231.91-403.24c37-58.47,37-130.53,3.9-190.92"/><path class="cls-3" d="M1880.13,890.24,1414.36,83.76C1385.13,33.12,1330.56,0,1270.15,0H338.61c-31.18,0-60.41,9.74-87.7,25.32v1.95a168.38,168.38,0,0,1,54.57,56.49L539.34,489c21.44-9.74,46.77-15.58,70.16-15.58H995.36c60.41,0,115,31.17,144.21,83.76L1332.5,890.24c29.23,50.65,29.23,114.93,0,167.53l-192.93,333.11c-29.23,50.65-85.75,83.76-144.21,83.76H611.44a168.21,168.21,0,0,1-70.16-15.58L307.43,1864.24a168.38,168.38,0,0,1-54.57,56.49v2c25.33,15.58,56.52,25.32,87.7,25.32H1274c60.41,0,115-31.17,144.21-83.76L1884,1057.76c27.31-52.59,27.31-114.93-3.87-167.52"/><path class="cls-4" d="M771.25,890.24,539.34,489,305.48,83.76a168.38,168.38,0,0,0-54.57-56.49H249a148.49,148.49,0,0,0-56.52,58.44L19,387.65a138.94,138.94,0,0,0,0,140.26L229.47,892.18c15.59,25.32,21.44,54.54,21.44,83.76h0a178.34,178.34,0,0,1-21.44,83.76L19,1422a138.94,138.94,0,0,0,0,140.26l175.4,303.92c13.64,23.38,33.13,44.8,56.52,58.44h2c23.39-13.64,40.93-33.12,54.57-56.49L541.3,1463l231.9-401.29C802.43,1005.17,802.43,942.83,771.25,890.24Z"/></g></g></svg>

auth/assets/custom-icons/icons/gmx.svg

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg">
+   <circle cx="512" cy="512" r="512" style="fill:#004788"/>
+   <path d="m736.6 506.6 50.1-83.3h-51.1L709 465.6l-28.6-42.3h-56l59 83.2-59 93.9h56l31.9-53.4 37.8 53.4h50l-63.5-93.8zm-185.1-83.4-38 94.8-36-94.8h-45.4L402 600.6h45.9l14.8-102.2h.5l40.7 102.2h18.4l42.6-102.2h.6l12.9 102.2h46.1l-26.9-177.4h-46.1zm-233.8 78.5v36.1h37.6c-2 20.2-17.3 30.6-37.1 30.6-30.1 0-46.4-27.7-46.4-55.2s15.6-55.6 45.7-55.6c18.5 0 31.7 11.2 38.1 27.9l43.5-18.2c-15.2-32.9-43.2-49.2-79.5-49.2-56.8 0-95.5 37.6-95.5 94.8 0 55.4 38.5 93 93.9 93 29.4 0 55.4-10.5 72.6-34.6 15.4-21.8 17.6-43.9 18-69.7h-90.9z" style="fill:#fff"/>
+</svg>

auth/assets/custom-icons/icons/hivelocity.svg

@@ -0,0 +1 @@
+<svg id="logosandtypes_com" data-name="logosandtypes com" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 150 150"><defs><style>.cls-1{fill:none;}.cls-2{fill:#e31937;}</style></defs><g id="Layer_2" data-name="Layer 2"><path id="Layer_3" data-name="Layer 3" class="cls-1" d="M0,0H150V150H0Z" transform="translate(0 0)"/></g><rect class="cls-2" x="13.34" y="14.37" width="15.01" height="123.08"/><rect class="cls-2" x="122.92" y="14.37" width="15.01" height="123.08"/><rect class="cls-2" x="43.36" y="54.9" width="64.54" height="15.01"/><rect class="cls-2" x="43.36" y="83.42" width="64.54" height="15.01"/></svg>

auth/assets/custom-icons/icons/itch_io.svg

@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="235.452" width="261.728"
+  viewBox="0 0 245.371 220.736">
+  <path
+    d="M31.99 1.365C21.287 7.72.2 31.945 0 38.298v10.516C0 62.144 12.46 73.86 23.773 73.86c13.584 0 24.902-11.258 24.903-24.62 0 13.362 10.93 24.62 24.515 24.62 13.586 0 24.165-11.258 24.165-24.62 0 13.362 11.622 24.62 25.207 24.62h.246c13.586 0 25.208-11.258 25.208-24.62 0 13.362 10.58 24.62 24.164 24.62 13.585 0 24.515-11.258 24.515-24.62 0 13.362 11.32 24.62 24.903 24.62 11.313 0 23.773-11.714 23.773-25.046V38.298c-.2-6.354-21.287-30.58-31.988-36.933C180.118.197 157.056-.005 122.685 0c-34.37.003-81.228.54-90.697 1.365zm65.194 66.217a28.025 28.025 0 0 1-4.78 6.155c-5.128 5.014-12.157 8.122-19.906 8.122a28.482 28.482 0 0 1-19.948-8.126c-1.858-1.82-3.27-3.766-4.563-6.032l-.006.004c-1.292 2.27-3.092 4.215-4.954 6.037a28.5 28.5 0 0 1-19.948 8.12c-.934 0-1.906-.258-2.692-.528-1.092 11.372-1.553 22.24-1.716 30.164l-.002.045c-.02 4.024-.04 7.333-.06 11.93.21 23.86-2.363 77.334 10.52 90.473 19.964 4.655 56.7 6.775 93.555 6.788h.006c36.854-.013 73.59-2.133 93.554-6.788 12.883-13.14 10.31-66.614 10.52-90.474-.022-4.596-.04-7.905-.06-11.93l-.003-.045c-.162-7.926-.623-18.793-1.715-30.165-.786.27-1.757.528-2.692.528a28.5 28.5 0 0 1-19.948-8.12c-1.862-1.822-3.662-3.766-4.955-6.037l-.006-.004c-1.294 2.266-2.705 4.213-4.563 6.032a28.48 28.48 0 0 1-19.947 8.125c-7.748 0-14.778-3.11-19.906-8.123a28.025 28.025 0 0 1-4.78-6.155 27.99 27.99 0 0 1-4.736 6.155 28.49 28.49 0 0 1-19.95 8.124c-.27 0-.54-.012-.81-.02h-.007c-.27.008-.54.02-.813.02a28.49 28.49 0 0 1-19.95-8.123 27.992 27.992 0 0 1-4.736-6.155zm-20.486 26.49l-.002.01h.015c8.113.017 15.32 0 24.25 9.746 7.028-.737 14.372-1.105 21.722-1.094h.006c7.35-.01 14.694.357 21.723 1.094 8.93-9.747 16.137-9.73 24.25-9.746h.014l-.002-.01c3.833 0 19.166 0 29.85 30.007L210 165.244c8.504 30.624-2.723 31.373-16.727 31.4-20.768-.773-32.267-15.855-32.267-30.935-11.496 1.884-24.907 2.826-38.318 2.827h-.006c-13.412 0-26.823-.943-38.318-2.827 0 15.08-11.5 30.162-32.267 30.935-14.004-.027-25.23-.775-16.726-31.4L46.85 124.08C57.534 94.073 72.867 94.073 76.7 94.073zm45.985 23.582v.006c-.02.02-21.863 20.08-25.79 27.215l14.304-.573v12.474c0 .584 5.74.346 11.486.08h.006c5.744.266 11.485.504 11.485-.08v-12.474l14.304.573c-3.928-7.135-25.79-27.215-25.79-27.215v-.006l-.003.002z"
+    color="#000" />
+</svg>

auth/assets/custom-icons/icons/migros.svg

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+  xmlns:svg="http://www.w3.org/2000/svg"
+  xmlns="http://www.w3.org/2000/svg"
+  version="1.0"
+  width="602.36218"
+  height="139.53543"
+  id="svg3058">
+  <defs
+    id="defs3060" />
+  <g
+    id="layer1">
+    <path
+      d="M 106.369,119.88512 L 106.369,62.018665 L 81.544594,119.88512 L 67.772114,119.88512 L 43.359087,62.018665 L 43.359087,119.88512 L 17.716529,119.88512 L 17.716529,19.650275 L 52.045504,19.650275 L 75.627274,76.245395 L 100.30782,19.650275 L 132.00731,19.650275 L 132.00731,119.88512 L 106.369,119.88512 z M 151.74424,119.88514 L 151.74424,19.650295 L 173.67129,19.650295 C 175.59247,19.650295 177.51259,21.571475 177.51259,23.661675 L 177.51259,119.88514 L 151.74424,119.88514 z M 248.65971,62.160065 L 281.25389,62.160065 C 283.82526,62.160065 285.27873,64.264785 285.27873,66.736595 L 285.27873,118.51459 C 276.11148,120.56404 261.78448,121.82085 251.13365,121.82085 C 213.76593,121.82085 194.05842,104.00581 194.05842,69.633955 C 194.05948,38.962025 213.76593,17.714585 246.61239,17.714585 C 261.08007,17.714585 273.76688,21.571475 281.93349,27.080965 L 271.83223,44.330845 C 264.76546,41.165965 255.25983,38.962025 248.53357,38.962025 C 229.64739,38.962025 220.81534,51.492935 220.81534,69.633955 C 220.81534,89.002025 231.04275,100.96814 249.90412,100.96814 C 253.35105,100.96814 257.64767,100.84093 261.08007,100.30377 L 261.08007,82.644625 L 248.65971,82.644625 L 248.65971,62.160065 z M 342.46983,38.962025 L 329.85459,38.962025 L 329.85459,64.094705 L 342.46983,64.094705 C 349.99971,64.094705 355.91916,60.082975 355.91916,50.546515 C 355.92022,40.883215 349.99865,38.962025 342.46983,38.962025 z M 361.45735,119.88514 L 349.56211,92.294115 C 347.1314,86.671595 345.43451,83.888325 340.27794,83.888325 L 329.85459,83.888325 L 329.85459,119.88514 L 304.66452,119.88514 L 304.66452,23.661675 C 304.66452,21.571475 306.95349,19.650295 308.59192,19.650295 L 344.15113,19.650295 C 363.47597,19.650295 380.04625,23.661675 380.04625,48.611165 C 380.04625,59.785695 373.86247,71.230215 362.26026,73.547185 C 368.0401,75.510535 373.86247,82.913205 377.01176,90.951915 L 388.47046,119.88514 L 361.45735,119.88514 z M 444.16061,38.962025 C 430.64148,38.962025 421.01998,48.611165 421.01998,69.633955 C 421.02105,90.951915 430.64042,100.57341 444.15991,100.57341 C 455.75892,100.57341 465.25215,90.951915 465.25215,69.633955 C 465.25321,48.611165 455.75892,38.962025 444.16061,38.962025 z M 444.16061,121.82085 C 411.34321,121.82085 393.97817,98.638055 393.97817,69.633955 C 393.97817,40.883215 411.34215,17.714585 444.15991,17.714585 C 474.90235,17.714585 492.29396,40.883215 492.29396,69.633955 C 492.29502,98.636985 474.90128,121.82085 444.16061,121.82085 z M 541.64053,121.82085 C 524.689,121.82085 508.94892,115.74656 501.92857,110.91455 L 513.3575,90.655685 C 519.73014,94.512575 532.13207,100.4455 543.56101,100.4455 C 550.03179,100.4455 558.21187,99.202855 558.21187,92.012065 C 558.21187,85.258875 549.07227,83.196315 537.08986,79.762855 C 522.62431,75.623205 505.78439,69.859315 505.78439,50.405135 C 505.7851,29.439745 524.41723,17.714585 548.66337,17.714585 C 564.66778,17.714585 577.07254,23.378915 583.4023,29.439745 L 569.48526,45.277265 C 562.60593,41.165965 555.57104,37.973445 547.68719,37.973445 C 538.19396,37.973445 532.82585,41.576285 532.82585,46.816835 C 532.82691,52.015925 539.70518,54.671985 548.37813,57.285175 C 563.71002,62.018685 584.64565,66.850335 584.64565,86.926005 C 584.64671,107.60829 568.11435,121.82085 541.64053,121.82085 z "
+      style="fill:#f60;fill-opacity:1;fill-rule:evenodd"
+      id="polygon3036" />
+  </g>
+</svg>

auth/assets/custom-icons/icons/name_com.svg

@@ -0,0 +1,25 @@
+<svg enable-background="new 0 0 1510.1 240.3" viewBox="0 0 1510.1 240.3"
+  xmlns="http://www.w3.org/2000/svg">
+  <path
+    d="m873.5 203.7c0 16.2-11.9 29.1-28.9 29.1-16.4 0-28.6-12.9-28.6-29.1s12.2-30 28.6-30c17 0 28.9 13.7 28.9 30z"
+    fill="#6eda78" />
+  <g fill="#282828">
+    <path
+      d="m9.7 229v-135.4l38.7-9.4-5.9 43.6h4.2c2.4-10.1 6.2-18.6 11.3-25.7 5.2-7 11.8-12.4 19.8-16 8.2-3.8 17.6-5.7 28.4-5.7 14 0 26.1 3.2 36.3 9.7 10.1 6.3 17.9 15.5 23.3 27.7 5.6 12 8.3 26.3 8.3 43.1v68.1h-38.5v-57.9c0-11.2-1.7-20.7-5.1-28.5-3.4-8-8.4-14-14.9-18-6.5-4.2-14.4-6.3-23.5-6.3-13.7 0-24.4 4.6-32.1 13.7s-11.5 22.1-11.5 39.1v57.9z" />
+    <path clip-rule="evenodd"
+      d="m252.4 232.7c-19.6 0-36.4-3.9-45.7-11.7-9.3-8-14-18.7-14-32.2 0-13.1 4.7-23.6 14-31.4 25.1-21.6 103.6-13.3 108.6-11.6 0-3.3-.2-8.9-3.5-14.4-7.9-13.8-24.3-19.7-39-19.7-12.3 0-25.3 6.1-32.9 15.4-3 3.7-5.5 9.1-5.5 9.1h-36.8c.6-7 4.6-18.4 10.7-27 6-8.7 15.4-16.1 27-21.2 11.8-5.3 20.7-7.6 38-7.6 18 0 31.8 3 43.9 9.1s21.1 14.6 26.9 25.7c5.9 11 8.8 24 8.8 38.8v23.3 52h-37.7l6-30.9h-4.1c-1.9 8.5-5.4 14.9-9.6 19.6-4.3 4.7-9.8 7.6-19.5 10.5-9.5 2.8-21.4 4.2-35.6 4.2zm-23.2-46.4c-2-32.9 77-23.3 86.1-22.2 0 4.8-.3 9.5-1.4 14-5.8 23.3-38.1 28.4-58 26.6-14.5-1.3-26-6.6-26.7-18.4z"
+      fill-rule="evenodd" />
+    <path
+      d="m375.3 94.7v134.3h38.7v-71.9c0-12.2 2.8-21.7 8.3-28.5 5.6-6.8 13.1-10.3 22.5-10.3 6.4 0 11.8 1.5 16.4 4.6 4.7 3 8.3 7.5 10.8 13.4 2.6 5.7 3.9 12.6 3.9 20.8v71.9h38.5v-71.9c0-12.2 2.8-21.7 8.3-28.5 5.7-6.8 13.3-10.3 22.8-10.3 6.4 0 11.8 1.5 16.4 4.6 4.7 3 8.3 7.5 10.8 13.4 2.4 5.7 3.7 12.6 3.7 20.8v71.9h38.7v-82.1c0-14.1-2.2-26-6.6-35.9-4.2-10.1-10.3-17.7-18.1-22.8s-17.1-7.7-27.9-7.7c-13.1 0-23.8 3.5-32.1 10.6-8.2 6.8-14 17.1-17.4 30.8h-3.4c-1.1-7.8-3.8-14.7-7.8-20.8-4.1-6.3-9.6-11.2-16.4-14.8-6.7-3.8-14.7-5.7-24-5.7-12.7 0-23.1 3.4-31.1 10.3-8 6.7-13.7 16.5-17.1 29.7h-4.2l5.1-36.2z" />
+    <path clip-rule="evenodd"
+      d="m718.3 232.7c-18 0-33.4-3.3-46.3-10-12.7-6.8-22.4-16-28.9-27.4-6.5-11.6-9.8-24.5-9.8-38.8s3.3-27.1 9.8-38.5c6.5-11.6 16.2-20.7 29.1-27.4 12.9-6.8 28.4-10.3 46.5-10.3s33.6 3.4 46.3 10.3c12.9 6.7 22.6 15.8 29.2 27.4 6.5 11.6 9.8 24.6 9.8 39.1 0 4-.7 10.2-.7 10.2h-133.4c.9 4.3 2.4 8.3 4.5 12.1 3.8 6.5 9.3 11.6 16.7 15.4 7.5 3.6 16.8 5.4 27.9 5.4 12.6 0 22.2-1.7 28.9-5.1 5.2-2.7 9.5-5.9 13-9.5h39.1c-2.6 6.7-6.7 13.4-12.2 20-6.4 7.6-15.4 14.1-27.2 19.4-11.5 5.2-25.6 7.7-42.3 7.7zm-43.8-98.3c-1.4 2.4-2.9 6.1-3.4 8.8h47.6 47.6c-.6-2.7-2-6.4-3.4-8.8-3.8-6.7-9.3-11.8-16.7-15.4-7.3-3.8-16.5-5.7-27.4-5.7-11.1 0-20.3 1.9-27.7 5.7-7.3 3.6-12.9 8.7-16.6 15.4z"
+      fill-rule="evenodd" />
+    <path
+      d="m896.2 195.4c6.5 11.4 16.1 20.5 28.7 27.4 12.7 6.7 28.1 10 46.1 10 16 0 30.1-2.8 42.4-8.3 12.2-5.5 22-13.2 29.2-23.1s11.4-21.1 12.7-33.6h-38.7c-1.5 8.4-6.1 15.4-14 21.1-7.8 5.7-18.4 8.6-31.6 8.6-9.8 0-18.1-1.8-25-5.4-6.9-3.8-12.1-8.7-15.7-14.8s-5.4-12.9-5.4-20.5c0-7.4 1.8-14.2 5.4-20.2 3.6-6.3 8.8-11.2 15.7-14.8s15.2-5.4 25-5.4c8.8 0 16.5 1.4 23 4.3 6.5 2.7 11.7 6.2 15.4 10.6 3.8 4.4 6.1 9.3 7.1 14.8h38.7c-1.3-12.7-5.6-24-12.7-33.6-7.2-9.9-16.9-17.6-29.2-23.1-12.2-5.7-26.4-8.6-42.4-8.6-18 0-33.3 3.4-46.1 10.3-12.6 6.7-22.1 15.8-28.7 27.4-6.5 11.6-9.8 24.4-9.8 38.5.1 13.9 3.4 26.8 9.9 38.4z" />
+    <path clip-rule="evenodd"
+      d="m1159.2 232.7c-18.6 0-34.5-3.3-47.5-10-13.1-6.8-22.9-16-29.6-27.4-6.5-11.6-9.8-24.5-9.8-38.8s3.3-27.1 9.8-38.5c6.7-11.6 16.6-20.7 29.6-27.4 13.1-6.8 28.9-10.3 47.5-10.3 18.5 0 34.2 3.4 47.3 10.3 13.1 6.7 22.9 15.8 29.4 27.4 6.7 11.4 10 24.2 10 38.5s-3.3 27.2-10 38.8c-6.5 11.4-16.3 20.5-29.4 27.4-13 6.7-28.8 10-47.3 10zm0-35.3c10.3 0 19-1.8 26.2-5.4 7.3-3.6 12.8-8.5 16.4-14.5 3.8-6.1 5.6-13 5.6-20.8 0-7.4-1.9-14.2-5.6-20.2-3.6-6.3-9.1-11.2-16.4-14.8-7.2-3.6-15.9-5.4-26.2-5.4-10.5 0-19.4 1.8-26.7 5.4-7.2 3.6-12.7 8.6-16.4 14.8-3.6 6.1-5.4 12.8-5.4 20.2 0 7.8 1.8 14.7 5.4 20.8 3.8 6.1 9.2 10.9 16.4 14.5 7.4 3.6 16.3 5.4 26.7 5.4z"
+      fill-rule="evenodd" />
+    <path
+      d="m1265.3 93.6v135.4h38.7v-71.9c0-12.2 2.8-21.7 8.3-28.5 5.6-6.8 13.1-10.3 22.5-10.3 6.4 0 11.8 1.5 16.4 4.6 4.7 3 8.3 7.5 10.8 13.4 2.6 5.7 3.9 12.6 3.9 20.8v71.9h38.5v-71.9c0-12.2 2.8-21.7 8.3-28.5 5.7-6.8 13.3-10.3 22.8-10.3 6.4 0 11.8 1.5 16.4 4.6 4.7 3 8.3 7.5 10.8 13.4 2.4 5.7 3.7 12.6 3.7 20.8v71.9h38.7v-82.1c0-14.1-2.2-26-6.6-35.9-4.2-10.1-10.3-17.7-18.1-22.8s-17.1-7.7-27.9-7.7c-13.1 0-23.8 3.5-32.1 10.6-8.2 6.8-14 17.1-17.4 30.8h-3.4c-1.1-7.8-3.8-14.7-7.8-20.8-4.1-6.3-9.6-11.2-16.4-14.8-6.7-3.8-14.7-5.7-24-5.7-12.7 0-23.1 3.4-31.1 10.3-8 6.7-13.7 16.5-17.1 29.7h-4.2l5.1-36.2z" />
+  </g>
+</svg>

auth/assets/custom-icons/icons/notesnook.svg

@@ -0,0 +1,12 @@
+<svg width="1024" height="1024" viewBox="0 0 1024 1024" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_24_33)">
+<path d="M1024 0H0V1024H1024V0Z" fill="black"/>
+<path d="M724.985 682.919C707.73 733.33 673.15 775.984 627.397 803.291C581.645 830.598 527.687 840.787 475.128 832.044C422.568 823.301 374.814 796.194 340.365 755.546C305.916 714.898 287.006 663.347 287 610.064V499.814L366.121 532.867V610.019C366.114 630.798 370.555 651.337 379.145 670.256C387.735 689.176 400.276 706.037 415.925 719.707C418.895 722.294 421.978 724.814 425.161 727.166C448.518 744.554 476.563 754.518 505.655 755.763C506.645 755.763 507.601 755.842 508.58 755.864C509.559 755.887 510.83 755.864 511.955 755.864C513.08 755.864 514.205 755.864 515.33 755.864C516.455 755.864 517.265 755.864 518.255 755.763C547.336 754.515 575.371 744.56 598.726 727.188C601.899 724.837 604.981 722.328 607.963 719.741C628.519 701.761 643.619 678.375 651.545 652.241L724.985 682.919Z" fill="white"/>
+<path d="M737 414V610.065C737 612.596 737 615.139 736.842 617.67L657.879 584.651V414C657.866 376.316 643.272 340.099 617.154 312.934C591.035 285.77 555.419 269.766 517.765 268.274C480.11 266.782 443.339 279.918 415.154 304.931C386.968 329.944 369.554 364.893 366.56 402.457C366.279 406.26 366.121 410.119 366.121 414V462.712L287 429.637V189H512C571.674 189 628.903 212.705 671.099 254.901C713.295 297.097 737 354.326 737 414Z" fill="white"/>
+</g>
+<defs>
+<clipPath id="clip0_24_33">
+<rect width="1024" height="1024" rx="200" fill="white"/>
+</clipPath>
+</defs>
+</svg>

auth/assets/custom-icons/icons/real_debrid.svg

@@ -0,0 +1 @@
+<svg viewBox="0 0 90 90" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path d="M45.155.025c-.033.034-1.094.1-2.34.167-1.245.05-2.49.134-2.776.168-.27.05-1.077.167-1.767.267-3.282.468-7.49 1.656-10.738 3.043A45.529 45.529 0 0 0 3.787 27.014C1.867 31.28.52 36.462.117 41.027-.1 43.57 0 48.97.304 50.56c.033.167.117.736.168 1.237.084.753.522 2.793 1.027 4.766.05.184.134.585.185.87.05.3.151.552.219.552.067 0 .134.1.134.234 0 .518.943 3.093 1.111 2.993.1-.05.118-.017.067.067-.151.25.286 1.254.472 1.103.067-.083.084-.033.016.084-.084.134.085.72.421 1.421.572 1.238 2.541 4.816 2.844 5.184.101.117.489.686.859 1.271.64 1.003 2.827 3.78 3.787 4.833 6.547 7.04 14.39 11.655 23.293 13.729 1.161.267 2.474.535 2.911.602.455.05.993.133 1.178.184 2.188.418 11.075.418 12.74-.017.136-.05.523-.117.842-.167 2.794-.435 7.204-1.64 9.257-2.525.32-.15.74-.318.926-.385.185-.067 1.094-.485 2.02-.92 7.304-3.444 13.598-8.88 18.193-15.735 1.8-2.659 2.912-4.816 4.207-8.16.556-1.422 1.549-4.633 1.7-5.469.034-.234.135-.685.22-1.003.083-.318.201-.853.252-1.17.05-.318.117-.77.168-1.004.505-2.642.64-8.31.27-11.12-.203-1.555-.809-4.348-1.01-4.732-.068-.117-.455.953-.876 2.458-.404 1.455-.757 2.642-.774 2.625-.017-.016-.084-.485-.135-1.02-.185-1.923-.269-2.525-.673-4.515-.437-2.19-1.313-5.05-2.053-6.772-.572-1.304-1.767-3.512-1.902-3.512-.067 0-.118 1.305-.118 2.876-.05 8.78-1.144 16.455-3.231 22.558-1.094 3.228-3.333 8.01-4.965 10.652-3.905 6.271-9.863 11.187-16.763 13.846-1.464.552-4.746 1.472-5.975 1.656-4.948.769-8.87.685-13.33-.268-12.942-2.76-23.377-13.36-25.868-26.32-.387-1.99-.42-2.174-.555-3.997-.168-2.408-.084-5.802.202-7.124.034-.217.118-.685.168-1.02.05-.334.286-1.354.522-2.257.236-.92.438-1.773.471-1.906.354-1.505 2.44-5.987 3.67-7.943 2.558-4.014 6.479-7.927 10.586-10.552 3.786-2.408 9.054-4.33 13.784-5.017 1.211-.167 6.361-.217 7.657-.05 3.3.385 3.753.452 5.89.836 7.71 1.405 15.4 4.716 24.455 10.569 1.212.802 2.222 1.354 2.222 1.237 0-.334-1.633-3.06-2.66-4.448-1.834-2.508-4.291-5.033-6.832-7.023-.808-.652-1.448-1.187-1.38-1.187.05 0 .387.1.723.234 1.515.568 4.46 1.455 4.612 1.404.1-.033-.522-.769-1.397-1.622-4.208-4.197-9.678-7.441-15.905-9.43C56.465 1.63 53.587.91 52.325.726c-.37-.066-1.28-.2-2.02-.317-.757-.117-2.154-.234-3.113-.268-.976-.017-1.801-.067-1.868-.117-.05-.033-.135-.033-.169 0Z" fill="#B8D995"/><path d="m44.845 89.975.048-.012.296-.031.676-.048 1.32-.076 1.47-.073 1.167-.08.14-.015.195-.033.803-.122.768-.112c3.282-.468 7.49-1.656 10.738-3.043a45.525 45.525 0 0 0 23.747-23.344c1.92-4.265 3.266-9.448 3.67-14.013.023-.276.043-.585.06-.92l.027-.699.019-.751.01-.788c-.01-1.452-.079-2.806-.21-3.8l-.056-.396-.068-.432-.08-.456-.133-.708-.192-.926-.143-.634-.09-.372-.084-.319-.075-.254a1.629 1.629 0 0 0-.089-.236c-.012-.022-.035-.004-.066.05l-.054.104-.066.153-.119.314-.138.404-.154.483-.164.55-.606 2.13-.222.731-.056.16c-.002.003-.003.005-.004.004l-.014-.051-.021-.128-.041-.302-.045-.395-.116-1.16-.065-.567-.069-.521-.079-.516a28.33 28.33 0 0 0-.045-.267l-.106-.579-.207-1.049c-.437-2.19-1.313-5.05-2.053-6.772l-.142-.316-.245-.515-.178-.358-.368-.716-.27-.502-.248-.44-.144-.246-.124-.196c-.092-.141-.157-.223-.183-.223-.01 0-.018.024-.026.07l-.017.12-.015.173-.026.486-.023.822-.01.993v.212c-.051 8.78-1.145 16.455-3.232 22.558a44.95 44.95 0 0 1-1.008 2.655l-.403.954c-1.108 2.57-2.466 5.282-3.554 7.043-3.905 6.271-9.863 11.187-16.763 13.846l-.233.086-.536.184-.297.097-.638.2-.678.201-.346.1-.694.193-.34.091-.657.17-.603.144c-.38.087-.707.153-.953.19-4.767.74-8.58.69-12.841-.167l-.862-.122-.822-.132-.938-.164-.365-.065c-7.708-1.405-15.4-4.716-24.454-10.569l-.505-.327-.466-.29-.412-.244-.346-.191-.186-.095a3.307 3.307 0 0 0-.078-.036l-.125-.051c-.067-.023-.104-.025-.104-.003 0 .048.033.144.094.279l.109.229.145.277.175.318.309.536.35.58.374.6.382.59.25.373.243.35.228.316c1.72 2.351 3.987 4.718 6.358 6.644l.616.493.734.603.336.289.107.098c.055.054.078.083.062.083l-.072-.014-.14-.04-.185-.06-.214-.076-.274-.104-.536-.19-.59-.2-.823-.265-.993-.305-.833-.238-.369-.095-.174-.038-.106-.015a.08.08 0 0 0-.026.002c-.028.009 0 .072.074.178l.11.145.149.18.185.211.218.237.247.257.27.273.144.14c4.067 4.058 9.314 7.225 15.285 9.229l.62.203c.198.065.408.131.625.198l.673.2.702.198.714.191.356.092.696.173.662.155.61.133.538.106c.165.03.316.056.449.076l.584.095 1.436.222.245.035.58.068c.209.022.43.043.656.062l.68.052c.337.023.664.04.952.05l.53.014.745.033.327.025.153.018.092.019.021.009c.05.033.135.033.169 0Z" fill="#9FD3EE"/></g></svg>

auth/assets/custom-icons/icons/surfshark.svg

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg">
+   <circle cx="512" cy="512" r="512" style="fill:#178a9e"/>
+   <path d="M706 356.3v-.3c-.3-4.3-.6-9.3-.9-14.6-.6-10-1.3-20.8-1.9-29-1-5.7-2.4-10.8-4-15.4-10.2-22.6-30.1-33.5-51.1-38.7-9.6-1.7-21.3-2-33.8-2.3H493.7c-77.7 4.2-110.3 49.2-119.1 73.1-34 101.7-55.2 233.5-70.5 328.6-.3 1.9-.6 3.7-.9 5.5l-5 45.2c-.3 7.1.4 14.9 2.3 22.4 9.5 27.6 38.3 50.8 101.7 27.7 59.9-26 130.6-58.4 203.7-94.7 41.6-24 102.6-79.2 105.8-148.9-.5-51.6-2.2-105.8-5.7-158.6zm-96.3 38.2c0 6-4.9 10.9-10.9 10.9-36.3 0-65.6 29.4-65.6 65.6v40.2c0 67.5-54.7 122.1-122.1 122.1-5.9 0-10.6-4.8-10.6-10.6v-33.3c0-6 4.9-10.9 10.9-10.9 36.3 0 65.6-29.4 65.6-65.6v-40.2c0-67.4 54.7-122.1 122.1-122.1 5.9 0 10.6 4.8 10.6 10.6v33.3z" style="fill:#fff"/>
+</svg>

auth/assets/custom-icons/icons/ubuntu_one.svg

@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+  xmlns:dc="http://purl.org/dc/elements/1.1/"
+  xmlns:cc="http://creativecommons.org/ns#"
+  xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+  xmlns:svg="http://www.w3.org/2000/svg"
+  xmlns="http://www.w3.org/2000/svg"
+  xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+  xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+  id="svg3039"
+  version="1.1"
+  inkscape:version="0.48.2 r9819"
+  width="240.20215"
+  height="98.041267"
+  sodipodi:docname="U1_logo.svg">
+  <metadata
+    id="metadata3045">
+    <rdf:RDF>
+      <cc:Work
+        rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+          rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <defs
+    id="defs3043" />
+  <sodipodi:namedview
+    pagecolor="#ffffff"
+    bordercolor="#666666"
+    borderopacity="1"
+    objecttolerance="10"
+    gridtolerance="10"
+    guidetolerance="10"
+    inkscape:pageopacity="0"
+    inkscape:pageshadow="2"
+    inkscape:window-width="1022"
+    inkscape:window-height="529"
+    id="namedview3041"
+    showgrid="false"
+    showguides="true"
+    inkscape:guide-bbox="true"
+    fit-margin-top="0"
+    fit-margin-left="0"
+    fit-margin-right="0"
+    fit-margin-bottom="0"
+    inkscape:zoom="3.5580214"
+    inkscape:cx="188.39168"
+    inkscape:cy="46.745142"
+    inkscape:window-x="0"
+    inkscape:window-y="24"
+    inkscape:window-maximized="1"
+    inkscape:current-layer="svg3039" />
+  <path
+    style="fill:#dd4713;fill-opacity:1;stroke:none"
+    d="m 0,13.135439 0.31287126,55.797305 c 0,0 -0.29397798,23.453759 25.17115774,28.396822 14.646306,2.843004 42.347094,-3.749492 42.347094,-3.749492 l -0.220563,-80.503585 -22.276334,0 0,62.638417 -20.95299,0 0,-41.464863 -9.04287,0 10.586775,-21.394113 z"
+    id="path3049"
+    inkscape:connector-curvature="0"
+    sodipodi:nodetypes="ccsccccccccc" />
+  <g
+    id="g3898"
+    transform="scale(2.2196062,2.2196062)">
+    <path
+      d="m 47.937238,17.527712 c -0.49137,0.12284 -1.143956,0.253358 -1.95776,0.391552 -0.798468,0.138195 -1.727443,0.207292 -2.786929,0.207293 -0.921305,-10e-7 -1.696731,-0.130518 -2.32628,-0.391552 -0.629558,-0.27639 -1.136272,-0.660264 -1.520143,-1.151624 -0.383877,-0.491358 -0.660267,-1.067169 -0.829169,-1.727435 -0.168907,-0.675616 -0.253359,-1.420332 -0.253358,-2.23415 l 0,-6.7254823 2.14202,0 0,6.2648323 c -3e-6,1.458728 0.230321,2.502865 0.690975,3.132417 0.460644,0.629556 1.23607,0.944333 2.326279,0.944331 0.230318,2e-6 0.46832,-0.0077 0.714007,-0.02303 0.245672,-0.01535 0.475996,-0.03071 0.690974,-0.04606 0.214961,-0.03071 0.406898,-0.05374 0.575812,-0.0691 0.184251,-0.03071 0.314768,-0.06142 0.391552,-0.09213 l 0,-10.1112553 2.14202,0 0,11.6313983"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#dd4713;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3871"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 53.207382,6.4260606 c 0.26103,-0.1688932 0.652582,-0.3454753 1.174656,-0.5297469 0.537419,-0.1842476 1.151617,-0.2763774 1.842598,-0.2763897 0.859871,1.23e-5 1.619942,0.153562 2.280214,0.4606495 0.67561,0.3071111 1.243743,0.7370502 1.704403,1.2898185 0.460638,0.5527892 0.806125,1.2130528 1.036462,1.9807926 0.245667,0.7677564 0.368507,1.6122804 0.368519,2.5335724 -1.2e-5,0.967368 -0.145884,1.842602 -0.437617,2.625701 -0.276401,0.767752 -0.67563,1.420338 -1.197688,1.957761 -0.52208,0.537425 -1.151634,0.952009 -1.888663,1.243753 -0.737047,0.291745 -1.566215,0.437617 -2.487507,0.437617 -0.998079,0 -1.88099,-0.0691 -2.648734,-0.207292 -0.767752,-0.138195 -1.397306,-0.27639 -1.888663,-0.414585 l 0,-17.15919172 2.14202,-0.36851956283681 0,6.42605988283681 m 0,9.5815084 c 0.214965,0.06142 0.514387,0.122842 0.898266,0.18426 0.399224,0.04607 0.890583,0.0691 1.474078,0.0691 1.151617,2e-6 2.072915,-0.376195 2.763897,-1.128591 0.690965,-0.767745 1.036451,-1.85027 1.036461,-3.247578 -10e-6,-0.614193 -0.06143,-1.190004 -0.184259,-1.727436 C 59.072975,9.619905 58.87336,9.159256 58.59698,8.7753728 58.320582,8.3761528 57.95974,8.0690534 57.514454,7.8540739 57.084507,7.6237594 56.562438,7.5085972 55.948246,7.5085868 c -0.583495,1.04e-5 -1.120919,0.099818 -1.612273,0.2994221 -0.491364,0.1996247 -0.867561,0.4069167 -1.128591,0.6218768 l 0,7.5776833"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#dd4713;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3873"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 73.905311,17.527712 c -0.49137,0.12284 -1.143957,0.253358 -1.95776,0.391552 -0.798468,0.138195 -1.727443,0.207292 -2.78693,0.207293 -0.921304,-10e-7 -1.69673,-0.130518 -2.326279,-0.391552 -0.629558,-0.27639 -1.136272,-0.660264 -1.520143,-1.151624 -0.383877,-0.491358 -0.660267,-1.067169 -0.829169,-1.727435 -0.168907,-0.675616 -0.253359,-1.420332 -0.253358,-2.23415 l 0,-6.7254823 2.14202,0 0,6.2648323 c -4e-6,1.458728 0.230321,2.502865 0.690974,3.132417 0.460645,0.629556 1.236071,0.944333 2.32628,0.944331 0.230318,2e-6 0.46832,-0.0077 0.714007,-0.02303 0.245672,-0.01535 0.475996,-0.03071 0.690974,-0.04606 0.214961,-0.03071 0.406898,-0.05374 0.575812,-0.0691 0.184251,-0.03071 0.314768,-0.06142 0.391552,-0.09213 l 0,-10.1112553 2.14202,0 0,11.6313983"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#dd4713;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3875"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 77.314487,6.2418008 c 0.491357,-0.1228281 1.143943,-0.2533453 1.95776,-0.391552 0.81381,-0.1381827 1.750463,-0.2072801 2.809962,-0.2072923 0.952001,1.22e-5 1.742782,0.1382069 2.372345,0.4145845 0.629544,0.2610463 1.128581,0.6372429 1.497111,1.1285912 0.383863,0.4760146 0.652575,1.0518259 0.806136,1.7274354 0.153538,0.6756275 0.230313,1.4203434 0.230325,2.2341494 l 0,6.725482 -2.14202,0 0,-6.264832 c -1e-5,-0.737032 -0.05375,-1.366586 -0.161227,-1.8886628 C 84.59274,9.1976435 84.431512,8.7753819 84.201197,8.4529182 83.970863,8.1304733 83.663764,7.9001488 83.279898,7.761944 82.896016,7.6084044 82.420012,7.5316296 81.851884,7.5316193 c -0.23033,1.03e-5 -0.468332,0.00769 -0.714006,0.023032 -0.245685,0.015365 -0.483687,0.038398 -0.714007,0.069097 -0.214974,0.015365 -0.414589,0.038398 -0.598844,0.069097 -0.168909,0.03072 -0.291749,0.053752 -0.36852,0.069097 l 0,10.1112547 -2.14202,0 0,-11.6313979"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#dd4713;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3877"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 91.700827,5.8963137 4.537397,0 0,1.7965329 -4.537397,0 0,5.5277934 c -3e-6,0.598848 0.04606,1.097885 0.138195,1.497111 0.09213,0.383877 0.230321,0.690976 0.414585,0.921299 0.184255,0.214971 0.414579,0.368521 0.690974,0.460649 0.276384,0.09213 0.598838,0.138197 0.967364,0.138195 0.644902,2e-6 1.159294,-0.0691 1.543175,-0.207292 0.399222,-0.153548 0.675611,-0.261033 0.829169,-0.322455 l 0.414585,1.7735 c -0.214978,0.107486 -0.591175,0.238003 -1.128591,0.391552 -0.537432,0.168905 -1.15163,0.253357 -1.842598,0.253358 -0.813819,-10e-7 -1.489438,-0.09981 -2.026858,-0.299422 -0.522072,-0.21497 -0.944334,-0.529747 -1.266786,-0.944332 -0.322456,-0.414583 -0.552781,-0.921297 -0.690974,-1.520143 -0.122841,-0.614196 -0.184261,-1.320525 -0.18426,-2.118988 l 0,-10.6870668 2.14202,-0.3685196 0,3.7082281"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#dd4713;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3879"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 108.21836,17.527712 c -0.49137,0.12284 -1.14395,0.253358 -1.95776,0.391552 -0.79847,0.138195 -1.72744,0.207292 -2.78693,0.207293 -0.9213,-10e-7 -1.69673,-0.130518 -2.32628,-0.391552 -0.62955,-0.27639 -1.13627,-0.660264 -1.52014,-1.151624 -0.383877,-0.491358 -0.660267,-1.067169 -0.829169,-1.727435 -0.168907,-0.675616 -0.253359,-1.420332 -0.253357,-2.23415 l 0,-6.7254823 2.142016,0 0,6.2648323 c 0,1.458728 0.23032,2.502865 0.69098,3.132417 0.46064,0.629556 1.23607,0.944333 2.32628,0.944331 0.23032,2e-6 0.46832,-0.0077 0.714,-0.02303 0.24568,-0.01535 0.476,-0.03071 0.69098,-0.04606 0.21496,-0.03071 0.4069,-0.05374 0.57581,-0.0691 0.18425,-0.03071 0.31477,-0.06142 0.39155,-0.09213 l 0,-10.1112553 2.14202,0 0,11.6313983"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#dd4713;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3881"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 48.692644,28.027864 c -1.2e-5,0.952013 -0.138207,1.811892 -0.414584,2.579636 -0.276402,0.767752 -0.667953,1.428016 -1.174656,1.980793 -0.49137,0.55278 -1.082536,0.982719 -1.773501,1.289819 -0.690982,0.291744 -1.443376,0.437616 -2.257182,0.437617 -0.81382,-10e-7 -1.566214,-0.145873 -2.257183,-0.437617 -0.690978,-0.3071 -1.289821,-0.737039 -1.796532,-1.289819 -0.491362,-0.552777 -0.875236,-1.213041 -1.151624,-1.980793 -0.276391,-0.767744 -0.414586,-1.627623 -0.414585,-2.579636 -10e-7,-0.936647 0.138194,-1.788848 0.414585,-2.556605 0.276388,-0.783095 0.660262,-1.451036 1.151624,-2.003825 0.506711,-0.552768 1.105554,-0.97503 1.796532,-1.266786 0.690969,-0.307088 1.443363,-0.460637 2.257183,-0.46065 0.813806,1.3e-5 1.5662,0.153562 2.257182,0.46065 0.690965,0.291756 1.282131,0.714018 1.773501,1.266786 0.506703,0.552789 0.898254,1.22073 1.174656,2.003825 0.276377,0.767757 0.414572,1.619958 0.414584,2.556605 m -2.23415,0 c -1e-5,-1.351232 -0.307109,-2.418402 -0.921299,-3.201514 -0.598853,-0.798449 -1.420343,-1.197678 -2.464474,-1.197689 -1.044145,1.1e-5 -1.873313,0.39924 -2.487507,1.197689 -0.598848,0.783112 -0.89827,1.850282 -0.898267,3.201514 -3e-6,1.351243 0.299419,2.42609 0.898267,3.224546 0.614194,0.783106 1.443362,1.174657 2.487507,1.174656 1.044131,10e-7 1.865621,-0.39155 2.464474,-1.174656 0.61419,-0.798456 0.921289,-1.873303 0.921299,-3.224546"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#333333;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3883"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 51.144189,22.384908 c 0.491357,-0.122828 1.143943,-0.253346 1.95776,-0.391552 0.813809,-0.138183 1.750462,-0.20728 2.809962,-0.207293 0.952001,1.3e-5 1.742782,0.138207 2.372344,0.414585 0.629545,0.261046 1.128581,0.637243 1.497111,1.128591 0.383864,0.476015 0.652576,1.051826 0.806136,1.727436 0.153539,0.675627 0.230314,1.420343 0.230325,2.234149 l 0,6.725482 -2.14202,0 0,-6.264832 c -9e-6,-0.737032 -0.05375,-1.366586 -0.161227,-1.888663 -0.09214,-0.522061 -0.253366,-0.944322 -0.483682,-1.266786 -0.230333,-0.322445 -0.537433,-0.552769 -0.921299,-0.690974 -0.383882,-0.15354 -0.859886,-0.230314 -1.428013,-0.230325 -0.230331,1.1e-5 -0.468333,0.0077 -0.714007,0.02303 -0.245685,0.01536 -0.483687,0.0384 -0.714006,0.0691 -0.214975,0.01536 -0.41459,0.0384 -0.598845,0.0691 -0.168909,0.03072 -0.291748,0.05375 -0.368519,0.0691 l 0,10.111255 -2.14202,0 0,-11.631398"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#333333;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3885"
+      inkscape:connector-curvature="0" />
+    <path
+      d="m 63.139815,28.050896 c -2e-6,-1.059487 0.153548,-1.980785 0.460649,-2.763897 0.307098,-0.798449 0.714004,-1.458713 1.220721,-1.980792 0.506711,-0.522059 1.0902,-0.91361 1.750468,-1.174656 0.660259,-0.261023 1.335877,-0.39154 2.026858,-0.391553 1.612264,1.3e-5 2.848339,0.506727 3.708228,1.520144 0.859867,0.998083 1.289806,2.525902 1.289818,4.583462 -1.2e-5,0.09214 -1.2e-5,0.214975 0,0.368519 -1.2e-5,0.138201 -0.0077,0.268718 -0.02303,0.391552 l -8.199561,0 c 0.09213,1.243758 0.452969,2.188088 1.082527,2.832994 0.629549,0.644912 1.612267,0.967366 2.948156,0.967364 0.752386,2e-6 1.38194,-0.06142 1.888663,-0.184259 0.522059,-0.138193 0.913611,-0.268711 1.174656,-0.391552 l 0.299422,1.796532 c -0.261045,0.138195 -0.721694,0.284068 -1.381948,0.437617 -0.644918,0.15355 -1.381957,0.230325 -2.211118,0.230325 -1.044145,0 -1.950088,-0.15355 -2.717831,-0.460649 -0.752398,-0.322454 -1.374274,-0.760071 -1.865631,-1.312851 -0.491361,-0.552778 -0.85988,-1.205364 -1.105558,-1.95776 -0.230326,-0.767745 -0.345489,-1.604591 -0.345487,-2.51054 m 8.222592,-1.174656 c 0.01535,-0.967356 -0.230334,-1.758137 -0.737039,-2.372345 -0.491367,-0.629544 -1.174663,-0.944321 -2.04989,-0.944331 -0.491365,10e-6 -0.928982,0.09982 -1.312851,0.299422 -0.368524,0.18427 -0.683301,0.429949 -0.944331,0.737039 -0.261039,0.307109 -0.468331,0.660273 -0.621877,1.059494 -0.138198,0.399237 -0.230328,0.806144 -0.27639,1.220721 l 5.942378,0"
+      style="font-size:23.03247261px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#333333;fill-opacity:1;stroke:none;font-family:Ubuntu;-inkscape-font-specification:Ubuntu"
+      id="path3887"
+      inkscape:connector-curvature="0" />
+  </g>
+</svg>

auth/assets/custom-icons/icons/workos.svg

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="300px" height="260px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g><path style="opacity:0.989" fill="#6262f1" d="M 81.5,-0.5 C 112.5,-0.5 143.5,-0.5 174.5,-0.5C 169.154,3.68235 164.654,8.68235 161,14.5C 138.96,52.7486 116.793,90.9152 94.5,129C 111.174,158.016 127.84,187.016 144.5,216C 139.386,225.729 133.886,235.229 128,244.5C 121.475,251.672 113.642,256.672 104.5,259.5C 97.5,259.5 90.5,259.5 83.5,259.5C 73.8126,256.222 65.6459,250.556 59,242.5C 38.6208,208.399 18.7875,174.065 -0.5,139.5C -0.5,132.833 -0.5,126.167 -0.5,119.5C 19.3711,84.4302 39.5378,49.4302 60,14.5C 65.987,7.65895 73.1537,2.65895 81.5,-0.5 Z"/></g>
+<g><path style="opacity:0.989" fill="#6262f1" d="M 193.5,-0.5 C 200.833,-0.5 208.167,-0.5 215.5,-0.5C 225.781,2.8978 234.281,8.8978 241,17.5C 260.794,51.4318 280.294,85.4318 299.5,119.5C 299.5,125.833 299.5,132.167 299.5,138.5C 279.641,173.869 259.475,209.203 239,244.5C 232.912,251.778 225.412,256.778 216.5,259.5C 185.833,259.5 155.167,259.5 124.5,259.5C 129.821,254.339 134.654,248.672 139,242.5C 160.081,205.337 181.414,168.337 203,131.5C 203.635,129.365 203.301,127.365 202,125.5C 185.781,98.2288 169.947,70.7288 154.5,43C 159.614,33.2707 165.114,23.7707 171,14.5C 177.343,7.59119 184.843,2.59119 193.5,-0.5 Z"/></g>
+</svg>

auth/lib/core/errors.dart

@@ -42,3 +42,7 @@ class InvalidStateError extends AssertionError {
 class SrpSetupNotCompleteError extends Error {}
 
 class AuthenticatorKeyNotFound extends Error {}
+
+class PassKeySessionNotVerifiedError extends Error {}
+
+class PassKeySessionExpiredError extends Error {}

auth/lib/l10n/arb/app_de.arb

@@ -20,6 +20,8 @@
   "codeIssuerHint": "Aussteller",
   "codeSecretKeyHint": "Geheimer Schlüssel",
   "codeAccountHint": "Konto (you@domain.com)",
+  "codeTagHint": "Tag",
+  "accountKeyType": "Art des Keys",
   "sessionExpired": "Sitzung abgelaufen",
   "@sessionExpired": {
     "description": "Title of the dialog when the users current session is invalid/expired"
@@ -156,6 +158,7 @@
       }
     }
   },
+  "invalidQRCode": "Ungültiger QR-Code",
   "noRecoveryKeyTitle": "Kein Wiederherstellungsschlüssel?",
   "enterEmailHint": "Geben Sie Ihre E-Mail Adresse ein",
   "invalidEmailTitle": "Ungültige E-Mail Adresse",
@@ -420,5 +423,18 @@
   "invalidEndpoint": "Ungültiger Endpunkt",
   "invalidEndpointMessage": "Der eingegebene Endpunkt ist ungültig. Bitte geben Sie einen gültigen Endpunkt ein und versuchen Sie es erneut.",
   "endpointUpdatedMessage": "Endpunkt erfolgreich aktualisiert",
-  "customEndpoint": "Mit {endpoint} verbunden"
+  "customEndpoint": "Mit {endpoint} verbunden",
+  "pinText": "Anpinnen",
+  "unpinText": "Lösen",
+  "pinnedCodeMessage": "{code} wurde angepinnt",
+  "unpinnedCodeMessage": "{code} wurde Losgelöst",
+  "tags": "Tags",
+  "createNewTag": "Neuen Tag erstellen",
+  "tag": "Tag",
+  "create": "Erstellen",
+  "editTag": "Tag bearbeiten",
+  "deleteTagTitle": "Tag löschen?",
+  "deleteTagMessage": "Sind Sie sicher, dass Sie diesen Code löschen wollen? Diese Aktion ist unumkehrbar.",
+  "somethingWentWrongParsingCode": "Wir konnten {x} Codes nicht parsen.",
+  "updateNotAvailable": "Update ist nicht verfügbar"
 }

auth/lib/l10n/arb/app_en.arb

@@ -269,6 +269,7 @@
   "privacy": "Privacy",
   "terms": "Terms",
   "checkForUpdates": "Check for updates",
+  "checkStatus": "Check status",
   "downloadUpdate": "Download",
   "criticalUpdateAvailable": "Critical update available",
   "updateAvailable": "Update available",
@@ -417,6 +418,9 @@
   "waitingForBrowserRequest": "Waiting for browser request...",
   "waitingForVerification": "Waiting for verification...",
   "passkey": "Passkey",
+  "passKeyPendingVerification": "Verification is still pending",
+  "loginSessionExpired" : "Session expired",
+  "loginSessionExpiredDetails": "Your session has expired. Please login again.",
   "developerSettingsWarning":"Are you sure that you want to modify Developer settings?",
   "developerSettings": "Developer settings",
   "serverEndpoint": "Server endpoint",

auth/lib/l10n/arb/app_id.arb

@@ -0,0 +1,39 @@
+{
+  "setupFirstAccount": "Siapkan akun pertama kamu",
+  "importScanQrCode": "Pindai Kode QR",
+  "reportABug": "Laporkan bug",
+  "rateUsOnStore": "Nilai kami di {storeName}",
+  "blog": "Blog",
+  "welcomeBack": "Selamat datang kembali!",
+  "supportDiscount": "Gunakan kode kupon \"AUTH\" untuk mendapatkan potongan 10% pada tahun pertamamu",
+  "data": "Data",
+  "ok": "Oke",
+  "cancel": "Batal",
+  "email": "Email",
+  "support": "Dukungan",
+  "general": "Umum",
+  "settings": "Pengaturan",
+  "suggestFeatures": "Sarankan fitur",
+  "faq": "Tanya Jawab Umum",
+  "scan": "Pindai",
+  "scanACode": "Pindai kode",
+  "createNewAccount": "Buat akun baru",
+  "confirmPassword": "Konfirmasi sandi",
+  "selectLanguage": "Pilih bahasa",
+  "language": "Bahasa",
+  "social": "Sosial",
+  "security": "Keamanan",
+  "searchHint": "Cari...",
+  "scanAQrCode": "Pindai kode QR",
+  "createAccount": "Buat akun",
+  "password": "Sandi",
+  "signUpTerms": "Saya menyetujui <u-terms>ketentuan layanan</u-terms> dan <u-policy>kebijakan privasi</u-policy> Ente",
+  "ackPasswordLostWarning": "Saya mengerti bahwa jika saya lupa sandi saya, data saya bisa hilang karena <underline>dienkripsi secara end-to-end</underline>.",
+  "loginTerms": "Dengan mengklik masuk akun, saya menyetujui <u-terms>ketentuan layanan</u-terms> dan <u-policy>kebijakan privasi</u-policy> Ente",
+  "warning": "Peringatan",
+  "androidCancelButton": "Batal",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "hearUsWhereTitle": "Dari mana Anda menemukan Ente? (opsional)"
+}

auth/lib/l10n/arb/app_it.arb

@@ -20,6 +20,8 @@
   "codeIssuerHint": "Emittente",
   "codeSecretKeyHint": "Codice segreto",
   "codeAccountHint": "Account (username@dominio.it)",
+  "codeTagHint": "Tag",
+  "accountKeyType": "Tipo di chiave",
   "sessionExpired": "Sessione scaduta",
   "@sessionExpired": {
     "description": "Title of the dialog when the users current session is invalid/expired"
@@ -77,16 +79,19 @@
   "data": "Dati",
   "importCodes": "Importa codici",
   "importTypePlainText": "Testo in chiaro",
+  "importTypeEnteEncrypted": "Esportazione Ente criptata",
   "passwordForDecryptingExport": "Password per decriptare il file esportato",
   "passwordEmptyError": "La password è obbligatoria",
   "importFromApp": "Importa codici da {appName}",
   "importGoogleAuthGuide": "Esporta i tuoi account da Google Authenticator in un codice QR utilizzando l'opzione \"Trasferisci Account\". Quindi, usando un altro dispositivo, scansiona il codice QR.\n\nSuggerimento: Puoi usare la webcam del tuo computer portatile per scattare una foto del codice QR.",
   "importSelectJsonFile": "Seleziona file JSON",
   "importSelectAppExport": "Seleziona il file di esportazione {appName}",
+  "importEnteEncGuide": "Seleziona il file JSON criptato esportato da Ente",
   "importRaivoGuide": "Utilizza l'opzione \"Esporta i codici OTP in archivio Zip\" nelle impostazioni di Raivo.\n\nEstrai il file zip e importa il file JSON.",
   "importBitwardenGuide": "Utilizzare l'opzione \"Esporta vault\" all'interno di Bitwarden Tools e importa il file JSON non crittografato.",
   "importAegisGuide": "Usa l'opzione \"Esporta la cassaforte\" nelle impostazioni di Aegis.\n\nSe la tua cassaforte è criptata, dovrai inserire la password della cassaforte per decriptarla.",
   "import2FasGuide": "Utilizza l'opzione \"Impostazioni->Backup -Export\" in 2FAS.\n\nSe il backup è crittografato, è necessario inserire la password per decriptare il backup",
+  "importLastpassGuide": "Usa l'opzione \"Trasferisci account\" all'interno delle impostazioni di Lastpass Authenticator e premi \"Esporta account su file\". Importa il JSON scaricato.",
   "exportCodes": "Esporta codici",
   "importLabel": "Importa",
   "importInstruction": "Per favore seleziona un file contenente una lista dei tuoi codici nel seguente formato",
@@ -111,18 +116,22 @@
   "copied": "Copiato",
   "pleaseTryAgain": "Per favore riprova",
   "existingUser": "Accedi",
+  "newUser": "Nuovo utente",
   "delete": "Cancella",
   "enterYourPasswordHint": "Inserisci la tua password",
   "forgotPassword": "Password dimenticata",
   "oops": "Oops",
   "suggestFeatures": "Suggerisci funzionalità",
   "faq": "FAQ",
+  "faq_q_1": "Quanto è sicuro Auth?",
+  "faq_a_1": "Tutti i codici di cui fai il backup tramite Auth sono memorizzati con crittografia end-to-end. Ciò significa che solo tu puoi accedere ai tuoi codici. Le nostre app sono open source e la nostra crittografia è stata verificata esternamente.",
   "faq_q_2": "Posso accedere ai miei codici sul desktop?",
   "faq_a_2": "Puoi accedere ai tuoi codici sul web @ auth.ente.io.",
   "faq_q_3": "Come posso cancellare i codici?",
   "faq_a_3": "Puoi eliminare un codice scorrendo il dito a sinistra sul codice in questione.",
   "faq_q_4": "Come posso supportare questo progetto?",
   "faq_a_4": "Puoi supportare lo sviluppo di questo progetto abbonandoti alla nostra app Photos @ ente.io.",
+  "faq_q_5": "Come posso abilitare il blocco FaceID in Auth",
   "faq_a_5": "Puoi abilitare il blocco FaceID in Impostazioni → Sicurezza → Schermata di blocco.",
   "somethingWentWrongMessage": "Qualcosa è andato storto, per favore riprova",
   "leaveFamily": "Abbandona il piano famiglia",
@@ -136,6 +145,8 @@
   "enterCodeHint": "Inserisci il codice di 6 cifre dalla tua app di autenticazione",
   "lostDeviceTitle": "Dispositivo perso?",
   "twoFactorAuthTitle": "Autenticazione a due fattori",
+  "passkeyAuthTitle": "Verifica della passkey",
+  "verifyPasskey": "Verifica passkey",
   "recoverAccount": "Recupera account",
   "enterRecoveryKeyHint": "Inserisci la tua chiave di recupero",
   "recover": "Recupera",
@@ -147,6 +158,7 @@
       }
     }
   },
+  "invalidQRCode": "Codice QR non valido",
   "noRecoveryKeyTitle": "Nessuna chiave di recupero?",
   "enterEmailHint": "Inserisci il tuo indirizzo email",
   "invalidEmailTitle": "Indirizzo email non valido",
@@ -190,6 +202,9 @@
   "doThisLater": "Fallo più tardi",
   "saveKey": "Salva chiave",
   "save": "Salva",
+  "send": "Invia",
+  "saveOrSendDescription": "Vuoi salvarlo nel tuo spazio di archiviazione (cartella Download per impostazione predefinita) o inviarlo ad altre applicazioni?",
+  "saveOnlyDescription": "Vuoi salvarlo nel tuo spazio di archiviazione (cartella Download per impostazione predefinita)?",
   "back": "Indietro",
   "createAccount": "Crea account",
   "passwordStrength": "Forza password: {passwordStrengthValue}",
@@ -337,6 +352,7 @@
   "deleteCodeAuthMessage": "Autenticarsi per cancellare il codice",
   "showQRAuthMessage": "Autenticarsi per mostrare il codice QR",
   "confirmAccountDeleteTitle": "Conferma l'eliminazione dell'account",
+  "confirmAccountDeleteMessage": "Questo account è collegato ad altre app di Ente, se ne utilizzi.\n\nI tuoi dati caricati, su tutte le app di Ente, saranno pianificati per la cancellazione e il tuo account verrà eliminato definitivamente.",
   "androidBiometricHint": "Verifica l'identità",
   "@androidBiometricHint": {
     "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
@@ -397,5 +413,28 @@
   "doNotSignOut": "Non uscire",
   "hearUsWhereTitle": "Dove hai sentito parlare di Ente? (opzionale)",
   "hearUsExplanation": "Non teniamo traccia delle installazioni dell'app. Sarebbe utile se ci dicessi dove ci hai trovato!",
-  "passkey": "Passkey"
+  "recoveryKeySaved": "Chiave di recupero salvata nella cartella Download!",
+  "waitingForBrowserRequest": "In attesa della richiesta del browser...",
+  "waitingForVerification": "In attesa di verifica...",
+  "passkey": "Passkey",
+  "developerSettingsWarning": "Siete sicuri di voler modificare le impostazioni sviluppatore?",
+  "developerSettings": "Impostazioni sviluppatore",
+  "serverEndpoint": "Endpoint del server",
+  "invalidEndpoint": "Endpoint invalido",
+  "invalidEndpointMessage": "Spiacenti, l'endpoint inserito non è valido. Inserisci un endpoint valido e riprova.",
+  "endpointUpdatedMessage": "Endpoint aggiornato con successo",
+  "customEndpoint": "Connesso a {endpoint}",
+  "pinText": "Fissa",
+  "unpinText": "Sgancia",
+  "pinnedCodeMessage": "{code} è stato fissato",
+  "unpinnedCodeMessage": "{code} è stato sganciato",
+  "tags": "Tag",
+  "createNewTag": "Crea un nuovo tag",
+  "tag": "Tag",
+  "create": "Crea",
+  "editTag": "Modifica tag",
+  "deleteTagTitle": "Eliminare il tag?",
+  "deleteTagMessage": "Sei sicuro di voler eliminare questo tag? Questa azione è irreversibile.",
+  "somethingWentWrongParsingCode": "Non siamo riusciti ad analizzare i codici {x}.",
+  "updateNotAvailable": "Aggiornamento non disponibile"
 }

auth/lib/l10n/arb/app_nl.arb

@@ -20,6 +20,8 @@
   "codeIssuerHint": "Uitgever",
   "codeSecretKeyHint": "Geheime sleutel",
   "codeAccountHint": "Account (jij@domein.nl)",
+  "codeTagHint": "Label",
+  "accountKeyType": "Type sleutel",
   "sessionExpired": "Sessie verlopen",
   "@sessionExpired": {
     "description": "Title of the dialog when the users current session is invalid/expired"
@@ -156,6 +158,7 @@
       }
     }
   },
+  "invalidQRCode": "Ongeldige QR-code",
   "noRecoveryKeyTitle": "Geen herstelsleutel?",
   "enterEmailHint": "Voer je e-mailadres in",
   "invalidEmailTitle": "Ongeldig e-mailadres",
@@ -420,5 +423,18 @@
   "invalidEndpoint": "Ongeldig eindpunt",
   "invalidEndpointMessage": "Sorry, het eindpunt dat u hebt ingevoerd is ongeldig. Voer een geldig eindpunt in en probeer het opnieuw.",
   "endpointUpdatedMessage": "Eindpunt met succes bijgewerkt",
-  "customEndpoint": "Verbonden met {endpoint}"
+  "customEndpoint": "Verbonden met {endpoint}",
+  "pinText": "Vastzetten",
+  "unpinText": "Losmaken",
+  "pinnedCodeMessage": "{code} is vastgezet",
+  "unpinnedCodeMessage": "{code} is losgemaakt",
+  "tags": "Labels",
+  "createNewTag": "Nieuw label maken",
+  "tag": "Label",
+  "create": "Creëren",
+  "editTag": "Bewerk label",
+  "deleteTagTitle": "Label verwijderen?",
+  "deleteTagMessage": "Weet je zeker dat je deze label wilt verwijderen? Deze actie is onomkeerbaar.",
+  "somethingWentWrongParsingCode": "We konden {x} codes niet verwerken.",
+  "updateNotAvailable": "Update niet beschikbaar"
 }

auth/lib/l10n/arb/app_pt.arb

@@ -19,7 +19,7 @@
   "pleaseVerifyDetails": "Por favor, verifique os detalhes e tente novamente",
   "codeIssuerHint": "Emissor",
   "codeSecretKeyHint": "Chave secreta",
-  "codeAccountHint": "Conta (voce@dominio.com)",
+  "codeAccountHint": "Conta (você@domínio.com)",
   "codeTagHint": "Etiqueta",
   "accountKeyType": "Tipo de chave",
   "sessionExpired": "Sessão expirada",
@@ -27,7 +27,7 @@
     "description": "Title of the dialog when the users current session is invalid/expired"
   },
   "pleaseLoginAgain": "Por favor, faça login novamente",
-  "loggingOut": "Desconectando...",
+  "loggingOut": "Saindo...",
   "timeBasedKeyType": "Baseado no horário (TOTP)",
   "counterBasedKeyType": "Baseado em um contador (HOTP)",
   "saveAction": "Salvar",
@@ -51,7 +51,7 @@
   "reportABug": "Informar um problema",
   "crashAndErrorReporting": "Reporte de erros e falhas",
   "reportBug": "Informar problema",
-  "emailUsMessage": "Por favor, envie um e-mail para {email}",
+  "emailUsMessage": "Envie um e-mail para {email}",
   "@emailUsMessage": {
     "placeholders": {
       "email": {
@@ -59,12 +59,12 @@
       }
     }
   },
-  "contactSupport": "Falar com o suporte",
+  "contactSupport": "Falar com o Suporte",
   "rateUsOnStore": "Avalie-nos na {storeName}",
   "blog": "Blog",
   "merchandise": "Produtos",
   "verifyPassword": "Verificar senha",
-  "pleaseWait": "Por favor, aguarde...",
+  "pleaseWait": "Aguarde...",
   "generatingEncryptionKeysTitle": "Gerando chaves de criptografia...",
   "recreatePassword": "Recriar senha",
   "recreatePasswordMessage": "O dispositivo atual não é poderoso o suficiente para verificar sua senha, mas podemos regenerar de uma forma que funcione com todos os dispositivos.\n\nPor favor, faça o login usando sua chave de recuperação e recrie sua senha (você pode usar o mesmo novamente se desejar).",
@@ -81,10 +81,10 @@
   "importTypePlainText": "Texto simples",
   "importTypeEnteEncrypted": "Exportação Ente criptografada",
   "passwordForDecryptingExport": "Senha para descriptografar a exportação",
-  "passwordEmptyError": "O campo senha não pode estar vazio",
+  "passwordEmptyError": "A senha não pode estar vazia",
   "importFromApp": "Importar códigos do {appName}",
   "importGoogleAuthGuide": "Exporte suas contas do Google Authenticator para um QR code usando a opção \"Transferir contas\". Então, usando outro dispositivo, escaneie o QR code.\n\nDica: Você pode usar a câmera do seu notebook para fotografar o QR code.",
-  "importSelectJsonFile": "Selecione o arquivo JSON",
+  "importSelectJsonFile": "Selecionar arquivo JSON",
   "importSelectAppExport": "Selecione o arquivo de exportação do aplicativo {appName}",
   "importEnteEncGuide": "Selecione o arquivo JSON criptografado exportado do Ente",
   "importRaivoGuide": "Use a opção \"Exportar OTPs para arquivo Zip\" nas configurações do Raivo.\n\nExtraia o arquivo zip e importe o arquivo JSON.",
@@ -92,7 +92,7 @@
   "importAegisGuide": "Use a opção \"Exportar cofre\" nas Configurações do Aegis.\n\nSe o seu cofre estiver criptografado, você precisará inserir a senha do cofre para descriptografá-lo.",
   "import2FasGuide": "Use a opção \"Configurações->Exportar cópia de segurança\" no aplicativo 2FAS.\n\nSe a cópia de segurança estiver criptografada, será necessário inserir a senha para descriptografá-la",
   "importLastpassGuide": "Use a opção \"Transferir contas\" nas configurações do LastPass Authenticator e pressione \"Exportar contas para arquivo\". Importe o arquivo JSON baixado.",
-  "exportCodes": "Exportar Códigos",
+  "exportCodes": "Exportar códigos",
   "importLabel": "Importar",
   "importInstruction": "Por favor, selecione um arquivo que contenha uma lista de códigos no seguinte formato",
   "importCodeDelimiterInfo": "Os códigos podem ser separados por uma vírgula ou uma nova linha",
@@ -114,14 +114,14 @@
   "general": "Geral",
   "settings": "Ajustes",
   "copied": "Copiado",
-  "pleaseTryAgain": "Por favor, tente novamente",
-  "existingUser": "Usuário Existente",
+  "pleaseTryAgain": "Tente de novo",
+  "existingUser": "Usuário existente",
   "newUser": "Novo no Ente",
   "delete": "Excluir",
   "enterYourPasswordHint": "Insira sua senha",
   "forgotPassword": "Esqueci a senha",
   "oops": "Opa",
-  "suggestFeatures": "Sugerir funcionalidades",
+  "suggestFeatures": "Sugerir recursos",
   "faq": "Perguntas frequentes",
   "faq_q_1": "Quão seguro é o Auth?",
   "faq_a_1": "Todos os códigos que você faz backup via Auth são armazenados criptografados de ponta a ponta. Isso significa que somente você pode acessar seus códigos. Nossos aplicativos são de código aberto e nossa criptografia foi auditada externamente.",
@@ -143,12 +143,12 @@
   "verify": "Verificar",
   "verifyEmail": "Verificar e-mail",
   "enterCodeHint": "Digite o código de 6 dígitos de\nseu aplicativo autenticador",
-  "lostDeviceTitle": "Perdeu seu dispositivo?",
+  "lostDeviceTitle": "Perdeu um dispositivo?",
   "twoFactorAuthTitle": "Autenticação de dois fatores",
   "passkeyAuthTitle": "Autenticação via Chave de acesso",
-  "verifyPasskey": "Verificar chave de acesso",
+  "verifyPasskey": "Verificar senha-mestra",
   "recoverAccount": "Recuperar conta",
-  "enterRecoveryKeyHint": "Digite sua chave de recuperação",
+  "enterRecoveryKeyHint": "Digite a chave de recuperação",
   "recover": "Recuperar",
   "contactSupportViaEmailMessage": "Por favor, envie um e-mail para {email} a partir do seu endereço de e-mail registrado",
   "@contactSupportViaEmailMessage": {
@@ -160,7 +160,7 @@
   },
   "invalidQRCode": "QR Code inválido",
   "noRecoveryKeyTitle": "Sem chave de recuperação?",
-  "enterEmailHint": "Insira o seu endereço de e-mail",
+  "enterEmailHint": "Insira o endereço de e-mail",
   "invalidEmailTitle": "Endereço de e-mail inválido",
   "invalidEmailMessage": "Por favor, insira um endereço de e-mail válido.",
   "deleteAccount": "Excluir conta",
@@ -175,8 +175,8 @@
   "moderateStrength": "Moderada",
   "confirmPassword": "Confirme sua senha",
   "close": "Fechar",
-  "oopsSomethingWentWrong": "Oops, Algo deu errado.",
-  "selectLanguage": "Selecionar idioma",
+  "oopsSomethingWentWrong": "Opa. Algo deu errado.",
+  "selectLanguage": "Trocar idioma",
   "language": "Idioma",
   "social": "Redes sociais",
   "security": "Segurança",
@@ -199,14 +199,14 @@
   "recoveryKeyCopiedToClipboard": "A chave de recuperação foi copiada para a área de transferência",
   "recoveryKeyOnForgotPassword": "Caso você esqueça sua senha, a única maneira de recuperar seus dados é com essa chave.",
   "recoveryKeySaveDescription": "Não armazenamos essa chave, por favor, salve essa chave de 24 palavras em um lugar seguro.",
-  "doThisLater": "Fazer isso mais tarde",
+  "doThisLater": "Fazer isso depois",
   "saveKey": "Salvar chave",
   "save": "Salvar",
   "send": "Enviar",
   "saveOrSendDescription": "Você deseja salvar isso no seu armazenamento (pasta de downloads por padrão) ou enviá-lo para outros aplicativos?",
   "saveOnlyDescription": "Você deseja salvar isto no seu armazenamento (pasta de downloads por padrão)?",
   "back": "Voltar",
-  "createAccount": "Criar uma conta",
+  "createAccount": "Criar conta",
   "passwordStrength": "Força da senha: {passwordStrengthValue}",
   "@passwordStrength": {
     "description": "Text to indicate the password strength",
@@ -234,7 +234,7 @@
   "passwordChangedSuccessfully": "Senha alterada com sucesso",
   "generatingEncryptionKeys": "Gerando chaves de criptografia...",
   "continueLabel": "Continuar",
-  "insecureDevice": "Dispositivo não seguro",
+  "insecureDevice": "Dispositivo inseguro",
   "sorryWeCouldNotGenerateSecureKeysOnThisDevicennplease": "Desculpe, não foi possível gerar chaves seguras neste dispositivo.\n\npor favor, faça o login com um dispositivo diferente.",
   "howItWorks": "Como funciona",
   "ackPasswordLostWarning": "Eu entendo que se eu perder minha senha, posso perder meus dados, já que meus dados são <underline>criptografados de ponta a ponta</underline>.",
@@ -257,11 +257,11 @@
   "recoveryKeyVerifyReason": "Sua chave de recuperação é a única maneira de recuperar suas fotos se você esquecer sua senha. Você pode encontrar sua chave de recuperação em Configurações > Conta.\n\nDigite sua chave de recuperação aqui para verificar se você a salvou corretamente.",
   "confirmYourRecoveryKey": "Confirme sua chave de recuperação",
   "confirm": "Confirmar",
-  "emailYourLogs": "Enviar por email seus logs",
+  "emailYourLogs": "Enviar logs por e-mail",
   "pleaseSendTheLogsTo": "Por favor, envie os logs para \n{toEmail}",
   "copyEmailAddress": "Copiar endereço de e-mail",
   "exportLogs": "Exportar logs",
-  "enterYourRecoveryKey": "Digite sua chave de recuperação",
+  "enterYourRecoveryKey": "Digite a chave de recuperação",
   "tempErrorContactSupportIfPersists": "Parece que algo deu errado. Por favor, tente novamente mais tarde. Se o erro persistir, entre em contato com nossa equipe de suporte.",
   "itLooksLikeSomethingWentWrongPleaseRetryAfterSome": "Parece que algo deu errado. Por favor, tente novamente mais tarde. Se o erro persistir, entre em contato com nossa equipe de suporte.",
   "about": "Sobre",
@@ -277,7 +277,7 @@
   "youAreOnTheLatestVersion": "Você está na versão mais recente",
   "warning": "Atenção",
   "exportWarningDesc": "O arquivo exportado contém informações confidenciais. Por favor, armazene-o com segurança.",
-  "iUnderStand": "Eu entendo",
+  "iUnderStand": "Entendo",
   "@iUnderStand": {
     "description": "Text for the button to confirm the user understands the warning"
   },
@@ -326,11 +326,11 @@
   "sorryTheCodeYouveEnteredIsIncorrect": "Desculpe, o código que você inseriu está incorreto",
   "emailChangedTo": "E-mail alterado para {newEmail}",
   "authenticationFailedPleaseTryAgain": "Falha na autenticação. Por favor, tente novamente",
-  "authenticationSuccessful": "Autenticação bem-sucedida!",
+  "authenticationSuccessful": "Autenticado!",
   "twofactorAuthenticationSuccessfullyReset": "Autenticação de dois fatores redefinida com sucesso",
   "incorrectRecoveryKey": "Chave de recuperação incorreta",
   "theRecoveryKeyYouEnteredIsIncorrect": "A chave de recuperação inserida está incorreta",
-  "enterPassword": "Insira a senha",
+  "enterPassword": "Inserir senha",
   "selectExportFormat": "Selecione o formato para exportação",
   "exportDialogDesc": "As exportações criptografadas ficarão protegidas por uma senha de sua escolha.",
   "encrypted": "Criptografado",
@@ -345,7 +345,7 @@
   "showLargeIcons": "Mostrar ícones grandes",
   "shouldHideCode": "Ocultar códigos",
   "doubleTapToViewHiddenCode": "Você pode tocar duas vezes em uma entrada para ver o código",
-  "focusOnSearchBar": "Foco na pesquisa ao iniciar o aplicativo",
+  "focusOnSearchBar": "Foco na busca ao iniciar o app",
   "confirmUpdatingkey": "Você tem certeza que deseja atualizar a chave secreta?",
   "minimizeAppOnCopy": "Minimizar aplicativo ao copiar",
   "editCodeAuthMessage": "Autenticar para editar o código",
@@ -357,7 +357,7 @@
   "@androidBiometricHint": {
     "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
   },
-  "androidBiometricNotRecognized": "Não reconhecido. Tente novamente.",
+  "androidBiometricNotRecognized": "Não reconhecido. Tente de novo.",
   "@androidBiometricNotRecognized": {
     "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
   },
@@ -385,7 +385,7 @@
   "@androidDeviceCredentialsSetupDescription": {
     "description": "Message advising the user to go to the settings and configure device credentials on their device. It shows in a dialog on Android side."
   },
-  "goToSettings": "Ir para Configurações",
+  "goToSettings": "Ir para Ajustes",
   "@goToSettings": {
     "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
   },
@@ -410,13 +410,13 @@
   "signOutFromOtherDevices": "Terminar sessão em outros dispositivos",
   "signOutOtherBody": "Se você acha que alguém pode saber sua senha, você pode forçar todos os outros dispositivos que estão com sua conta a desconectar.",
   "signOutOtherDevices": "Terminar sessão em outros dispositivos",
-  "doNotSignOut": "Não encerrar sessão",
+  "doNotSignOut": "Não sair",
   "hearUsWhereTitle": "Como você ouviu sobre o Ente? (opcional)",
   "hearUsExplanation": "Não rastreamos instalações do aplicativo. Seria útil se você nos contasse onde nos encontrou!",
   "recoveryKeySaved": "Chave de recuperação salva na pasta Downloads!",
   "waitingForBrowserRequest": "Aguardando solicitação do navegador...",
   "waitingForVerification": "Esperando por verificação...",
-  "passkey": "Chave de acesso",
+  "passkey": "Senha-mestra",
   "developerSettingsWarning": "Tem certeza de que deseja modificar as configurações de Desenvolvedor?",
   "developerSettings": "Configurações de desenvolvedor",
   "serverEndpoint": "Endpoint do servidor",
@@ -429,7 +429,7 @@
   "pinnedCodeMessage": "{code} foi fixado",
   "unpinnedCodeMessage": "{code} foi desafixado",
   "tags": "Etiquetas",
-  "createNewTag": "Criar etiqueta",
+  "createNewTag": "Criar nova etiqueta",
   "tag": "Etiqueta",
   "create": "Criar",
   "editTag": "Editar etiqueta",

auth/lib/l10n/arb/app_te.arb

@@ -0,0 +1 @@
+{}

auth/lib/main.dart

@@ -66,8 +66,6 @@ Future<void> initSystemTray() async {
 void main() async {
   WidgetsFlutterBinding.ensureInitialized();
 
-  initSystemTray().ignore();
-
   if (PlatformUtil.isDesktop()) {
     await windowManager.ensureInitialized();
     await WindowListenerService.instance.init();
@@ -77,8 +75,10 @@ void main() async {
     await windowManager.waitUntilReadyToShow(windowOptions, () async {
       await windowManager.show();
       await windowManager.focus();
+      initSystemTray().ignore();
     });
   }
+
   await _runInForeground();
   await _setupPrivacyScreen();
   if (Platform.isAndroid) {
@@ -132,7 +132,7 @@ Future _runWithLogs(Function() function, {String prefix = ""}) async {
 }
 
 void _registerWindowsProtocol() {
-  const kWindowsScheme = 'ente';
+  const kWindowsScheme = 'enteauth';
   // Register our protocol only on Windows platform
   if (!kIsWeb && Platform.isWindows) {
     WindowsProtocolHandler()

auth/lib/services/passkey_service.dart

@@ -42,7 +42,7 @@ class PasskeyService {
   Future<void> openPasskeyPage(BuildContext context) async {
     try {
       final jwtToken = await getJwtToken();
-      final url = "https://accounts.ente.io/account-handoff?token=$jwtToken";
+      final url = "https://accounts.ente.io/passkeys?token=$jwtToken";
       await launchUrlString(
         url,
         mode: LaunchMode.externalApplication,

auth/lib/services/user_service.dart

@@ -266,32 +266,77 @@ class UserService {
     }
   }
 
-  Future<void> onPassKeyVerified(BuildContext context, Map response) async {
-    final userPassword = Configuration.instance.getVolatilePassword();
-    if (userPassword == null) throw Exception("volatile password is null");
-
-    await _saveConfiguration(response);
-
-    Widget page;
-    if (Configuration.instance.getEncryptedToken() != null) {
-      await Configuration.instance.decryptSecretsAndGetKeyEncKey(
-        userPassword,
-        Configuration.instance.getKeyAttributes()!,
-      );
-      page = const HomePage();
-    } else {
-      throw Exception("unexpected response during passkey verification");
-    }
-
-    // ignore: unawaited_futures
-    Navigator.of(context).pushAndRemoveUntil(
-      MaterialPageRoute(
-        builder: (BuildContext context) {
-          return page;
+  Future<dynamic> getTokenForPasskeySession(String sessionID) async {
+    try {
+      final response = await _dio.get(
+        "${_config.getHttpEndpoint()}/users/two-factor/passkeys/get-token",
+        queryParameters: {
+          "sessionID": sessionID,
         },
-      ),
-      (route) => route.isFirst,
-    );
+      );
+      return response.data;
+    } on DioException catch (e) {
+      if (e.response != null) {
+        if (e.response!.statusCode == 404 || e.response!.statusCode == 410) {
+          throw PassKeySessionExpiredError();
+        }
+        if (e.response!.statusCode == 400) {
+          throw PassKeySessionNotVerifiedError();
+        }
+      }
+      rethrow;
+    } catch (e, s) {
+      _logger.severe("unexpected error", e, s);
+      rethrow;
+    }
+  }
+
+  Future<void> onPassKeyVerified(BuildContext context, Map response) async {
+    final ProgressDialog dialog =
+        createProgressDialog(context, context.l10n.pleaseWait);
+    await dialog.show();
+    try {
+      final userPassword = _config.getVolatilePassword();
+      await _saveConfiguration(response);
+      if (userPassword == null) {
+        await dialog.hide();
+        // ignore: unawaited_futures
+        Navigator.of(context).pushAndRemoveUntil(
+          MaterialPageRoute(
+            builder: (BuildContext context) {
+              return const PasswordReentryPage();
+            },
+          ),
+          (route) => route.isFirst,
+        );
+      } else {
+        Widget page;
+        if (_config.getEncryptedToken() != null) {
+          await _config.decryptSecretsAndGetKeyEncKey(
+            userPassword,
+            _config.getKeyAttributes()!,
+          );
+          page = const HomePage();
+        } else {
+          throw Exception("unexpected response during passkey verification");
+        }
+        await dialog.hide();
+
+        // ignore: unawaited_futures
+        Navigator.of(context).pushAndRemoveUntil(
+          MaterialPageRoute(
+            builder: (BuildContext context) {
+              return page;
+            },
+          ),
+          (route) => route.isFirst,
+        );
+      }
+    } catch (e) {
+      _logger.severe(e);
+      await dialog.hide();
+      rethrow;
+    }
   }
 
   Future<void> verifyEmail(
@@ -316,9 +361,12 @@ class UserService {
       await dialog.hide();
       if (response.statusCode == 200) {
         Widget page;
+        final String passkeySessionID = response.data["passkeySessionID"];
         final String twoFASessionID = response.data["twoFactorSessionID"];
         if (twoFASessionID.isNotEmpty) {
           page = TwoFactorAuthenticationPage(twoFASessionID);
+        } else if (passkeySessionID.isNotEmpty) {
+          page = PasskeyPage(passkeySessionID);
         } else {
           await _saveConfiguration(response);
           if (Configuration.instance.getEncryptedToken() != null) {

auth/lib/store/code_display_store.dart

@@ -32,7 +32,7 @@ class CodeDisplayStore {
       if (code.hasError) continue;
       tags.addAll(code.display.tags);
     }
-    return tags.toList();
+    return tags.toList()..sort();
   }
 
   Future<void> showDeleteTagDialog(BuildContext context, String tag) async {

auth/lib/ui/components/models/button_type.dart

@@ -33,7 +33,7 @@ enum ButtonType {
 
   Color defaultButtonColor(EnteColorScheme colorScheme) {
     if (isPrimary) {
-      return colorScheme.primary500;
+      return colorScheme.primary400;
     }
     if (isSecondary) {
       return colorScheme.fillFaint;

auth/lib/ui/home_page.dart

@@ -238,6 +238,8 @@ class _HomePageState extends State<HomePage> {
           title: !_showSearchBox
               ? const Text('Ente Auth')
               : TextField(
+                  autocorrect: false,
+                  enableSuggestions: false,
                   focusNode: searchInputFocusNode,
                   autofocus: _searchText.isEmpty,
                   controller: _textController,

auth/lib/ui/passkey_page.dart

@@ -2,12 +2,14 @@ import 'dart:convert';
 
 import 'package:app_links/app_links.dart';
 import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/core/errors.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/account/two_factor.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
 import 'package:ente_auth/ui/components/models/button_type.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
 import 'package:flutter/material.dart';
 import 'package:logging/logging.dart';
 import 'package:url_launcher/url_launcher_string.dart';
@@ -41,13 +43,38 @@ class _PasskeyPageState extends State<PasskeyPage> {
 
   Future<void> launchPasskey() async {
     await launchUrlString(
-      "https://accounts.ente.io/passkeys/flow?"
+      "https://accounts.ente.io/passkeys/verify?"
       "passkeySessionID=${widget.sessionID}"
-      "&redirect=enteauth://passkey",
+      "&redirect=enteauth://passkey"
+      "&clientPackage=io.ente.auth",
       mode: LaunchMode.externalApplication,
     );
   }
 
+  Future<void> checkStatus() async {
+    late dynamic response;
+    try {
+      response = await UserService.instance
+          .getTokenForPasskeySession(widget.sessionID);
+    } on PassKeySessionNotVerifiedError {
+      showToast(context, context.l10n.passKeyPendingVerification);
+      return;
+    } on PassKeySessionExpiredError {
+      await showErrorDialog(
+        context,
+        context.l10n.loginSessionExpired,
+        context.l10n.loginSessionExpiredDetails,
+      );
+      Navigator.of(context).pop();
+      return;
+    } catch (e, s) {
+      _logger.severe("failed to check status", e, s);
+      showGenericErrorDialog(context: context).ignore();
+      return;
+    }
+    await UserService.instance.onPassKeyVerified(context, response);
+  }
+
   Future<void> _handleDeeplink(String? link) async {
     if (!context.mounted ||
         Configuration.instance.hasConfiguredAccount() ||
@@ -59,8 +86,20 @@ class _PasskeyPageState extends State<PasskeyPage> {
     }
     try {
       if (mounted && link.toLowerCase().startsWith("enteauth://passkey")) {
-        final String? uri = Uri.parse(link).queryParameters['response'];
-        String base64String = uri!.toString();
+        if (Configuration.instance.isLoggedIn()) {
+          _logger.info('ignored deeplink: already configured');
+          showToast(context, 'Account is already configured.');
+          return;
+        }
+        final parsedUri = Uri.parse(link);
+        final sessionID = parsedUri.queryParameters['passkeySessionID'];
+        if (sessionID != widget.sessionID) {
+          showToast(context, "Session ID mismatch");
+          _logger.warning('ignored deeplink: sessionID mismatch');
+          return;
+        }
+        final String? authResponse = parsedUri.queryParameters['response'];
+        String base64String = authResponse!.toString();
         while (base64String.length % 4 != 0) {
           base64String += '=';
         }
@@ -118,9 +157,23 @@ class _PasskeyPageState extends State<PasskeyPage> {
             const SizedBox(height: 16),
             ButtonWidget(
               buttonType: ButtonType.primary,
-              labelText: context.l10n.verifyPasskey,
+              labelText: context.l10n.tryAgain,
               onTap: () => launchPasskey(),
             ),
+            const SizedBox(height: 16),
+            ButtonWidget(
+              buttonType: ButtonType.secondary,
+              labelText: context.l10n.checkStatus,
+              onTap: () async {
+                try {
+                  await checkStatus();
+                } catch (e) {
+                  debugPrint('failed to check status %e');
+                  showGenericErrorDialog(context: context).ignore();
+                }
+              },
+              shouldSurfaceExecutionStates: true,
+            ),
             const Padding(padding: EdgeInsets.all(30)),
             GestureDetector(
               behavior: HitTestBehavior.opaque,

auth/lib/ui/settings/data/import/aegis_import.dart

@@ -6,6 +6,7 @@ import 'dart:typed_data';
 import 'package:convert/convert.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/models/code_display.dart';
 import 'package:ente_auth/services/authenticator_service.dart';
 import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/ui/common/progress_dialog.dart';
@@ -76,7 +77,7 @@ Future<void> _pickAegisJsonFile(BuildContext context) async {
     await showErrorDialog(
       context,
       context.l10n.sorry,
-      context.l10n.importFailureDesc,
+      "${context.l10n.importFailureDesc}\n Error: ${e.toString()}",
     );
   }
 }
@@ -126,8 +127,19 @@ Future<int?> _processAegisExportFile(
   } else {
     aegisDB = decodedJson['db'];
   }
+  final Map<String, String> groupIDToName = {};
+  try {
+    for (var item in aegisDB?['groups']) {
+      groupIDToName[item['uuid']] = item['name'];
+    }
+  } catch (e) {
+    Logger("AegisImport").warning("Failed to parse groups", e);
+  }
+
   final parsedCodes = [];
   for (var item in aegisDB?['entries']) {
+    bool isFavorite = item['favorite'] ?? false;
+    List<String> tags = [];
     var kind = item['type'];
     var account = item['name'];
     var issuer = item['issuer'];
@@ -137,20 +149,27 @@ Future<int?> _processAegisExportFile(
     var digits = item['info']['digits'];
 
     var counter = item['info']['counter'];
-
+    for (var group in item['groups']) {
+      if (groupIDToName.containsKey(group)) {
+        tags.add(groupIDToName[group]!);
+      }
+    }
     // Build the OTP URL
     String otpUrl;
 
-    if (kind.toLowerCase() == 'totp') {
+    if (kind.toLowerCase() == 'totp' || kind.toLowerCase() == 'steam') {
       otpUrl =
           'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&period=$timer';
     } else if (kind.toLowerCase() == 'hotp') {
       otpUrl =
           'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
     } else {
-      throw Exception('Invalid OTP type');
+      throw Exception('Invalid OTP type: $kind');
     }
-    parsedCodes.add(Code.fromOTPAuthUrl(otpUrl));
+
+    Code code = Code.fromOTPAuthUrl(otpUrl);
+    code = code.copyWith(display: CodeDisplay(pinned: isFavorite, tags: tags));
+    parsedCodes.add(code);
   }
 
   for (final code in parsedCodes) {

auth/lib/ui/settings/data/import/bitwarden_import.dart

@@ -4,6 +4,7 @@ import 'dart:io';
 
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/models/code_display.dart';
 import 'package:ente_auth/services/authenticator_service.dart';
 import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
@@ -14,6 +15,7 @@ import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:file_picker/file_picker.dart';
 import 'package:flutter/cupertino.dart';
 import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
 
 Future<void> showBitwardenImportInstruction(BuildContext context) async {
   final l10n = context.l10n;
@@ -60,12 +62,13 @@ Future<void> _pickBitwardenJsonFile(BuildContext context) async {
     if (count != null) {
       await importSuccessDialog(context, count);
     }
-  } catch (e) {
+  } catch (e, s) {
+    Logger("BitwardenImport").severe('Failed to import', e, s);
     await progressDialog.hide();
     await showErrorDialog(
       context,
       context.l10n.sorry,
-      context.l10n.importFailureDesc,
+      "${context.l10n.importFailureDesc}\n Error: ${e.toString()}",
     );
   }
 }
@@ -78,19 +81,36 @@ Future<int?> _processBitwardenExportFile(
   final jsonString = await file.readAsString();
   final data = jsonDecode(jsonString);
   List<dynamic> jsonArray = data['items'];
+  final Map<String, String> folderIdToName = {};
+  try {
+    for (var item in data['folders']) {
+      folderIdToName[item['id']] = item['name'];
+    }
+  } catch (e) {
+    debugPrint("Failed to get folder details $e");
+  }
   final parsedCodes = [];
   for (var item in jsonArray) {
     if (item['login'] != null && item['login']['totp'] != null) {
       var totp = item['login']['totp'];
+      String? folderID = item['folderId'];
 
       Code code;
-
       if (totp.contains("otpauth://")) {
         code = Code.fromOTPAuthUrl(totp);
+      } else if (totp.contains("steam://")) {
+        var secret = totp.split("steam://")[1];
+        code = Code.fromAccountAndSecret(
+          Type.steam,
+          item['login']['username'],
+          item['name'],
+          secret,
+          null,
+          Code.steamDigits,
+        );
       } else {
-        var issuer = item['name'];
-        var account = item['login']['username'];
-
+        var issuer = item['name'] ?? '';
+        var account = item['login']['username'] ?? '';
         code = Code.fromAccountAndSecret(
           Type.totp,
           account,
@@ -100,6 +120,11 @@ Future<int?> _processBitwardenExportFile(
           Code.defaultDigits,
         );
       }
+      if (folderID != null && folderIdToName.containsKey(folderID)) {
+        code = code.copyWith(
+          display: CodeDisplay(tags: [folderIdToName[folderID]!]),
+        );
+      }
 
       parsedCodes.add(code);
     }

auth/lib/ui/settings/data/import/lastpass_import.dart

@@ -14,6 +14,7 @@ import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:file_picker/file_picker.dart';
 import 'package:flutter/cupertino.dart';
 import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
 
 Future<void> showLastpassImportInstruction(BuildContext context) async {
   final l10n = context.l10n;
@@ -60,12 +61,13 @@ Future<void> _pickLastpassJsonFile(BuildContext context) async {
     if (count != null) {
       await importSuccessDialog(context, count);
     }
-  } catch (e) {
+  } catch (e, s) {
+    Logger('LastPassImport').severe('exception while processing import', e, s);
     await progressDialog.hide();
     await showErrorDialog(
       context,
       context.l10n.sorry,
-      context.l10n.importFailureDesc,
+      "${context.l10n.importFailureDesc}\n Error: ${e.toString()}",
     );
   }
 }

auth/lib/ui/settings/data/import/raivo_plain_text_import.dart

@@ -14,6 +14,7 @@ import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:file_picker/file_picker.dart';
 import 'package:flutter/cupertino.dart';
 import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
 
 Future<void> showRaivoImportInstruction(BuildContext context) async {
   final l10n = context.l10n;
@@ -60,12 +61,13 @@ Future<void> _pickRaivoJsonFile(BuildContext context) async {
     if (count != null) {
       await importSuccessDialog(context, count);
     }
-  } catch (e) {
+  } catch (e, s) {
+    Logger("RaivoImport").severe('Failed to import', e, s);
     await progressDialog.hide();
     await showErrorDialog(
       context,
       context.l10n.sorry,
-      context.l10n.importFailureDesc,
+      "${context.l10n.importFailureDesc}\n Error: ${e.toString()}",
     );
   }
 }
@@ -103,7 +105,7 @@ Future<int?> _processRaivoExportFile(BuildContext context, String path) async {
       otpUrl =
           'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
     } else {
-      throw Exception('Invalid OTP type');
+      throw Exception('Invalid OTP type $kind');
     }
     parsedCodes.add(Code.fromOTPAuthUrl(otpUrl));
   }

auth/lib/ui/settings/data/import/two_fas_import.dart

@@ -72,7 +72,7 @@ Future<void> _pick2FasFile(BuildContext context) async {
     await showErrorDialog(
       context,
       context.l10n.sorry,
-      context.l10n.importFailureDesc,
+      "${context.l10n.importFailureDesc}\n Error: ${e.toString()}",
     );
   }
 }
@@ -139,7 +139,10 @@ Future<int?> _process2FasExportFile(
   for (var item in decodedServices) {
     var kind = item['otp']['tokenType'];
     var account = item['otp']['account'] ?? '';
-    var issuer = item['otp']['issuer'] ?? item['name'] ?? '';
+    var issuer = item['otp']['issuer'];
+    if (issuer == null || (issuer as String).isEmpty) {
+      issuer = item['name'] ?? '';
+    }
     var algorithm = item['otp']['algorithm'];
     var secret = item['secret'];
     var timer = item['otp']['period'];

auth/lib/ui/settings/security_section_widget.dart

@@ -4,7 +4,6 @@ import 'dart:typed_data';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/user_details.dart';
-import 'package:ente_auth/services/auth_feature_flag.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/services/passkey_service.dart';
 import 'package:ente_auth/services/user_service.dart';
@@ -66,20 +65,17 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
         // We don't know if the user can disable MFA yet, so we fetch the info
         UserService.instance.getUserDetailsV2().ignore();
       }
-      final bool isInternalUser =
-          FeatureFlagService.instance.isInternalUserOrDebugBuild();
       children.addAll([
-        if (isInternalUser) sectionOptionSpacing,
-        if (isInternalUser)
-          MenuItemWidget(
-            captionedTextWidget: CaptionedTextWidget(
-              title: l10n.passkey,
-            ),
-            pressedColor: getEnteColorScheme(context).fillFaint,
-            trailingIcon: Icons.chevron_right_outlined,
-            trailingIconIsMuted: true,
-            onTap: () async => await onPasskeyClick(context),
+        sectionOptionSpacing,
+        MenuItemWidget(
+          captionedTextWidget: CaptionedTextWidget(
+            title: l10n.passkey,
           ),
+          pressedColor: getEnteColorScheme(context).fillFaint,
+          trailingIcon: Icons.chevron_right_outlined,
+          trailingIconIsMuted: true,
+          onTap: () async => await onPasskeyClick(context),
+        ),
         sectionOptionSpacing,
         MenuItemWidget(
           captionedTextWidget: CaptionedTextWidget(

auth/lib/utils/totp_util.dart

@@ -4,7 +4,7 @@ import 'package:otp/otp.dart' as otp;
 import 'package:steam_totp/steam_totp.dart';
 
 String getOTP(Code code) {
-  if (code.type == Type.steam) {
+  if (code.type == Type.steam || code.issuer.toLowerCase() == 'steam') {
     return _getSteamCode(code);
   }
   if (code.type == Type.hotp) {
@@ -39,7 +39,7 @@ String _getSteamCode(Code code, [bool isNext = false]) {
 }
 
 String getNextTotp(Code code) {
-  if (code.type == Type.steam) {
+  if (code.type == Type.steam || code.issuer.toLowerCase() == 'steam') {
     return _getSteamCode(code, true);
   }
   return otp.OTP.generateTOTPCodeString(

auth/linux/CMakeLists.txt

@@ -34,7 +34,7 @@ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
     "Debug" "Profile" "Release")
 endif()
 
-# Compilation ui.settings that should be applied to most targets.
+# Compilation settings that should be applied to most targets.
 #
 # Be cautious about adding new options here, as plugins use this function by
 # default. In most cases, you should add new options to specific targets instead
@@ -66,8 +66,8 @@ add_executable(${BINARY_NAME}
   "${FLUTTER_MANAGED_DIR}/generated_plugin_registrant.cc"
 )
 
-# Apply the standard set of build ui.settings. This can be removed for applications
-# that need different build ui.settings.
+# Apply the standard set of build settings. This can be removed for applications
+# that need different build settings.
 apply_standard_settings(${BINARY_NAME})
 
 # Add dependency libraries. Add any application-specific dependencies here.
@@ -86,6 +86,7 @@ set_target_properties(${BINARY_NAME}
   RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/intermediates_do_not_run"
 )
 
+
 # Generated plugin build rules, which manage building the plugins and adding
 # them to the application.
 include(flutter/generated_plugins.cmake)
@@ -122,6 +123,12 @@ foreach(bundled_library ${PLUGIN_BUNDLED_LIBRARIES})
     COMPONENT Runtime)
 endforeach(bundled_library)
 
+# Copy the native assets provided by the build.dart from all packages.
+set(NATIVE_ASSETS_DIR "${PROJECT_BUILD_DIR}native_assets/linux/")
+install(DIRECTORY "${NATIVE_ASSETS_DIR}"
+   DESTINATION "${INSTALL_BUNDLE_LIB_DIR}"
+   COMPONENT Runtime)
+
 # Fully re-copy the assets directory on each build to avoid having stale files
 # from a previous install.
 set(FLUTTER_ASSET_DIR_NAME "flutter_assets")

auth/linux/my_application.cc

@@ -63,7 +63,7 @@ static void my_application_activate(GApplication *application)
   }
 
   gtk_window_set_default_size(window, 1280, 720);
-  gtk_widget_realize(GTK_WIDGET(window));
+  gtk_widget_show(GTK_WIDGET(window));
 
   g_autoptr(FlDartProject) project = fl_dart_project_new();
   fl_dart_project_set_dart_entrypoint_arguments(project, self->dart_entrypoint_arguments);
@@ -73,6 +73,7 @@ static void my_application_activate(GApplication *application)
   gtk_container_add(GTK_CONTAINER(window), GTK_WIDGET(view));
 
   fl_register_plugins(FL_PLUGIN_REGISTRY(view));
+  gtk_widget_hide(GTK_WIDGET(window));
 
   gtk_widget_grab_focus(GTK_WIDGET(view));
 }
@@ -98,6 +99,26 @@ static gboolean my_application_local_command_line(GApplication *application, gch
   return FALSE;
 }
 
+// Implements GApplication::startup.
+static void my_application_startup(GApplication *application)
+{
+  // MyApplication* self = MY_APPLICATION(object);
+
+  // Perform any actions required at application startup.
+
+  G_APPLICATION_CLASS(my_application_parent_class)->startup(application);
+}
+
+// Implements GApplication::shutdown.
+static void my_application_shutdown(GApplication *application)
+{
+  // MyApplication* self = MY_APPLICATION(object);
+
+  // Perform any actions required at application shutdown.
+
+  G_APPLICATION_CLASS(my_application_parent_class)->shutdown(application);
+}
+
 // Implements GObject::dispose.
 static void my_application_dispose(GObject *object)
 {
@@ -110,6 +131,8 @@ static void my_application_class_init(MyApplicationClass *klass)
 {
   G_APPLICATION_CLASS(klass)->activate = my_application_activate;
   G_APPLICATION_CLASS(klass)->local_command_line = my_application_local_command_line;
+  G_APPLICATION_CLASS(klass)->startup = my_application_startup;
+  G_APPLICATION_CLASS(klass)->shutdown = my_application_shutdown;
   G_OBJECT_CLASS(klass)->dispose = my_application_dispose;
 }
 

auth/macos/Runner/Info.plist

@@ -38,6 +38,7 @@
 			<key>CFBundleURLSchemes</key>
 			<array>
 				<string>otpauth</string>
+				<string>enteauth</string>
 			</array>
 		</dict>
 	</array>

auth/pubspec.lock

@@ -293,9 +293,9 @@ packages:
     dependency: "direct main"
     description:
       path: "packages/desktop_webview_window"
-      ref: fix-webkit-version
-      resolved-ref: fe2223e4edfecdbb3a97bb9e3ced73db4ae9d979
-      url: "https://github.com/ente-io/flutter-desktopwebview-fork"
+      ref: main
+      resolved-ref: "726d8281a244d56ab36e843f0427c48de6d9cc56"
+      url: "https://github.com/MixinNetwork/flutter-plugins"
     source: git
     version: "0.2.4"
   device_info_plus:
@@ -602,11 +602,11 @@ packages:
     dependency: "direct overridden"
     description:
       path: flutter_secure_storage_linux
-      ref: patch-1
-      resolved-ref: da8ab43bc51c8c3249a261c33b27aa6f018f819b
-      url: "https://github.com/prateekmedia/flutter_secure_storage.git"
+      ref: develop
+      resolved-ref: cb30953edc029dc4059b72700270b4cd3a3afade
+      url: "https://github.com/mogol/flutter_secure_storage.git"
     source: git
-    version: "1.2.0"
+    version: "1.2.1"
   flutter_secure_storage_macos:
     dependency: transitive
     description:
@@ -813,10 +813,10 @@ packages:
     dependency: "direct main"
     description:
       name: intl
-      sha256: "3bc132a9dbce73a7e4a21a17d06e1878839ffbf975568bc875c60537824b0c4d"
+      sha256: d6f56758b7d3014a48af9701c085700aac781a92a87a62b1333b46d8879661cf
       url: "https://pub.dev"
     source: hosted
-    version: "0.18.1"
+    version: "0.19.0"
   io:
     dependency: transitive
     description:
@@ -853,26 +853,26 @@ packages:
     dependency: transitive
     description:
       name: leak_tracker
-      sha256: "78eb209deea09858f5269f5a5b02be4049535f568c07b275096836f01ea323fa"
+      sha256: "7f0df31977cb2c0b88585095d168e689669a2cc9b97c309665e3386f3e9d341a"
       url: "https://pub.dev"
     source: hosted
-    version: "10.0.0"
+    version: "10.0.4"
   leak_tracker_flutter_testing:
     dependency: transitive
     description:
       name: leak_tracker_flutter_testing
-      sha256: b46c5e37c19120a8a01918cfaf293547f47269f7cb4b0058f21531c2465d6ef0
+      sha256: "06e98f569d004c1315b991ded39924b21af84cf14cc94791b8aea337d25b57f8"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.1"
+    version: "3.0.3"
   leak_tracker_testing:
     dependency: transitive
     description:
       name: leak_tracker_testing
-      sha256: a597f72a664dbd293f3bfc51f9ba69816f84dcd403cdac7066cb3f6003f3ab47
+      sha256: "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.1"
+    version: "3.0.1"
   lints:
     dependency: "direct dev"
     description:
@@ -957,10 +957,10 @@ packages:
     dependency: transitive
     description:
       name: meta
-      sha256: d584fa6707a52763a52446f02cc621b077888fb63b93bbcb1143a7be5a0c0c04
+      sha256: "7687075e408b093f36e6bbf6c91878cc0d4cd10f409506f7bc996f68220b9136"
       url: "https://pub.dev"
     source: hosted
-    version: "1.11.0"
+    version: "1.12.0"
   mime:
     dependency: transitive
     description:
@@ -1523,10 +1523,10 @@ packages:
     dependency: transitive
     description:
       name: test_api
-      sha256: "5c2f730018264d276c20e4f1503fd1308dfbbae39ec8ee63c5236311ac06954b"
+      sha256: "9955ae474176f7ac8ee4e989dadfb411a58c30415bcfb648fa04b2b8a03afa7f"
       url: "https://pub.dev"
     source: hosted
-    version: "0.6.1"
+    version: "0.7.0"
   timezone:
     dependency: transitive
     description:
@@ -1683,10 +1683,10 @@ packages:
     dependency: transitive
     description:
       name: vm_service
-      sha256: b3d56ff4341b8f182b96aceb2fa20e3dcb336b9f867bc0eafc0de10f1048e957
+      sha256: "3923c89304b715fb1eb6423f017651664a03bf5f4b29983627c4da791f74a4ec"
       url: "https://pub.dev"
     source: hosted
-    version: "13.0.0"
+    version: "14.2.1"
   watcher:
     dependency: transitive
     description:
@@ -1731,10 +1731,10 @@ packages:
     dependency: "direct main"
     description:
       name: window_manager
-      sha256: b3c895bdf936c77b83c5254bec2e6b3f066710c1f89c38b20b8acc382b525494
+      sha256: "8699323b30da4cdbe2aa2e7c9de567a6abd8a97d9a5c850a3c86dcd0b34bbfbf"
       url: "https://pub.dev"
     source: hosted
-    version: "0.3.8"
+    version: "0.3.9"
   xdg_directories:
     dependency: transitive
     description:

auth/pubspec.yaml

@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 3.0.4+304
+version: 3.0.12+312
 publish_to: none
 
 environment:
@@ -20,8 +20,8 @@ dependencies:
   convert: ^3.1.1
   desktop_webview_window:
     git:
-      url: https://github.com/ente-io/flutter-desktopwebview-fork
-      ref: fix-webkit-version
+      url: https://github.com/MixinNetwork/flutter-plugins
+      ref: main
       path: packages/desktop_webview_window
   device_info_plus: ^9.1.1
   dio: ^5.4.0
@@ -64,7 +64,7 @@ dependencies:
   google_nav_bar: ^5.0.5 #supported
   gradient_borders: ^1.0.0
   http: ^1.1.0
-  intl: ^0.18.0
+  intl: ^0.19.0
   json_annotation: ^4.5.0
   local_auth: ^2.2.0
   local_auth_android: ^1.0.37
@@ -102,13 +102,13 @@ dependencies:
   url_launcher: ^6.1.5
   uuid: ^4.2.2
   win32: ^5.1.1
-  window_manager: ^0.3.8
+  window_manager: ^0.3.9
 
 dependency_overrides:
   flutter_secure_storage_linux:
     git:
-      url: https://github.com/prateekmedia/flutter_secure_storage.git
-      ref: patch-1
+      url: https://github.com/mogol/flutter_secure_storage.git
+      ref: develop
       path: flutter_secure_storage_linux
 dev_dependencies:
   build_runner: ^2.1.11

cli/README.md

@@ -107,11 +107,7 @@ docker-compose up -d
 
 `exec` into the container
 ```shell
-docker-compose exec ente /bin/sh
+docker-compose exec ente-cli /bin/sh -c "./ente-cli version"
+docker-compose exec ente-cli /bin/sh -c "./ente-cli account add" 
 ```
 
-#### Directly executing commands
-
-```shell
-docker run -it --rm ente:latest ls
-```

cli/docker-compose.yml

@@ -4,8 +4,11 @@ services:
     image: ente-cli:latest
     command: /bin/sh
     volumes:
-      # Replace /Volumes/Data/ with a folder path on your system, typically $HOME/.ente-cli/
-      - ~/.ente-cli/:/cli-data:rw
-#      - ~/Downloads/export-data:/data:rw
+      # This is mandatory to mount the local directory to the container at /cli-data
+      # CLI will use this directory to store the data required for syncing export
+      - /path/to/local/directory/cli/:/cli-data:rw
+      # You can add additional volumes to mount the export directory to the container
+      # While adding account for export, you can use /data as the export directory.
+      - /path/to/local/directory/export:/data:rw
     stdin_open: true
     tty: true

cli/internal/api/client.go

@@ -71,12 +71,15 @@ func NewClient(p Params) *Client {
 		restClient: enteAPI,
 		downloadClient: resty.New().
 			SetRetryCount(3).
-			SetRetryWaitTime(5 * time.Second).
-			SetRetryMaxWaitTime(10 * time.Second).
+			SetRetryWaitTime(10 * time.Second).
+			SetRetryMaxWaitTime(20 * time.Second).
 			AddRetryCondition(func(r *resty.Response, err error) bool {
-				shouldRetry := r.StatusCode() == 429 || r.StatusCode() > 500
+				shouldRetry := r.StatusCode() == 429 || r.StatusCode() >= 500
 				if shouldRetry {
-					log.Printf("retrying download due to %d code", r.StatusCode())
+					amxRequestID := r.Header().Get("X-Amz-Request-Id")
+					cfRayID := r.Header().Get("CF-Ray")
+					wasabiRefID := r.Header().Get("X-Wasabi-Cm-Reference-Id")
+					log.Printf("Retry scheduled. error statusCode: %d, X-Amz-Request-Id: %s, CF-Ray: %s, X-Wasabi-Cm-Reference-Id: %s", r.StatusCode(), amxRequestID, cfRayID, wasabiRefID)
 				}
 				return shouldRetry
 			}),

cli/main.go

@@ -15,7 +15,7 @@ import (
 	"strings"
 )
 
-var AppVersion = "0.1.14"
+var AppVersion = "0.1.15"
 
 func main() {
 	cliDBPath, err := GetCLIConfigPath()
@@ -23,7 +23,7 @@ func main() {
 		cliDBPath = constants.CliDataPath
 		_, err := internal.ValidateDirForWrite(cliDBPath)
 		if err != nil {
-			log.Fatalf("Please mount a volume to %s to persist cli data\n%v\n", cliDBPath, err)
+			log.Fatalf("Please mount a volume to %s\n%v\n", cliDBPath, err)
 		}
 	}
 	if err != nil {

desktop/.github/workflows/desktop-release.yml

@@ -1,6 +1,6 @@
 name: "Release"
 
-# Build the ente-io/ente's desktop/rc branch and create/update a draft release.
+# Build the desktop app with code from ente-io/ente and create/update a release.
 #
 # For more details, see `docs/release.md` in ente-io/ente.
 

desktop/CHANGELOG.md

@@ -2,7 +2,12 @@
 
 ## v1.7.1 (Unreleased)
 
+-   Support for passkeys as a second factor authentication mechanism.
 -   Remember the window size across app restarts.
+-   Revert changes to the Linux icon.
+-   Fix an issue causing deleted items in watched folders to not move to
+    uncategorized.
+-   Fix duplicate file uploads when initializing a folder watch (sometimes).
 
 ## v1.7.0
 

desktop/electron-builder.yml

@@ -6,6 +6,9 @@ files:
 extraFiles:
     - from: build
       to: resources
+protocols:
+    - name: Ente
+      schemes: ["ente"]
 win:
     target:
         - target: nsis
@@ -23,6 +26,7 @@ linux:
         - target: pacman
           arch: [x64, arm64]
     category: Photography
+    icon: ./build/icon.icns
 mac:
     target:
         target: default

desktop/src/main.ts

@@ -61,6 +61,103 @@ export const allowWindowClose = (): void => {
     shouldAllowWindowClose = true;
 };
 
+/**
+ * The app's entry point.
+ *
+ * We call this at the end of this file.
+ */
+const main = () => {
+    const gotTheLock = app.requestSingleInstanceLock();
+    if (!gotTheLock) {
+        app.quit();
+        return;
+    }
+
+    let mainWindow: BrowserWindow | undefined;
+
+    initLogging();
+    logStartupBanner();
+    registerForEnteLinks();
+    // The order of the next two calls is important
+    setupRendererServer();
+    registerPrivilegedSchemes();
+    migrateLegacyWatchStoreIfNeeded();
+
+    /**
+     * Handle an open URL request, but ensuring that we have a mainWindow.
+     */
+    const handleOpenURLEnsuringWindow = (url: string) => {
+        log.info(`Attempting to handle request to open URL: ${url}`);
+        if (mainWindow) handleEnteLinks(mainWindow, url);
+        else setTimeout(() => handleOpenURLEnsuringWindow(url), 1000);
+    };
+
+    app.on("second-instance", (_, argv: string[]) => {
+        // Someone tried to run a second instance, we should focus our window.
+        if (mainWindow) {
+            mainWindow.show();
+            if (mainWindow.isMinimized()) mainWindow.restore();
+            mainWindow.focus();
+        }
+        // On Windows and Linux, this is how we get deeplinks.
+        // See: registerForEnteLinks
+        const url = argv.pop();
+        if (url) handleOpenURLEnsuringWindow(url);
+    });
+
+    // Emitted once, when Electron has finished initializing.
+    //
+    // Note that some Electron APIs can only be used after this event occurs.
+    void app.whenReady().then(() => {
+        void (async () => {
+            // Create window and prepare for the renderer.
+            mainWindow = createMainWindow();
+
+            // Setup IPC and streams.
+            const watcher = createWatcher(mainWindow);
+            attachIPCHandlers();
+            attachFSWatchIPCHandlers(watcher);
+            attachLogoutIPCHandler(watcher);
+            registerStreamProtocol();
+
+            // Configure the renderer's environment.
+            const webContents = mainWindow.webContents;
+            setDownloadPath(webContents);
+            allowExternalLinks(webContents);
+            allowAllCORSOrigins(webContents);
+
+            // Start loading the renderer.
+            void mainWindow.loadURL(rendererURL);
+
+            // Continue on with the rest of the startup sequence.
+            Menu.setApplicationMenu(await createApplicationMenu(mainWindow));
+            setupTrayItem(mainWindow);
+            setupAutoUpdater(mainWindow);
+
+            try {
+                await deleteLegacyDiskCacheDirIfExists();
+                await deleteLegacyKeysStoreIfExists();
+            } catch (e) {
+                // Log but otherwise ignore errors during non-critical startup
+                // actions.
+                log.error("Ignoring startup error", e);
+            }
+        })();
+    });
+
+    // This is a macOS only event. Show our window when the user activates the
+    // app, e.g. by clicking on its dock icon.
+    app.on("activate", () => mainWindow?.show());
+
+    app.on("before-quit", () => {
+        if (mainWindow) saveWindowBounds(mainWindow);
+        allowWindowClose();
+    });
+
+    // On macOS, this is how we get deeplinks. See: registerForEnteLinks
+    app.on("open-url", (_, url) => handleOpenURLEnsuringWindow(url));
+};
+
 /**
  * Log a standard startup banner.
  *
@@ -137,12 +234,41 @@ const registerPrivilegedSchemes = () => {
     ]);
 };
 
+/**
+ * Register a handler for deeplinks, for the "ente://" protocol.
+ *
+ * See: [Note: Passkey verification in the desktop app].
+ *
+ * Implementation notes:
+ * -   https://www.electronjs.org/docs/latest/tutorial/launch-app-from-url-in-another-app
+ * -   This works only when the app is packaged.
+ * -   On Windows and Linux, we get the deeplink in the "second-instance" event.
+ * -   On macOS, we get the deeplink in the "open-url" event.
+ */
+const registerForEnteLinks = () => app.setAsDefaultProtocolClient("ente");
+
+/** Sibling of {@link registerForEnteLinks}. */
+const handleEnteLinks = (mainWindow: BrowserWindow, url: string) => {
+    // [Note: Using deeplinks to navigate in desktop app]
+    //
+    // Both
+    //
+    // - our deeplink protocol, and
+    // - the protocol we're using to serve/ our bundled web app
+    //
+    // use the same scheme ("ente://"), so the URL can directly be forwarded.
+    mainWindow.webContents.send("openURL", url);
+};
+
 /**
  * Create an return the {@link BrowserWindow} that will form our app's UI.
  *
  * This window will show the HTML served from {@link rendererURL}.
  */
 const createMainWindow = () => {
+    const icon = nativeImage.createFromPath(
+        path.join(isDev ? "build" : process.resourcesPath, "window-icon.png"),
+    );
     const bounds = windowBounds();
 
     // Create the main window. This'll show our web content.
@@ -151,12 +277,11 @@ const createMainWindow = () => {
             preload: path.join(__dirname, "preload.js"),
             sandbox: true,
         },
+        icon,
         // Set the window's position and size (if we have one saved).
         ...(bounds ?? {}),
         // Enforce a minimum size
         ...minimumWindowSize(),
-        // (Maybe) fix the dock icon on Linux.
-        ...windowIconOptions(),
         // The color to show in the window until the web content gets loaded.
         // See: https://www.electronjs.org/docs/latest/api/browser-window#setting-the-backgroundcolor-property
         backgroundColor: "black",
@@ -220,12 +345,27 @@ const createMainWindow = () => {
 };
 
 /**
- * The position and size of the window the last time it was closed.
+ * The position and size to use when showing the main window.
  *
- * The return value of `undefined` is taken to mean that the app's main window
- * should be maximized.
+ * The return value is `undefined` if the app's window was maximized the last
+ * time around, and so if we should restore it to the maximized state.
+ *
+ * Otherwise it returns the position and size of the window the last time the
+ * app quit.
+ *
+ * If there is no such saved value (or if it is the first time the user is
+ * running the app), return a default size.
  */
-const windowBounds = () => userPreferences.get("windowBounds");
+const windowBounds = () => {
+    if (userPreferences.get("isWindowMaximized")) return undefined;
+
+    const bounds = userPreferences.get("windowBounds");
+    if (bounds) return bounds;
+
+    // Default size. Picked arbitrarily as something that should look good on
+    // first launch. We don't provide a position to let Electron center the app.
+    return { width: 1170, height: 710 };
+};
 
 /**
  * If for some reason {@link windowBounds} is outside the screen's bounds (e.g.
@@ -233,10 +373,11 @@ const windowBounds = () => userPreferences.get("windowBounds");
  * bounds might not be appropriate.
  *
  * Luckily, if we try to set an x/y position that is outside the screen's
- * bounds, then Electron automatically clamps them to the screen's available
- * space, and we do not need to tackle it specifically.
+ * bounds, then Electron automatically clamps x + width and y + height to lie
+ * within the screen's available space, and we do not need to tackle such out of
+ * bounds cases specifically.
  *
- * However, there is no minimum window size the Electron enforces by default. As
+ * However there is no minimum window size the Electron enforces by default. As
  * a safety valve, provide an (arbitrary) minimum size so that the user can
  * resize it back to sanity if something I cannot currently anticipate happens.
  */
@@ -247,55 +388,13 @@ const minimumWindowSize = () => ({ minWidth: 200, minHeight: 200 });
  * details.
  */
 const saveWindowBounds = (window: BrowserWindow) => {
-    if (window.isMaximized()) userPreferences.delete("windowBounds");
-    else userPreferences.set("windowBounds", window.getBounds());
-};
-
-/**
- * On Linux the app does not show a dock icon by default, attempt to fix this by
- * returning the path to an icon as the "icon" property that can be passed to
- * the BrowserWindow during creation.
- */
-const windowIconOptions = () => {
-    if (process.platform != "linux") return {};
-
-    // There are two, possibly three, different issues with icons on Linux.
-    //
-    // Firstly, the AppImage itself doesn't show an icon. There does not seem to
-    // be a reasonable workaround either currently. See:
-    // https://github.com/AppImage/AppImageKit/issues/346
-    //
-    // Secondly, and this is the problem we're trying to fix here, when the app
-    // is started it does not show a dock icon (Ubuntu 22) or shows the generic
-    // gear icon (Ubuntu 24). The issue possibly exists on other distributions
-    // too.
-    //
-    // Electron provides a `BrowserWindow.setIcon` function which should solve
-    // our issue, we could call it selectively on Linux. There is also an
-    // apparently undocumented "icon" option that can be passed when creating a
-    // new BrowserWindow, and that is what most of the other code I saw on
-    // GitHub seems to be doing.
-    //
-    // However, try what I may, I can't get either of these to work. Which leads
-    // me to believe there is a third issue: I can't get it to work because I'm
-    // testing on an Ubuntu 24 VM, where this might just not be working:
-    // https://askubuntu.com/questions/1511534/ubuntu-24-04-skype-logo-on-the-dock-not-showing-skype-logo
-    //
-    // 24 isn't likely the year of the Linux desktop either.
-    //
-    // For now, I'm adding a very specific incantation taken from
-    // https://github.com/arduino/arduino-ide/blob/main/arduino-ide-extension/src/electron-main/fix-app-image-icon.ts
-    //
-    // Possibly all this specific naming of the file etc is superstition, and
-    // just any name would do as long as the path is correct, but let me try it
-    // this way and see if this gets the icon to appear on Ubuntu 22 etc.
-
-    const icon = path.join(
-        isDev ? "build" : process.resourcesPath,
-        "icons/512x512.png",
-    );
-
-    return { icon };
+    if (window.isMaximized()) {
+        userPreferences.set("isWindowMaximized", true);
+        userPreferences.delete("windowBounds");
+    } else {
+        userPreferences.delete("isWindowMaximized");
+        userPreferences.set("windowBounds", window.getBounds());
+    }
 };
 
 /**
@@ -464,79 +563,5 @@ const deleteLegacyKeysStoreIfExists = async () => {
     }
 };
 
-const main = () => {
-    const gotTheLock = app.requestSingleInstanceLock();
-    if (!gotTheLock) {
-        app.quit();
-        return;
-    }
-
-    let mainWindow: BrowserWindow | undefined;
-
-    initLogging();
-    logStartupBanner();
-    // The order of the next two calls is important
-    setupRendererServer();
-    registerPrivilegedSchemes();
-    migrateLegacyWatchStoreIfNeeded();
-
-    app.on("second-instance", () => {
-        // Someone tried to run a second instance, we should focus our window.
-        if (mainWindow) {
-            mainWindow.show();
-            if (mainWindow.isMinimized()) mainWindow.restore();
-            mainWindow.focus();
-        }
-    });
-
-    // Emitted once, when Electron has finished initializing.
-    //
-    // Note that some Electron APIs can only be used after this event occurs.
-    void app.whenReady().then(() => {
-        void (async () => {
-            // Create window and prepare for the renderer.
-            mainWindow = createMainWindow();
-
-            // Setup IPC and streams.
-            const watcher = createWatcher(mainWindow);
-            attachIPCHandlers();
-            attachFSWatchIPCHandlers(watcher);
-            attachLogoutIPCHandler(watcher);
-            registerStreamProtocol();
-
-            // Configure the renderer's environment.
-            const webContents = mainWindow.webContents;
-            setDownloadPath(webContents);
-            allowExternalLinks(webContents);
-            allowAllCORSOrigins(webContents);
-
-            // Start loading the renderer.
-            void mainWindow.loadURL(rendererURL);
-
-            // Continue on with the rest of the startup sequence.
-            Menu.setApplicationMenu(await createApplicationMenu(mainWindow));
-            setupTrayItem(mainWindow);
-            setupAutoUpdater(mainWindow);
-
-            try {
-                await deleteLegacyDiskCacheDirIfExists();
-                await deleteLegacyKeysStoreIfExists();
-            } catch (e) {
-                // Log but otherwise ignore errors during non-critical startup
-                // actions.
-                log.error("Ignoring startup error", e);
-            }
-        })();
-    });
-
-    // This is a macOS only event. Show our window when the user activates the
-    // app, e.g. by clicking on its dock icon.
-    app.on("activate", () => mainWindow?.show());
-
-    app.on("before-quit", () => {
-        if (mainWindow) saveWindowBounds(mainWindow);
-        allowWindowClose();
-    });
-};
-
+// Go for it.
 main();

desktop/src/main/ipc.ts

@@ -46,7 +46,12 @@ import {
     computeCLIPTextEmbeddingIfAvailable,
 } from "./services/ml-clip";
 import { computeFaceEmbeddings, detectFaces } from "./services/ml-face";
-import { encryptionKey, saveEncryptionKey } from "./services/store";
+import {
+    encryptionKey,
+    lastShownChangelogVersion,
+    saveEncryptionKey,
+    setLastShownChangelogVersion,
+} from "./services/store";
 import {
     clearPendingUploads,
     listZipItems,
@@ -101,11 +106,19 @@ export const attachIPCHandlers = () => {
 
     ipcMain.handle("selectDirectory", () => selectDirectory());
 
+    ipcMain.handle("encryptionKey", () => encryptionKey());
+
     ipcMain.handle("saveEncryptionKey", (_, encryptionKey: string) =>
         saveEncryptionKey(encryptionKey),
     );
 
-    ipcMain.handle("encryptionKey", () => encryptionKey());
+    ipcMain.handle("lastShownChangelogVersion", () =>
+        lastShownChangelogVersion(),
+    );
+
+    ipcMain.handle("setLastShownChangelogVersion", (_, version: number) =>
+        setLastShownChangelogVersion(version),
+    );
 
     // - App update
 

desktop/src/main/services/store.ts

@@ -1,12 +1,16 @@
 import { safeStorage } from "electron/main";
 import { safeStorageStore } from "../stores/safe-storage";
 import { uploadStatusStore } from "../stores/upload-status";
+import { userPreferences } from "../stores/user-preferences";
 import { watchStore } from "../stores/watch";
 
 /**
  * Clear all stores except user preferences.
  *
- * This is useful to reset state when the user logs out.
+ * This function is useful to reset state when the user logs out. User
+ * preferences are preserved since they contain things tied to the person using
+ * the app or other machine specific state not tied to the account they were
+ * using inside the app.
  */
 export const clearStores = () => {
     safeStorageStore.clear();
@@ -32,3 +36,9 @@ export const encryptionKey = (): string | undefined => {
     const keyBuffer = Buffer.from(b64EncryptedKey, "base64");
     return safeStorage.decryptString(keyBuffer);
 };
+
+export const lastShownChangelogVersion = (): number | undefined =>
+    userPreferences.get("lastShownChangelogVersion");
+
+export const setLastShownChangelogVersion = (version: number) =>
+    userPreferences.set("lastShownChangelogVersion", version);

desktop/src/main/services/watch.ts

@@ -23,6 +23,12 @@ export const createWatcher = (mainWindow: BrowserWindow) => {
     const folderPaths = folderWatches().map((watch) => watch.folderPath);
 
     const watcher = chokidar.watch(folderPaths, {
+        // Don't emit "add" events for matching paths when instantiating the
+        // watch (we do a full disk scan on launch on our own, and also getting
+        // the same events from the watcher causes duplicates).
+        ignoreInitial: true,
+        // Ask the watcher to wait for a the file size to stabilize before
+        // telling us about a new file. By default, it waits for 2 seconds.
         awaitWriteFinish: true,
     });
 

desktop/src/main/stores/user-preferences.ts

@@ -9,15 +9,19 @@ interface UserPreferences {
     hideDockIcon?: boolean;
     skipAppVersion?: string;
     muteUpdateNotificationVersion?: string;
+    /**
+     * The changelog version for which we last showed the "What's new" screen.
+     *
+     * See: [Note: Conditions for showing "What's new"]
+     */
+    lastShownChangelogVersion?: number;
     /**
      * The last position and size of our app's window.
      *
      * This value is saved when the app is about to quit, and is used to restore
-     * the window to the previous state when it restarts.
-     *
-     * If the user maximizes the window then this value is cleared and instead
-     * we just re-maximize the window on restart. This is also the behaviour if
-     * no previously saved `windowRect` is found.
+     * the window to the previous state when it restarts. It is only saved if
+     * the app is not maximized (when the app was maximized when it was being
+     * quit then {@link isWindowMaximized} will be set instead).
      */
     windowBounds?: {
         x: number;
@@ -25,12 +29,17 @@ interface UserPreferences {
         width: number;
         height: number;
     };
+    /**
+     * `true` if the app's main window is maximized the last time it was closed.
+     */
+    isWindowMaximized?: boolean;
 }
 
 const userPreferencesSchema: Schema<UserPreferences> = {
     hideDockIcon: { type: "boolean" },
     skipAppVersion: { type: "string" },
     muteUpdateNotificationVersion: { type: "string" },
+    lastShownChangelogVersion: { type: "number" },
     windowBounds: {
         properties: {
             x: { type: "number" },
@@ -39,6 +48,7 @@ const userPreferencesSchema: Schema<UserPreferences> = {
             height: { type: "number" },
         },
     },
+    isWindowMaximized: { type: "boolean" },
 };
 
 export const userPreferences = new Store({

desktop/src/preload.ts

@@ -72,15 +72,26 @@ const encryptionKey = () => ipcRenderer.invoke("encryptionKey");
 const saveEncryptionKey = (encryptionKey: string) =>
     ipcRenderer.invoke("saveEncryptionKey", encryptionKey);
 
-const onMainWindowFocus = (cb?: () => void) => {
+const lastShownChangelogVersion = () =>
+    ipcRenderer.invoke("lastShownChangelogVersion");
+
+const setLastShownChangelogVersion = (version: number) =>
+    ipcRenderer.invoke("setLastShownChangelogVersion", version);
+
+const onMainWindowFocus = (cb: (() => void) | undefined) => {
     ipcRenderer.removeAllListeners("mainWindowFocus");
     if (cb) ipcRenderer.on("mainWindowFocus", cb);
 };
 
+const onOpenURL = (cb: ((url: string) => void) | undefined) => {
+    ipcRenderer.removeAllListeners("openURL");
+    if (cb) ipcRenderer.on("openURL", (_, url: string) => cb(url));
+};
+
 // - App update
 
 const onAppUpdateAvailable = (
-    cb?: ((update: AppUpdate) => void) | undefined,
+    cb: ((update: AppUpdate) => void) | undefined,
 ) => {
     ipcRenderer.removeAllListeners("appUpdateAvailable");
     if (cb) {
@@ -306,7 +317,10 @@ contextBridge.exposeInMainWorld("electron", {
     logout,
     encryptionKey,
     saveEncryptionKey,
+    lastShownChangelogVersion,
+    setLastShownChangelogVersion,
     onMainWindowFocus,
+    onOpenURL,
 
     // - App update
 

docs/README.md

@@ -44,7 +44,8 @@ yarn dev
 For an editor, VSCode is a good choice. Also install the Prettier extension for
 VSCode, and set VSCode to format on save. This way the editor will automatically
 format and wrap the text using the project's standard, so you can just focus on
-the content.
+the content. You can also format without VSCode by using the `yarn pretty`
+command.
 
 ## Have fun!
 

docs/docs/.vitepress/sidebar.ts

@@ -44,6 +44,10 @@ export const sidebar = [
                         link: "/photos/features/location-tags",
                     },
                     { text: "Map", link: "/photos/features/map" },
+                    {
+                        text: "Passkeys",
+                        link: "/photos/features/passkeys",
+                    },
                     {
                         text: "Public link",
                         link: "/photos/features/public-link",
@@ -167,6 +171,10 @@ export const sidebar = [
                         text: "From Steam",
                         link: "/auth/migration-guides/steam/",
                     },
+                    {
+                        text: "From others",
+                        link: "/auth/migration-guides/import",
+                    },
                     {
                         text: "Exporting your data",
                         link: "/auth/migration-guides/export",

docs/docs/auth/migration-guides/import.md

@@ -0,0 +1,39 @@
+---
+title: Migrating from other providers
+description:
+    Guide for importing your existing 2FA tokens into Ente Auth from other
+    providers
+---
+
+# Migrating from other providers
+
+---
+
+Ente Auth natively supports imports from many 2FA providers. In addition to the
+providers specifically listed in the documentation, the supported providers are:
+
+-   2FAS Authenticator
+-   Aegis Authenticator
+-   Bitwarden
+-   Google Authenticator
+-   Ravio OTP
+-   LastPass
+
+Details as to how codes may be imported from these providers may be found within
+the app.
+
+> [!NOTE]
+>
+> Please note that this list may be out of sync, please see the app for the
+> latest set of supported providers.
+
+Ente Auth also supports imports from Auth's own encrypted exports and plain text
+files. Plain text files must be in the following format:
+
+`otpauth://totp/provider.com:you@email.com?secret=YOUR_SECRET`
+
+The codes can be seperated by a comma or a new line.
+
+So if your provider is not specifically listed, you might be still able to
+import from them by first converting the data from your old provider into these
+plaintext files and then importing those into Ente.

docs/docs/auth/migration-guides/index.md

@@ -8,4 +8,5 @@ description:
 
 -   [Migrating from Authy](authy/)
 -   [Importing codes from Steam](steam/)
+-   [Migrating from other apps](import)
 -   [Exporting your data out of Ente Auth](export)

docs/docs/photos/faq/security-and-privacy.md

@@ -87,3 +87,16 @@ Yes, Ente Photos has undergone a thorough security audit conducted by Cure53, in
 collaboration with Symbolic Software. Cure53 is a prominent German cybersecurity
 firm, while Symbolic Software specializes in applied cryptography. Please find
 the full report here: https://ente.io/blog/cryptography-audit/
+
+## How can I delete my account?
+
+You can delete your account at any time by using the "Delete account" option in
+the settings. For security reasons, we request you to delete your account on
+your own instead of contacting support to ask them to delete your account.
+
+Note that both Ente photos and Ente auth data will be deleted when you delete
+your account (irrespective of which app you delete it from) since both photos
+and auth use the same underlying account.
+
+To know details of how your data is deleted, including when you delete your
+account, please see https://ente.io/blog/how-ente-deletes-data/.

docs/docs/photos/features/passkeys.md

@@ -0,0 +1,62 @@
+---
+title: Passkeys
+description: Using passkeys as a second factor for your Ente account
+---
+
+# Passkeys
+
+> [!CAUTION]
+>
+> This is preview documentation for an upcoming feature. This feature has not
+> yet been released yet, so the steps below will not work currently.
+
+Passkeys are a new authentication mechanism that uses strong cryptography built
+into devices, like Windows Hello or Apple's Touch ID. **You can use passkeys as
+a second factor to secure your Ente account.**
+
+> [!TIP]
+>
+> Passkeys are the colloquial term for a WebAuthn (Web Authentication)
+> credentials. To know more technical details about how our passkey verification
+> works, you can see this
+> [technical note in our source code](https://github.com/ente-io/ente/blob/main/web/docs/webauthn-passkeys.md).
+
+## Passkeys and TOTP
+
+Ente already supports TOTP codes (in fact, we built an
+[entire app](https://ente.io/auth/) to store them...). Passkeys serve as an
+alternative 2FA (second factor) mechanism.
+
+If you add a passkey to your Ente account, it will be used instead of any
+existing 2FA codes that you have configured (if any).
+
+## Enabling and disabling passkeys
+
+Passkeys get enabled if you add one (or more) passkeys to your account.
+Conversely, passkeys get disabled if you remove all your existing passkeys.
+
+To add and remove passkeys, use the _Passkey_ option in the settings menu. This
+will open up _accounts.ente.io_, where you can manage your passkeys.
+
+## Login with passkeys
+
+If passkeys are enabled, then _accounts.ente.io_ will automatically open when
+you log into your Ente account on a new device. Here you can follow the
+instructions given by the browser to verify your passkey.
+
+> These instructions different for each browser and device, but generally they
+> will ask you to use the same mechanism that you used when you created the
+> passkey to verify it (scanning a QR code, using your fingerprint, pressing the
+> key on your Yubikey or other security key hardware etc).
+
+## Recovery
+
+If you are unable to login with your passkey (e.g. if you have misplaced the
+hardware key that you used to store your passkey), then you can **recover your
+account by using your Ente recovery key**.
+
+During login, press cancel on the browser dialog to verify your passkey, and
+then select the "Recover two-factor" option in the error message that gets
+shown. This will take you to a place where you can enter your Ente recovery key
+and login into your account. Now you can go to the _Passkey_ page to delete the
+lost passkey and/or add a new one.

docs/docs/photos/troubleshooting/desktop-install/index.md

@@ -9,6 +9,9 @@ The latest version of the Ente Photos desktop app can be downloaded from
 [ente.io/download](https://ente.io/download). If you're having trouble, please
 see if any of the following cases apply.
 
+-   [Windows](#windows)
+-   [Linux](#linux)
+
 ## Windows
 
 If the app stops with an "A JavaScript error occurred in the main process - The
@@ -22,7 +25,26 @@ This is what the error looks like:
 You can install the Microsoft VC++ redistributable runtime from here:<br/>
 https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170#latest-microsoft-visual-c-redistributable-version
 
-## AppImages on ARM64 Linux
+## Linux
+
+### AppImage desktop integration
+
+AppImages are not fully standalone, and they require additional steps to enable
+full "desktop integration":
+
+-   Showing the app icon,
+-   Surfacing the app in the list of installed apps,
+-   Handling redirection after passkey verification.
+
+All the ways of enabling AppImage desktop integration are mentioned in
+[AppImage documentation](https://docs.appimage.org/user-guide/run-appimages.html#integrating-appimages-into-the-desktop).
+
+For example, you can download the
+[appimaged](https://github.com/probonopd/go-appimage/releases) AppImage, run it,
+and then download the Ente Photos AppImage into your `~/Downloads` folder.
+_appimaged_ will then pick it up automatically.
+
+### AppImages on ARM64
 
 If you're on an ARM64 machine running Linux, and the AppImages doesn't do
 anything when you run it, you will need to run the following command on your
@@ -42,7 +64,7 @@ details, see the following upstream issues:
 -   libz.so: cannot open shared object file with Ubuntu arm64 -
     [electron-userland/electron-builder/issues/7835](https://github.com/electron-userland/electron-builder/issues/7835)
 
-## AppImage says it requires FUSE
+### AppImage says it requires FUSE
 
 See
 [docs.appimage.org](https://docs.appimage.org/user-guide/troubleshooting/fuse.html#the-appimage-tells-me-it-needs-fuse-to-run).
@@ -53,7 +75,7 @@ tl;dr; for example, on Ubuntu,
 sudo apt install libfuse2
 ```
 
-## Linux SUID error
+### Linux SUID error
 
 On some Linux distributions, if you run the AppImage from the CLI, it might fail
 with the following error:

docs/docs/self-hosting/faq/sharing.md

@@ -57,3 +57,48 @@ apps:
 (For more details, see
 [local.yaml](https://github.com/ente-io/ente/blob/main/server/configurations/local.yaml)
 in the server's source code).
+
+## Dockerfile example
+
+Here is an example of a Dockerfile by @Dylanger on our community Discord. This
+runs a standalone self-hosted version of the public albums app in production
+mode.
+
+```Dockerfile
+FROM node:20-alpine as builder
+
+WORKDIR /app
+COPY . .
+
+ARG NEXT_PUBLIC_ENTE_ENDPOINT=https://your.ente.example.org
+ARG NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT=https://your.albums.example.org
+
+RUN yarn install && yarn build
+
+FROM node:20-alpine
+
+WORKDIR /app
+COPY --from=builder /app/apps/photos/out .
+
+RUN npm install -g serve
+
+ENV PORT=3000
+EXPOSE ${PORT}
+
+CMD serve -s . -l tcp://0.0.0.0:${PORT}
+```
+
+Note that this only runs the public albums app, but the same principle can be
+used to run both the normal Ente photos app and the public albums app. There is
+a slightly more involved example showing how to do this also provided by in a
+community contributed guide about
+[configuring external S3](/self-hosting/guides/external-s3).
+
+You will also want to tell museum about your custom shared albums endpoint so
+that it uses that instead of the default URL when creating share links. You can
+configure that in museum's `config.yaml`:
+
+```
+apps:
+    public-albums: https://your.albums.example.org
+```

docs/docs/self-hosting/guides/external-s3.md

@@ -213,6 +213,8 @@ ENTE_INTERNAL_HARDCODED-OTT_LOCAL-DOMAIN-VALUE=123456
 # it can be changed later
 ENDPOINT=http://localhost:8080
 ALBUMS_ENDPOINT=http://localhost:8082
+# This is used to generate sharable URLs
+ENTE_APPS_PUBLIC-ALBUMS=http://localhost:8082
 ```
 
 ## 3. Run `docker-compose up`

infra/staff/.env

@@ -0,0 +1,9 @@
+# This is a sample .env file. The env vars defined here can be used to configure
+# the app.
+#
+# For local development, create a new file named `.env.local` and add the
+# variables you need there instead of uncommenting them below.
+#
+# For documentation about the variables, see `src/vite-env.d.ts`.
+
+# VITE_ENTE_API_ORIGIN = http://localhost:8080

infra/staff/.eslintrc.cjs

@@ -0,0 +1,37 @@
+/* eslint-env node */
+module.exports = {
+    root: true,
+    extends: [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/strict-type-checked",
+        "plugin:@typescript-eslint/stylistic-type-checked",
+        "plugin:react/recommended",
+        "plugin:react-hooks/recommended",
+        "plugin:react/jsx-runtime",
+    ],
+    plugins: ["@typescript-eslint", "react-refresh"],
+    parserOptions: { project: true },
+    parser: "@typescript-eslint/parser",
+    ignorePatterns: [".eslintrc.cjs", "vite.config.ts", "dist"],
+    settings: { react: { version: "18.2" } },
+    rules: {
+        /* Allow numbers to be used in template literals */
+        "@typescript-eslint/restrict-template-expressions": [
+            "error",
+            {
+                allowNumber: true,
+            },
+        ],
+        /* Allow void expressions as the entire body of an arrow function */
+        "@typescript-eslint/no-confusing-void-expression": [
+            "error",
+            {
+                ignoreArrowShorthand: true,
+            },
+        ],
+        "react-refresh/only-export-components": [
+            "warn",
+            { allowConstantExport: true },
+        ],
+    },
+};

infra/staff/.gitignore

@@ -0,0 +1,17 @@
+# Node
+node_modules/
+
+# macOS
+.DS_Store
+
+# Editors
+.vscode/
+
+# Local env files
+.env*.local
+
+# tsc
+*.tsbuildinfo
+
+# Vite
+dist

infra/staff/.prettierrc.json

@@ -0,0 +1,8 @@
+{
+    "tabWidth": 4,
+    "proseWrap": "always",
+    "plugins": [
+        "prettier-plugin-organize-imports",
+        "prettier-plugin-packagejson"
+    ]
+}

infra/staff/README.md

@@ -0,0 +1,19 @@
+## Staff dashboard
+
+Web app for staff members to help with support and other administration.
+
+### Development
+
+Use `yarn dev` to run a local dev server with hot reload.
+
+> [!TIP]
+>
+> See [web/docs/new.md](../../web/docs/new.md) for help in setting up your
+> editor to do the formatting and linting. You can also run the formatter and
+> linter manually using `yarn lint`, and `yarn lint-fix` to fix them. These
+> commands automatically run on every PR.
+
+### Deployment
+
+The app gets redeployed whenever a PR is merged into main. See
+[web/docs/deploy.md](../../web/docs/deploy.md) for more details.

infra/staff/package.json

@@ -0,0 +1,35 @@
+{
+    "name": "staff",
+    "version": "0.0.0",
+    "private": true,
+    "type": "module",
+    "scripts": {
+        "build": "tsc && vite build",
+        "dev": "vite",
+        "lint": "yarn prettier --check --log-level warn . && yarn eslint . && yarn tsc",
+        "lint-fix": "yarn prettier --write --log-level warn . && yarn eslint --fix . && yarn tsc",
+        "preview": "vite preview"
+    },
+    "dependencies": {
+        "react": "^18",
+        "react-dom": "^18",
+        "zod": "^3"
+    },
+    "devDependencies": {
+        "@types/react": "^18",
+        "@types/react-dom": "^18",
+        "@typescript-eslint/eslint-plugin": "^7",
+        "@typescript-eslint/parser": "^7",
+        "@vitejs/plugin-react": "^4.2",
+        "eslint": "^8",
+        "eslint-plugin-react": "^7.34",
+        "eslint-plugin-react-hooks": "^4.6",
+        "eslint-plugin-react-refresh": "^0.4.7",
+        "prettier": "^3",
+        "prettier-plugin-organize-imports": "^3.2",
+        "prettier-plugin-packagejson": "^2.5",
+        "typescript": "^5",
+        "vite": "^5.2"
+    },
+    "packageManager": "yarn@1.22.21"
+}

infra/staff/src/App.tsx

@@ -0,0 +1,224 @@
+import React, { useEffect, useState } from "react";
+import { apiOrigin } from "./services/support";
+import S from "./utils/strings";
+
+export const App: React.FC = () => {
+    const [token, setToken] = useState("");
+    const [email, setEmail] = useState("");
+    const [userData, setUserData] = useState<any>(null);
+    const [error, setError] = useState<string | null>(null);
+
+    useEffect(() => {
+        const storedToken = localStorage.getItem("token");
+        if (storedToken) {
+            setToken(storedToken);
+        }
+    }, []);
+
+    useEffect(() => {
+        if (token) {
+            localStorage.setItem("token", token);
+        } else {
+            localStorage.removeItem("token");
+        }
+    }, [token]);
+
+    const fetchData = async () => {
+        try {
+            const url = `${apiOrigin}/admin/user?email=${email}&token=${token}`;
+            const response = await fetch(url);
+            if (!response.ok) {
+                throw new Error("Network response was not ok");
+            }
+            const userData = await response.json();
+            console.log("API Response:", userData);
+            setUserData(userData);
+            setError(null);
+        } catch (error) {
+            console.error("Error fetching data:", error);
+            setError((error as Error).message);
+        }
+    };
+
+    const renderAttributes = (data: any) => {
+        if (!data) return null;
+
+        let nullAttributes: string[] = [];
+
+        const rows = Object.entries(data).map(([key, value]) => {
+            console.log("Processing key:", key, "value:", value);
+
+            if (
+                typeof value === "object" &&
+                value !== null &&
+                !Array.isArray(value)
+            ) {
+                return (
+                    <React.Fragment key={key}>
+                        <tr>
+                            <td
+                                colSpan={2}
+                                style={{
+                                    fontWeight: "bold",
+                                    backgroundColor: "#f1f1f1",
+                                    padding: "10px",
+                                }}
+                            >
+                                {key.toUpperCase()}
+                            </td>
+                        </tr>
+                        {renderAttributes(value)}
+                    </React.Fragment>
+                );
+            } else {
+                if (value === null) {
+                    nullAttributes.push(key);
+                }
+
+                let displayValue: React.ReactNode;
+                if (key === "expiryTime" && typeof value === "number") {
+                    displayValue = new Date(value / 1000).toLocaleString();
+                } else if (
+                    key === "creationTime" &&
+                    typeof value === "number"
+                ) {
+                    displayValue = new Date(value / 1000).toLocaleString();
+                } else if (key === "storage" && typeof value === "number") {
+                    displayValue = `${(value / 1024 ** 3).toFixed(2)} GB`;
+                } else if (typeof value === "string") {
+                    try {
+                        const parsedValue = JSON.parse(value);
+                        displayValue = parsedValue;
+                    } catch (error) {
+                        displayValue = value;
+                    }
+                } else if (value === null) {
+                    displayValue = "null";
+                } else if (typeof value !== "undefined") {
+                    displayValue = value.toString();
+                } else {
+                    displayValue = "undefined";
+                }
+
+                return (
+                    <tr key={key}>
+                        <td
+                            style={{
+                                padding: "10px",
+                                border: "1px solid #ddd",
+                            }}
+                        >
+                            {key}
+                        </td>
+                        <td
+                            style={{
+                                padding: "10px",
+                                border: "1px solid #ddd",
+                            }}
+                        >
+                            {displayValue}
+                        </td>
+                    </tr>
+                );
+            }
+        });
+
+        console.log("Attributes with null values:", nullAttributes);
+
+        return rows;
+    };
+
+    return (
+        <div className="container center-table">
+            <h1>{S.hello}</h1>
+
+            <form className="input-form">
+                <div className="input-group">
+                    <label>
+                        Token:
+                        <input
+                            type="text"
+                            value={token}
+                            onChange={(e) => setToken(e.target.value)}
+                            style={{
+                                padding: "10px",
+                                margin: "10px",
+                                width: "100%",
+                            }}
+                        />
+                    </label>
+                </div>
+                <div className="input-group">
+                    <label>
+                        Email id:
+                        <input
+                            type="text"
+                            value={email}
+                            onChange={(e) => setEmail(e.target.value)}
+                            style={{
+                                padding: "10px",
+                                margin: "10px",
+                                width: "100%",
+                            }}
+                        />
+                    </label>
+                </div>
+            </form>
+            <div className="fetch-button">
+                <button
+                    onClick={fetchData}
+                    style={{
+                        padding: "10px 20px",
+                        fontSize: "16px",
+                        cursor: "pointer",
+                        backgroundColor: "#009879",
+                        color: "white",
+                        border: "none",
+                        borderRadius: "5px",
+                    }}
+                >
+                    FETCH
+                </button>
+            </div>
+            <br />
+            {error && <p style={{ color: "red" }}>{`Error: ${error}`}</p>}
+            {userData && (
+                <table
+                    style={{
+                        width: "100%",
+                        borderCollapse: "collapse",
+                        margin: "20px 0",
+                        fontSize: "1em",
+                        minWidth: "400px",
+                        boxShadow: "0 0 20px rgba(0, 0, 0, 0.15)",
+                    }}
+                >
+                    <tbody>
+                        {Object.keys(userData).map((category) => (
+                            <React.Fragment key={category}>
+                                <tr>
+                                    <td
+                                        colSpan={2}
+                                        style={{
+                                            fontWeight: "bold",
+                                            backgroundColor: "#f1f1f1",
+                                            padding: "10px",
+                                        }}
+                                    >
+                                        {category.toUpperCase()}
+                                    </td>
+                                </tr>
+                                {renderAttributes(userData[category])}
+                            </React.Fragment>
+                        ))}
+                    </tbody>
+                </table>
+            )}
+            <footer className="footer">
+                <p>
+                    <a href="https://help.ente.io">help.ente.io</a>
+                </p>
+            </footer>
+        </div>
+    );
+};

infra/staff/src/services/support.ts

@@ -1,6 +1,6 @@
 import { z } from "zod";
 
-const apiOrigin = import.meta.env.VITE_ENTE_ENDPOINT ?? "https://api.ente.io";
+export const apiOrigin = import.meta.env.VITE_ENTE_API_ORIGIN ?? "https://api.ente.io";
 
 const UserDetails = z.object({}).passthrough();