Aegis import + bump version (#207)

got rid of "there is" because i forgot to delete that for some reason when editing my guide before publishing it

.github/workflows/ci.yml

@@ -41,7 +41,7 @@ jobs:
 
             # Build independent apk.
             - name: Build
-              run: flutter build apk --release --flavor independent && mv build/app/outputs/flutter-apk/app-independent-release.apk build/app/outputs/flutter-apk/ente-auth.apk
+              run: flutter build apk --release --flavor independent --dart-define=app.flavor=independent && mv build/app/outputs/flutter-apk/app-independent-release.apk build/app/outputs/flutter-apk/ente-auth.apk
               env:
                   SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
                   SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
@@ -50,7 +50,7 @@ jobs:
 
             # Build Play store aab.
             - name: Build
-              run: flutter build appbundle --release --flavor playstore
+              run: flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
               env:
                   SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
                   SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}

.gitmodules

@@ -6,3 +6,6 @@
 	path = flutter
 	url = https://github.com/flutter/flutter.git
 	branch = stable
+[submodule "assets/simple-icons"]
+	path = assets/simple-icons
+	url = https://github.com/simple-icons/simple-icons.git

README.md

@@ -101,6 +101,14 @@ For maintainers, there is [additional documentation](RELEASES.md) on
 automatically publishing the main branch to App store, Play store and GitHub
 releases.
 
+## 🙂 Icons
+
+ente Auth supports the icon pack provided by
+[simple-icons](https://github.com/simple-icons/simple-icons).
+
+If you would like to add your own custom icon, please create a pull-request with
+an SVG for your service that matches the contents within `assets/custom-icons`.
+
 ## 🙋‍♂️ Support
 
 If you need help, please reach out to support@ente.io, and a human will get in

analysis_options.yaml

@@ -48,4 +48,5 @@ analyzer:
     avoid_renaming_method_parameters: ignore # incorrect warnings for `equals` overrides
 
   exclude:
-    - thirdparty/**
+    - thirdparty/**
+    - flutter/**

assets/build/.last_build_id

@@ -0,0 +1 @@
+f23611a675a8c9bc71eb16e8a1108cf8

assets/custom-icons/_data/custom-icons.json

@@ -0,0 +1,8 @@
+{
+    "icons": [
+        {
+            "title": "ente",
+            "hex": "1DB954"
+        }
+    ]
+}

assets/custom-icons/icons/ente.svg

@@ -0,0 +1,3 @@
+<svg width="8" height="8" viewBox="0 0 8 8" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M4.06803 7.096C3.33203 7.096 2.68403 6.952 2.12403 6.664C1.57203 6.376 1.14403 5.984 0.840033 5.488C0.536033 4.984 0.384033 4.412 0.384033 3.772C0.384033 3.124 0.532033 2.552 0.828033 2.056C1.13203 1.552 1.54403 1.16 2.06403 0.879997C2.58403 0.591998 3.17203 0.447998 3.82803 0.447998C4.46003 0.447998 5.02803 0.583998 5.53203 0.855998C6.04403 1.12 6.44803 1.504 6.74403 2.008C7.04003 2.504 7.18803 3.1 7.18803 3.796C7.18803 3.868 7.18403 3.952 7.17603 4.048C7.16803 4.136 7.16003 4.22 7.15203 4.3H1.90803V3.208H6.16803L5.44803 3.532C5.44803 3.196 5.38003 2.904 5.24403 2.656C5.10803 2.408 4.92003 2.216 4.68003 2.08C4.44003 1.936 4.16003 1.864 3.84003 1.864C3.52003 1.864 3.23603 1.936 2.98803 2.08C2.74803 2.216 2.56003 2.412 2.42403 2.668C2.28803 2.916 2.22003 3.212 2.22003 3.556V3.844C2.22003 4.196 2.29603 4.508 2.44803 4.78C2.60803 5.044 2.82803 5.248 3.10803 5.392C3.39603 5.528 3.73203 5.596 4.11603 5.596C4.46003 5.596 4.76003 5.544 5.01603 5.44C5.28003 5.336 5.52003 5.18 5.73603 4.972L6.73203 6.052C6.43603 6.388 6.06403 6.648 5.61603 6.832C5.16803 7.008 4.65203 7.096 4.06803 7.096Z" fill="black" style="fill:black;fill:black;fill-opacity:1;"/>
+</svg>

ios/Podfile.lock

@@ -94,7 +94,7 @@ PODS:
   - shared_preferences_foundation (0.0.1):
     - Flutter
     - FlutterMacOS
-  - sqflite (0.0.2):
+  - sqflite (0.0.3):
     - Flutter
     - FMDB (>= 2.7.5)
   - SwiftyGif (5.4.4)
@@ -207,7 +207,7 @@ SPEC CHECKSUMS:
   flutter_native_splash: 52501b97d1c0a5f898d687f1646226c1f93c56ef
   flutter_secure_storage: 23fc622d89d073675f2eaa109381aefbcf5a49be
   flutter_sodium: c84426b4de738514b5b66cfdeb8a06634e72fe0b
-  fluttertoast: eb263d302cc92e04176c053d2385237e9f43fad0
+  fluttertoast: fafc4fa4d01a6a9e4f772ecd190ffa525e9e2d9c
   FMDB: 2ce00b547f966261cd18927a3ddb07cb6f3db82a
   local_auth_ios: c6cf091ded637a88f24f86a8875d8b0f526e2605
   move_to_background: 39a5b79b26d577b0372cbe8a8c55e7aa9fcd3a2d
@@ -215,19 +215,19 @@ SPEC CHECKSUMS:
   open_filex: 6e26e659846ec990262224a12ef1c528bb4edbe4
   OrderedSet: aaeb196f7fef5a9edf55d89760da9176ad40b93c
   package_info_plus: 6c92f08e1f853dc01228d6f553146438dafcd14e
-  path_provider_foundation: 37748e03f12783f9de2cb2c4eadfaa25fe6d4852
+  path_provider_foundation: 29f094ae23ebbca9d3d0cec13889cd9060c0e943
   qr_code_scanner: bb67d64904c3b9658ada8c402e8b4d406d5d796e
   Reachability: 33e18b67625424e47b6cde6d202dce689ad7af96
   SDWebImage: 9bec4c5cdd9579e1f57104735ee0c37df274d593
   Sentry: 4c9babff9034785067c896fd580b1f7de44da020
-  sentry_flutter: b10ae7a5ddcbc7f04648eeb2672b5747230172f1
+  sentry_flutter: 1346a880b24c0240807b53b10cf50ddad40f504e
   share_plus: 056a1e8ac890df3e33cb503afffaf1e9b4fbae68
-  shared_preferences_foundation: 297b3ebca31b34ec92be11acd7fb0ba932c822ca
-  sqflite: 6d358c025f5b867b29ed92fc697fd34924e11904
+  shared_preferences_foundation: 5b919d13b803cadd15ed2dc053125c68730e5126
+  sqflite: 31f7eba61e3074736dff8807a9b41581e4f7f15a
   SwiftyGif: 93a1cc87bf3a51916001cf8f3d63835fb64c819f
   Toast: 91b396c56ee72a5790816f40d3a94dd357abc196
   uni_links: d97da20c7701486ba192624d99bffaaffcfc298a
-  url_launcher_ios: ae1517e5e344f5544fb090b079e11f399dfbe4d2
+  url_launcher_ios: 08a3dfac5fb39e8759aeb0abbd5d9480f30fc8b4
 
 PODFILE CHECKSUM: b4e3a7eabb03395b66e81fc061789f61526ee6bb
 

lib/app/view/app.dart

@@ -12,6 +12,7 @@ import "package:ente_auth/l10n/l10n.dart";
 import 'package:ente_auth/locale.dart';
 import "package:ente_auth/onboarding/view/onboarding_page.dart";
 import 'package:ente_auth/services/update_service.dart';
+import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/home_page.dart';
 import 'package:ente_auth/ui/settings/app_update_dialog.dart';
 import 'package:flutter/foundation.dart';
@@ -49,6 +50,7 @@ class _AppState extends State<App> {
       }
     });
     _signedInEvent = Bus.instance.on<SignedInEvent>().listen((event) {
+      UserService.instance.getUserDetailsV2().ignore();
       if (mounted) {
         setState(() {});
       }

lib/core/configuration.dart

@@ -4,7 +4,6 @@ import 'dart:typed_data';
 
 import 'package:bip39/bip39.dart' as bip39;
 import 'package:ente_auth/core/constants.dart';
-import 'package:ente_auth/core/errors.dart';
 import 'package:ente_auth/core/event_bus.dart';
 import 'package:ente_auth/events/signed_in_event.dart';
 import 'package:ente_auth/events/signed_out_event.dart';
@@ -18,6 +17,7 @@ import 'package:flutter_sodium/flutter_sodium.dart';
 import 'package:logging/logging.dart';
 import 'package:path_provider/path_provider.dart';
 import 'package:shared_preferences/shared_preferences.dart';
+import 'package:tuple/tuple.dart';
 
 class Configuration {
   Configuration._privateConstructor();
@@ -146,6 +146,7 @@ class Configuration {
       utf8.encode(password) as Uint8List,
       kekSalt,
     );
+    final loginKey = await CryptoUtil.deriveLoginKey(derivedKeyResult.key);
 
     // Encrypt the key with this derived key
     final encryptedKeyData =
@@ -175,10 +176,11 @@ class Configuration {
       Sodium.bin2hex(recoveryKey),
       Sodium.bin2base64(keyPair.sk),
     );
-    return KeyGenResult(attributes, privateAttributes);
+    return KeyGenResult(attributes, privateAttributes, loginKey);
   }
 
-  Future<KeyAttributes> updatePassword(String password) async {
+
+  Future<Tuple2<KeyAttributes, Uint8List>> getAttributesForNewPassword(String password) async {
     // Get master key
     final masterKey = getKey();
 
@@ -189,6 +191,7 @@ class Configuration {
       utf8.encode(password) as Uint8List,
       kekSalt,
     );
+    final loginKey = await CryptoUtil.deriveLoginKey(derivedKeyResult.key);
 
     // Encrypt the key with this derived key
     final encryptedKeyData =
@@ -196,42 +199,41 @@ class Configuration {
 
     final existingAttributes = getKeyAttributes();
 
-    return existingAttributes!.copyWith(
+    final updatedAttributes = existingAttributes!.copyWith(
       kekSalt: Sodium.bin2base64(kekSalt),
       encryptedKey: Sodium.bin2base64(encryptedKeyData.encryptedData!),
       keyDecryptionNonce: Sodium.bin2base64(encryptedKeyData.nonce!),
       memLimit: derivedKeyResult.memLimit,
       opsLimit: derivedKeyResult.opsLimit,
     );
+    return Tuple2(updatedAttributes, loginKey);
   }
 
-  Future<void> decryptAndSaveSecrets(
+  // decryptSecretsAndGetLoginKey decrypts the master key and recovery key
+  // with the given password and save them in local secure storage.
+  // This method also returns the keyEncKey that can be used for performing
+  // SRP setup for existing users.
+  Future<Uint8List> decryptSecretsAndGetKeyEncKey(
     String password,
     KeyAttributes attributes,
+  {
+    Uint8List? keyEncryptionKey,
+  }
   ) async {
     _logger.info('Start decryptAndSaveSecrets');
-    // validatePreVerificationStateCheck(
-    //   attributes,
-    //   password,
-    //   getEncryptedToken(),
-    // );
-    _logger.info('state validation done');
-    final kek = await CryptoUtil.deriveKey(
-      utf8.encode(password) as Uint8List,
-      Sodium.base642bin(attributes.kekSalt),
-      attributes.memLimit,
-      attributes.opsLimit,
-    ).onError((e, s) {
-      _logger.severe('deriveKey failed', e, s);
-      throw KeyDerivationError();
-    });
+    keyEncryptionKey ??= await CryptoUtil.deriveKey(
+        utf8.encode(password) as Uint8List,
+        Sodium.base642bin(attributes.kekSalt),
+        attributes.memLimit,
+        attributes.opsLimit,
+      );
 
     _logger.info('user-key done');
     Uint8List key;
     try {
       key = CryptoUtil.decryptSync(
         Sodium.base642bin(attributes.encryptedKey),
-        kek,
+        keyEncryptionKey,
         Sodium.base642bin(attributes.keyDecryptionNonce),
       );
     } catch (e) {
@@ -256,6 +258,7 @@ class Configuration {
     await setToken(
       Sodium.bin2base64(token, variant: Sodium.base64VariantUrlsafe),
     );
+    return keyEncryptionKey;
   }
 
   Future<void> recover(String recoveryKey) async {
@@ -306,6 +309,10 @@ class Configuration {
     return _cachedToken;
   }
 
+  bool isLoggedIn() {
+    return getToken() != null;
+  }
+
   Future<void> setToken(String token) async {
     _cachedToken = token;
     await _preferences.setString(tokenKey, token);
@@ -413,7 +420,7 @@ class Configuration {
     final keyAttributes = getKeyAttributes()!;
     return CryptoUtil.decryptSync(
       Sodium.base642bin(keyAttributes.recoveryKeyEncryptedWithMasterKey),
-      getKey(),
+      getKey()!,
       Sodium.base642bin(keyAttributes.recoveryKeyDecryptionNonce),
     );
   }

lib/core/constants.dart

@@ -7,6 +7,7 @@ const String sentryDSN =
     "https://ed4ddd6309b847ba8849935e26e9b648@sentry.ente.io/9";
 const String sentryTunnel = "https://sentry-reporter.ente.io";
 const String roadmapURL = "https://roadmap.ente.io";
+const String githubIssuesUrl = "https://github.com/ente-io/auth/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc";
 const int microSecondsInDay = 86400000000;
 const int android11SDKINT = 30;
 const int galleryLoadStartTime = -8000000000000000; // Wednesday, March 6, 1748

lib/core/errors.dart

@@ -41,4 +41,6 @@ class InvalidStateError extends AssertionError {
 
 class KeyDerivationError extends Error {}
 
+class SrpSetupNotCompleteError extends Error {}
+
 class AuthenticatorKeyNotFound extends Error {}

lib/core/network.dart

@@ -1,18 +1,29 @@
 import 'dart:io';
 
 import 'package:dio/dio.dart';
+import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/core/constants.dart';
 import 'package:fk_user_agent/fk_user_agent.dart';
+import 'package:flutter/foundation.dart';
 import 'package:package_info_plus/package_info_plus.dart';
+import 'package:shared_preferences/shared_preferences.dart';
 import 'package:uuid/uuid.dart';
 
 int kConnectTimeout = 15000;
 
 class Network {
+  // apiEndpoint points to the Ente server's API endpoint
+  static const apiEndpoint = String.fromEnvironment(
+    "endpoint",
+    defaultValue: kDefaultProductionEndpoint,
+  );
   late Dio _dio;
+  late Dio _enteDio;
 
   Future<void> init() async {
     await FkUserAgent.init();
     final packageInfo = await PackageInfo.fromPlatform();
+    final preferences = await SharedPreferences.getInstance();
     _dio = Dio(
       BaseOptions(
         connectTimeout: kConnectTimeout,
@@ -24,6 +35,18 @@ class Network {
       ),
     );
     _dio.interceptors.add(RequestIdInterceptor());
+    _enteDio = Dio(
+      BaseOptions(
+        baseUrl: apiEndpoint,
+        connectTimeout: kConnectTimeout,
+        headers: {
+          HttpHeaders.userAgentHeader: FkUserAgent.userAgent,
+          'X-Client-Version': packageInfo.version,
+          'X-Client-Package': packageInfo.packageName,
+        },
+      ),
+    );
+    _enteDio.interceptors.add(EnteRequestInterceptor(preferences, apiEndpoint));
   }
 
   Network._privateConstructor();
@@ -31,6 +54,7 @@ class Network {
   static Network instance = Network._privateConstructor();
 
   Dio getDio() => _dio;
+  Dio get enteDio => _enteDio;
 }
 
 class RequestIdInterceptor extends Interceptor {
@@ -41,3 +65,27 @@ class RequestIdInterceptor extends Interceptor {
     return super.onRequest(options, handler);
   }
 }
+
+class EnteRequestInterceptor extends Interceptor {
+  final SharedPreferences _preferences;
+  final String enteEndpoint;
+
+  EnteRequestInterceptor(this._preferences, this.enteEndpoint);
+
+  @override
+  void onRequest(RequestOptions options, RequestInterceptorHandler handler) {
+    if (kDebugMode) {
+      assert(
+      options.baseUrl == enteEndpoint,
+      "interceptor should only be used for API endpoint",
+      );
+    }
+    // ignore: prefer_const_constructors
+    options.headers.putIfAbsent("x-request-id", () => Uuid().v4().toString());
+    final String? tokenValue = _preferences.getString(Configuration.tokenKey);
+    if (tokenValue != null) {
+      options.headers.putIfAbsent("X-Auth-Token", () => tokenValue);
+    }
+    return super.onRequest(options, handler);
+  }
+}

lib/l10n/arb/app_de.arb

@@ -11,6 +11,10 @@
   "importScanQrCode": "Scannen eines QR-Codes",
   "importEnterSetupKey": "Einen Setup-Schlüssel eingeben",
   "importAccountPageTitle": "Kontodaten eingeben",
+  "secretCanNotBeEmpty": "Geheimnis darf nicht leer sein",
+  "bothIssuerAndAccountCanNotBeEmpty": "Sowohl Aussteller als auch Konto können nicht leer sein",
+  "incorrectDetails": "Falsche Angaben",
+  "pleaseVerifyDetails": "Überprüfe die Angaben und versuche es erneut",
   "codeIssuerHint": "Aussteller",
   "codeSecretKeyHint": "Geheimer Schlüssel",
   "codeAccountHint": "Konto (you@domain.com)",

lib/l10n/arb/app_en.arb

@@ -1,4 +1,3 @@
-
 {
   "account": "Account",
   "recoveryKey": "Recovery key",
@@ -10,14 +9,15 @@
   "onBoardingGetStarted": "Get Started",
   "setupFirstAccount": "Setup your first account",
   "importScanQrCode": "Scan a QR Code",
+  "qrCode": "QR Code",
   "importEnterSetupKey": "Enter a setup key",
   "importAccountPageTitle": "Enter account details",
   "secretCanNotBeEmpty": "Secret can not be empty",
   "bothIssuerAndAccountCanNotBeEmpty": "Both issuer and account can not be empty",
-  "incorrectDetails" :"Incorrect details",
+  "incorrectDetails": "Incorrect details",
   "pleaseVerifyDetails": "Please verify the details and try again",
   "codeIssuerHint": "Issuer",
-  "codeSecretKeyHint" : "Secret Key",
+  "codeSecretKeyHint": "Secret Key",
   "codeAccountHint": "Account (you@domain.com)",
   "accountKeyType": "Type of key",
   "sessionExpired": "Session expired",
@@ -25,7 +25,7 @@
     "description": "Title of the dialog when the users current session is invalid/expired"
   },
   "pleaseLoginAgain": "Please login again",
-  "loggingOut" : "Logging out...",
+  "loggingOut": "Logging out...",
   "timeBasedKeyType": "Time based (TOTP)",
   "counterBasedKeyType": "Counter based (HOTP)",
   "saveAction": "Save",
@@ -58,6 +58,9 @@
     }
   },
   "contactSupport": "Contact support",
+  "rateUsOnStore" : "Rate us on {storeName}",
+  "blog": "Blog",
+  "merchandise": "Merchandise",
   "verifyPassword": "Verify password",
   "pleaseWait": "Please wait...",
   "generatingEncryptionKeysTitle": "Generating encryption keys...",
@@ -67,16 +70,29 @@
   "incorrectPasswordTitle": "Incorrect password",
   "welcomeBack": "Welcome back!",
   "madeWithLoveAtPrefix": "made with ❤️ at ",
-  "supportDevs" : "Subscribe to <bold-green>ente</bold-green> to support this project.",
-  "supportDiscount" : "Use coupon code \"AUTH\" to get 10% off first year",
+  "supportDevs": "Subscribe to <bold-green>ente</bold-green> to support this project.",
+  "supportDiscount": "Use coupon code \"AUTH\" to get 10% off first year",
   "changeEmail": "Change email",
   "changePassword": "Change password",
-  "data" : "Data",
+  "data": "Data",
   "importCodes": "Import codes",
+  "importTypePlainText": "Plain text",
+  "importTypeEnteEncrypted": "ente Encrypted export",
+  "passwordForDecryptingExport": "Password to decrypt export",
+  "passwordEmptyError": "Password can not be empty",
+  "importFromApp": "Import codes from {appName}",
+  "importGoogleAuthGuide": "Export your accounts from Google Authenticator to a QR code using the \"Transfer Accounts\" option. Then using another device, scan the QR code.\n\nTip: You can use your laptop's webcam to take a picture of the QR code.",
+  "importSelectJsonFile": "Select JSON file",
+  "importEnteEncGuide": "Select the encrypted JSON file exported from ente",
+  "importRaivoGuide": "Use the \"Export OTPs to Zip archive\" option in Raivo's Settings.\n\nExtract the zip file and import the JSON file.",
+  "importAegisGuide": "Use the \"Export the vault\" option in Aegis's Settings.\n\nIf your vault is encrypted, you will need to enter vault password to decrypt the vault.",
   "exportCodes": "Export codes",
+  "importLabel": "Import",
   "importInstruction": "Please select a file that contains a list of your codes in the following format",
   "importCodeDelimiterInfo": "The codes can be separated by a comma or a new line",
   "selectFile": "Select file",
+  "emailVerificationToggle": "Email verification",
+  "authToChangeEmailVerificationSetting": "Please authenticate to change email verification",
   "authToViewYourRecoveryKey": "Please authenticate to view your recovery key",
   "authToChangeYourEmail": "Please authenticate to change your email",
   "authToChangeYourPassword": "Please authenticate to change your password",
@@ -90,11 +106,23 @@
   "copied": "Copied",
   "pleaseTryAgain": "Please try again",
   "existingUser": "Existing User",
-  "newUser" : "New to ente",
+  "newUser": "New to ente",
   "delete": "Delete",
   "enterYourPasswordHint": "Enter your password",
   "forgotPassword": "Forgot password",
   "oops": "Oops",
+  "suggestFeatures": "Suggest features",
+  "faq": "FAQ",
+  "faq_q_1": "How secure is ente Auth?",
+  "faq_a_1": "All codes you backup via ente is stored end-to-end encrypted. This means only you can access your codes. Our apps are open source and our cryptography has been externally audited.",
+  "faq_q_2": "Can I access my codes on desktop?",
+  "faq_a_2": "You can access your codes on the web @ auth.ente.io.",
+  "faq_q_3": "How can I delete codes?",
+  "faq_a_3": "You can delete a code by swiping left on that item.",
+  "faq_q_4": "How can I support this project?",
+  "faq_a_4": "You can support the development of this project by subscribing to our Photos app @ ente.io.",
+  "faq_q_5": "How can I enable FaceID lock in ente Auth",
+  "faq_a_5": "You can enable FaceID lock under Settings → Security → Lockscreen.",
   "somethingWentWrongMessage": "Something went wrong, please try again",
   "leaveFamily": "Leave family",
   "leaveFamilyMessage": "Are you sure that you want to leave the family plan?",
@@ -110,7 +138,7 @@
   "recoverAccount": "Recover account",
   "enterRecoveryKeyHint": "Enter your recovery key",
   "recover": "Recover",
-  "contactSupportViaEmailMessage":"Please drop an email to {email} from your registered email address",
+  "contactSupportViaEmailMessage": "Please drop an email to {email} from your registered email address",
   "@contactSupportViaEmailMessage": {
     "placeholders": {
       "email": {
@@ -161,6 +189,7 @@
   "recoveryKeySaveDescription": "We don't store this key, please save this 24 word key in a safe place.",
   "doThisLater": "Do this later",
   "saveKey": "Save key",
+  "back": "Back",
   "createAccount": "Create account",
   "passwordStrength": "Password strength: {passwordStrengthValue}",
   "@passwordStrength": {
@@ -175,7 +204,7 @@
     "message": "Password Strength: {passwordStrengthText}"
   },
   "password": "Password",
-  "signUpTerms" : "I agree to the <u-terms>terms of service</u-terms> and <u-policy>privacy policy</u-policy>",
+  "signUpTerms": "I agree to the <u-terms>terms of service</u-terms> and <u-policy>privacy policy</u-policy>",
   "privacyPolicyTitle": "Privacy Policy",
   "termsOfServicesTitle": "Terms",
   "encryption": "Encryption",
@@ -228,14 +257,14 @@
   "youAreOnTheLatestVersion": "You are on the latest version",
   "warning": "Warning",
   "exportWarningDesc": "The exported file contains sensitive information. Please store this safely.",
-  "iUnderStand" : "I understand",
+  "iUnderStand": "I understand",
   "@iUnderStand": {
     "description": "Text for the button to confirm the user understands the warning"
   },
   "authToExportCodes": "Please authenticate to export your codes",
   "importSuccessTitle": "Yay!",
   "importSuccessDesc": "You have imported {count} codes!",
-  "@importSuccessDesc" : {
+  "@importSuccessDesc": {
     "placeholders": {
       "count": {
         "description": "The number of codes imported",
@@ -244,9 +273,9 @@
       }
     }
   },
-  "sorry" : "Sorry",
+  "sorry": "Sorry",
   "importFailureDesc": "Could not parse the selected file.\nPlease write to support@ente.io if you need help!",
-  "pendingSyncs" : "Warning",
+  "pendingSyncs": "Warning",
   "pendingSyncsWarningBody": "Some of your codes have not been backed up.\n\nPlease ensure that you have a backup for these codes before you logout.",
   "checkInboxAndSpamFolder": "Please check your inbox (and spam) to complete verification",
   "tapToEnterCode": "Tap to enter code",
@@ -268,5 +297,24 @@
   "thisWillLogYouOutOfTheFollowingDevice": "This will log you out of the following device:",
   "terminateSession": "Terminate session?",
   "terminate": "Terminate",
-  "thisDevice": "This device"
+  "thisDevice": "This device",
+  "toResetVerifyEmail": "To reset your password, please verify your email first.",
+  "thisEmailIsAlreadyInUse": "This email is already in use",
+  "verificationFailedPleaseTryAgain": "Verification failed, please try again",
+  "yourVerificationCodeHasExpired": "Your verification code has expired",
+  "incorrectCode": "Incorrect code",
+  "sorryTheCodeYouveEnteredIsIncorrect": "Sorry, the code you've entered is incorrect",
+  "emailChangedTo": "Email changed to {newEmail}",
+  "authenticationFailedPleaseTryAgain": "Authentication failed, please try again",
+  "authenticationSuccessful": "Authentication successful!",
+  "twofactorAuthenticationSuccessfullyReset": "Two-factor authentication successfully reset",
+  "incorrectRecoveryKey": "Incorrect recovery key",
+  "theRecoveryKeyYouEnteredIsIncorrect": "The recovery key you entered is incorrect",
+  "enterPassword": "Enter password",
+  "selectExportFormat": "Select export format",
+  "exportDialogDesc": "Encrypted exports will be protected by a password of your choice.",
+  "encrypted": "Encrypted",
+  "plainText": "Plain text",
+  "passwordToEncryptExport": "Password to encrypt export",
+  "export": "Export"
 }

lib/l10n/arb/app_it.arb

@@ -9,8 +9,13 @@
   "onBoardingGetStarted": "Per iniziare",
   "setupFirstAccount": "Configura il tuo primo account",
   "importScanQrCode": "Scansiona un codice QR",
+  "qrCode": "Codice QR",
   "importEnterSetupKey": "Inserisci il codice segreto",
   "importAccountPageTitle": "Inserisci i dettagli del tuo account",
+  "secretCanNotBeEmpty": "La chiave segreta è obbligatoria",
+  "bothIssuerAndAccountCanNotBeEmpty": "Sia l'emittente che l'account sono obbligatori",
+  "incorrectDetails": "Dettagli errati",
+  "pleaseVerifyDetails": "Verifica i dettagli e riprova",
   "codeIssuerHint": "Emittente",
   "codeSecretKeyHint": "Codice segreto",
   "codeAccountHint": "Account (username@dominio.it)",
@@ -53,6 +58,9 @@
     }
   },
   "contactSupport": "Contatta il supporto",
+  "rateUsOnStore": "Valutaci su {storeName}",
+  "blog": "Blog",
+  "merchandise": "Prodotti",
   "verifyPassword": "Verifica la password",
   "pleaseWait": "Attendere prego...",
   "generatingEncryptionKeysTitle": "Generazione delle chiavi di crittografia...",
@@ -68,10 +76,22 @@
   "changePassword": "Cambia password",
   "data": "Dati",
   "importCodes": "Importa codici",
+  "importTypePlainText": "Testo in chiaro",
+  "importTypeEnteEncrypted": "ente Esportazione criptata",
+  "passwordForDecryptingExport": "Password per decriptare il file esportato",
+  "passwordEmptyError": "La password è obbligatoria",
+  "importFromApp": "Importa codici da {appName}",
+  "importGoogleAuthGuide": "Esporta i tuoi account da Google Authenticator in un codice QR utilizzando l'opzione \"Trasferisci Account\". Quindi, usando un altro dispositivo, scansiona il codice QR.\n\nSuggerimento: Puoi usare la webcam del tuo computer portatile per scattare una foto del codice QR.",
+  "importSelectJsonFile": "Seleziona file JSON",
+  "importEnteEncGuide": "Seleziona il file JSON criptato esportato da ente",
+  "importRaivoGuide": "Utilizza l'opzione \"Esporta i codici OTP in archivio Zip\" nelle impostazioni di Raivo.\n\nEstrai il file zip e importa il file JSON.",
   "exportCodes": "Esporta codici",
+  "importLabel": "Importa",
   "importInstruction": "Per favore seleziona un file contenente una lista dei tuoi codici nel seguente formato",
   "importCodeDelimiterInfo": "I codici possono essere separati da una virgola o da una nuova riga",
   "selectFile": "Seleziona file",
+  "emailVerificationToggle": "Verifica Email",
+  "authToChangeEmailVerificationSetting": "Autenticati per cambiare la verifica email",
   "authToViewYourRecoveryKey": "Autenticati per visualizzare la tua chiave di recupero",
   "authToChangeYourEmail": "Autenticati per cambiare la tua email",
   "authToChangeYourPassword": "Autenticati per cambiare la tua password",
@@ -90,6 +110,18 @@
   "enterYourPasswordHint": "Inserisci la tua password",
   "forgotPassword": "Password dimenticata",
   "oops": "Oops",
+  "suggestFeatures": "Suggerisci funzionalità",
+  "faq": "FAQ",
+  "faq_q_1": "Quanto è sicuro ente Auth?",
+  "faq_a_1": "Tutti i codici di cui fai il backup tramite ente sono memorizzati con crittografia end-to-end. Ciò significa che solo tu puoi accedere ai tuoi codici. Le nostre app sono open source e la nostra crittografia è stata verificata esternamente.",
+  "faq_q_2": "Posso accedere ai miei codici sul desktop?",
+  "faq_a_2": "Puoi accedere ai tuoi codici sul web @ auth.ente.io.",
+  "faq_q_3": "Come posso cancellare i codici?",
+  "faq_a_3": "Puoi eliminare un codice scorrendo il dito a sinistra sul codice in questione.",
+  "faq_q_4": "Come posso supportare questo progetto?",
+  "faq_a_4": "Puoi supportare lo sviluppo di questo progetto abbonandoti alla nostra app Photos @ ente.io.",
+  "faq_q_5": "Come posso abilitare il blocco FaceID in ente Auth",
+  "faq_a_5": "Puoi abilitare il blocco FaceID in Impostazioni → Sicurezza → Schermata di blocco.",
   "somethingWentWrongMessage": "Qualcosa è andato storto, per favore riprova",
   "leaveFamily": "Abbandona il piano famiglia",
   "leaveFamilyMessage": "Sei sicuro di voler uscire dal piano famiglia?",
@@ -156,6 +188,7 @@
   "recoveryKeySaveDescription": "Non memorizziamo questa chiave, per favore salva questa chiave di 24 parole in un posto sicuro.",
   "doThisLater": "Fallo più tardi",
   "saveKey": "Salva chiave",
+  "back": "Indietro",
   "createAccount": "Crea account",
   "passwordStrength": "Forza password: {passwordStrengthValue}",
   "@passwordStrength": {
@@ -263,5 +296,24 @@
   "thisWillLogYouOutOfTheFollowingDevice": "Questo ti disconnetterà dal seguente dispositivo:",
   "terminateSession": "Termina sessione?",
   "terminate": "Termina",
-  "thisDevice": "Questo dispositivo"
+  "thisDevice": "Questo dispositivo",
+  "toResetVerifyEmail": "Per reimpostare la tua password, prima verifica la tua email.",
+  "thisEmailIsAlreadyInUse": "Questa email é già in uso",
+  "verificationFailedPleaseTryAgain": "Verifica fallita, per favore riprova",
+  "yourVerificationCodeHasExpired": "Il tuo codice di verifica è scaduto",
+  "incorrectCode": "Codice errato",
+  "sorryTheCodeYouveEnteredIsIncorrect": "Spiacenti, il codice che hai inserito non è corretto",
+  "emailChangedTo": "Email modificata in {newEmail}",
+  "authenticationFailedPleaseTryAgain": "Autenticazione non riuscita, riprova",
+  "authenticationSuccessful": "Autenticazione riuscita!",
+  "twofactorAuthenticationSuccessfullyReset": "Autenticazione a due fattori ripristinata con successo",
+  "incorrectRecoveryKey": "Chiave di recupero errata",
+  "theRecoveryKeyYouEnteredIsIncorrect": "La chiave di recupero che hai inserito non è corretta",
+  "enterPassword": "Inserisci la password",
+  "selectExportFormat": "Seleziona formato di esportazione",
+  "exportDialogDesc": "Le esportazioni criptate saranno protette da una password a tua scelta.",
+  "encrypted": "Criptato",
+  "plainText": "Testo in chiaro",
+  "passwordToEncryptExport": "Password per criptare il file esportato",
+  "export": "Esporta"
 }

lib/l10n/arb/app_nl.arb

@@ -9,8 +9,13 @@
   "onBoardingGetStarted": "Begin",
   "setupFirstAccount": "Maak je account aan",
   "importScanQrCode": "Scan een QR-code",
+  "qrCode": "QR Code",
   "importEnterSetupKey": "Voer een toegangssleutel in",
   "importAccountPageTitle": "Accountgegevens invoeren",
+  "secretCanNotBeEmpty": "Geheime code mag niet leeg zijn",
+  "bothIssuerAndAccountCanNotBeEmpty": "Uitgever en account kunnen niet beiden leeg zijn",
+  "incorrectDetails": "Onjuiste gegevens",
+  "pleaseVerifyDetails": "Controleer je gegevens en probeer het nog eens",
   "codeIssuerHint": "Uitgever",
   "codeSecretKeyHint": "Geheime sleutel",
   "codeAccountHint": "Account (jij@domein.nl)",
@@ -53,6 +58,9 @@
     }
   },
   "contactSupport": "Klantenservice",
+  "rateUsOnStore": "Beoordeel ons op {storeName}",
+  "blog": "Blog",
+  "merchandise": "Merchandise",
   "verifyPassword": "Bevestig wachtwoord",
   "pleaseWait": "Een ogenblik geduld...",
   "generatingEncryptionKeysTitle": "Encryptiesleutels genereren...",
@@ -68,10 +76,22 @@
   "changePassword": "Wachtwoord wijzigen",
   "data": "Gegevens",
   "importCodes": "Codes importeren",
+  "importTypePlainText": "Kale tekst",
+  "importTypeEnteEncrypted": "ente versleutelde export",
+  "passwordForDecryptingExport": "Wachtwoord voor het decoderen van export",
+  "passwordEmptyError": "Wachtwoord kan niet leeg zijn",
+  "importFromApp": "Importeer codes van {appName}",
+  "importGoogleAuthGuide": "Exporteer uw accounts van Google Authenticator naar een QR-code met behulp van de optie \"Transfer Accounts\". Met een ander apparaat scan je de QR-code.\n\nTip: Je kunt de webcam van je laptop gebruiken om een foto van de QR-code te maken.",
+  "importSelectJsonFile": "Selecteer JSON bestand",
+  "importEnteEncGuide": "Selecteer het versleutelde JSON-bestand dat vanuit ente geëxporteerd is",
+  "importRaivoGuide": "Gebruik de optie \"Export OTPs to Zip archive\" in Raivo's instellingen.\n\nPak het zip-bestand uit en importeer het JSON-bestand.",
   "exportCodes": "Codes exporteren",
+  "importLabel": "Importeren",
   "importInstruction": "Selecteer een bestand dat een lijst van uw codes in de volgende indeling bevat",
   "importCodeDelimiterInfo": "De codes mogen gescheiden worden door een komma of een nieuwe regel",
   "selectFile": "Bestand selecteren",
+  "emailVerificationToggle": "E-mailverificatie",
+  "authToChangeEmailVerificationSetting": "Gelieve te verifiëren om de e-mailverificatie te wijzigen",
   "authToViewYourRecoveryKey": "Graag verifiëren om uw herstelsleutel te bekijken",
   "authToChangeYourEmail": "Graag verifiëren om je e-mailadres te wijzigen",
   "authToChangeYourPassword": "Graag verifiëren om je wachtwoord te wijzigen",
@@ -90,6 +110,18 @@
   "enterYourPasswordHint": "Voer je wachtwoord in",
   "forgotPassword": "Wachtwoord vergeten",
   "oops": "Oeps",
+  "suggestFeatures": "Features voorstellen",
+  "faq": "Veelgestelde vragen",
+  "faq_q_1": "Hoe veilig is ente Auth?",
+  "faq_a_1": "Alle codes in ente zijn versleuteld opgeslagen met end-to-end encryptie. Dit betekent dat alleen jij toegang hebt tot je codes. Onze apps zijn open source en onze cryptografie is extern gecontroleerd.",
+  "faq_q_2": "Kan ik toegang krijgen tot mijn codes op desktop?",
+  "faq_a_2": "U heeft toegang tot uw codes op het web @ auth.ente.io.",
+  "faq_q_3": "Hoe kan ik codes verwijderen?",
+  "faq_a_3": "Je kunt een code verwijderen door naar links te vegen op dat item.",
+  "faq_q_4": "Hoe kan ik dit project steunen?",
+  "faq_a_4": "U kunt de ontwikkeling van dit project steunen door u te abonneren op onze Photos app @ ente.io.",
+  "faq_q_5": "Hoe kan ik FaceID lock inschakelen in ente Auth",
+  "faq_a_5": "Je kunt FaceID vergrendelen onder Instellingen → Beveiliging → Lockscreen.",
   "somethingWentWrongMessage": "Er is iets fout gegaan, probeer het opnieuw",
   "leaveFamily": "Familie verlaten",
   "leaveFamilyMessage": "Weet je zeker dat je het familie-plan wil verlaten?",
@@ -156,6 +188,7 @@
   "recoveryKeySaveDescription": "We slaan deze code niet op, bewaar deze code met 24 woorden op een veilige plaats.",
   "doThisLater": "Doe dit later",
   "saveKey": "Sleutel opslaan",
+  "back": "Terug",
   "createAccount": "Account aanmaken",
   "passwordStrength": "Wachtwoord sterkte: {passwordStrengthValue}",
   "@passwordStrength": {
@@ -263,5 +296,24 @@
   "thisWillLogYouOutOfTheFollowingDevice": "Dit zal je uitloggen van het volgende apparaat:",
   "terminateSession": "Sessie beëindigen?",
   "terminate": "Beëindigen",
-  "thisDevice": "Dit apparaat"
+  "thisDevice": "Dit apparaat",
+  "toResetVerifyEmail": "Verifieer eerst je e-mailadres om je wachtwoord opnieuw in te stellen.",
+  "thisEmailIsAlreadyInUse": "Dit e-mailadres is al in gebruik",
+  "verificationFailedPleaseTryAgain": "Verificatie mislukt, probeer het opnieuw",
+  "yourVerificationCodeHasExpired": "Uw verificatiecode is verlopen",
+  "incorrectCode": "Onjuiste code",
+  "sorryTheCodeYouveEnteredIsIncorrect": "Sorry, de ingevoerde code is onjuist",
+  "emailChangedTo": "E-mailadres gewijzigd naar {newEmail}",
+  "authenticationFailedPleaseTryAgain": "Verificatie mislukt, probeer het opnieuw",
+  "authenticationSuccessful": "Verificatie geslaagd!",
+  "twofactorAuthenticationSuccessfullyReset": "Tweestapsverificatie succesvol gereset",
+  "incorrectRecoveryKey": "Onjuiste herstelsleutel",
+  "theRecoveryKeyYouEnteredIsIncorrect": "De ingevoerde herstelsleutel is onjuist",
+  "enterPassword": "Voer wachtwoord in",
+  "selectExportFormat": "Selecteer export formaat",
+  "exportDialogDesc": "Versleutelde exports worden beschermd door een wachtwoord van uw keuze.",
+  "encrypted": "Versleuteld",
+  "plainText": "Kale tekst",
+  "passwordToEncryptExport": "Wachtwoord voor het versleutelen van export",
+  "export": "Exporteren"
 }

lib/l10n/arb/app_ru.arb

@@ -9,8 +9,13 @@
   "onBoardingGetStarted": "Начать",
   "setupFirstAccount": "Настройте свой первый аккаунт",
   "importScanQrCode": "Сканировать QR-код",
-  "importEnterSetupKey": "Введите ключ установки",
+  "qrCode": "QR-код",
+  "importEnterSetupKey": "Ввести ключ настройки",
   "importAccountPageTitle": "Введите данные аккаунта",
+  "secretCanNotBeEmpty": "Секретный код не может быть пустым",
+  "bothIssuerAndAccountCanNotBeEmpty": "И эмитент, и аккаунт не могут быть пустыми",
+  "incorrectDetails": "Неправильные данные",
+  "pleaseVerifyDetails": "Пожалуйста, проверьте детали и попробуйте еще раз",
   "codeIssuerHint": "Эмитент",
   "codeSecretKeyHint": "Секретный ключ",
   "codeAccountHint": "Аккаунт (you@domain.com)",
@@ -53,6 +58,9 @@
     }
   },
   "contactSupport": "Связаться с поддержкой",
+  "rateUsOnStore": "Оценить нас на {storeName}",
+  "blog": "Блог",
+  "merchandise": "Товары",
   "verifyPassword": "Подтверждение пароля",
   "pleaseWait": "Пожалуйста, подождите...",
   "generatingEncryptionKeysTitle": "Генерируем ключи шифрования...",
@@ -64,14 +72,26 @@
   "madeWithLoveAtPrefix": "сделана с ❤️ в ",
   "supportDevs": "Подпишитесь на <bold-green>ente</bold-green> для поддержки этого проекта.",
   "supportDiscount": "Используйте код скидки \"AUTH\", чтобы получить скидку 10% в первый год",
-  "changeEmail": "изменить почту",
+  "changeEmail": "Изменить почту",
   "changePassword": "Изменить пароль",
   "data": "Данные",
   "importCodes": "Импортировать коды",
+  "importTypePlainText": "Обычный текст",
+  "importTypeEnteEncrypted": "ente Зашифрованный экспорт",
+  "passwordForDecryptingExport": "Пароль для расшифровки экспорта",
+  "passwordEmptyError": "Пароль не может быть пустым",
+  "importFromApp": "Импорт кодов из {appName}",
+  "importGoogleAuthGuide": "Экспортируйте учетные записи из Google Authenticator в QR-код, используя опцию «Перенести учетные записи». Затем с помощью другого устройства отсканируйте QR-код.\n\nСовет: Чтобы сфотографировать QR-код, можно воспользоваться веб-камерой ноутбука.",
+  "importSelectJsonFile": "Выбрать JSON-файл",
+  "importEnteEncGuide": "Выберите зашифрованный JSON-файл, экспортированный из ente",
+  "importRaivoGuide": "Используйте опцию «Export OTPs to Zip archive» в настройках Raivo.\n\nРаспакуйте zip-архив и импортируйте JSON-файл.",
   "exportCodes": "Экспортировать коды",
+  "importLabel": "Импорт",
   "importInstruction": "Пожалуйста, выберите файл, содержащий список ваших кодов в следующем формате",
   "importCodeDelimiterInfo": "Коды могут быть разделены запятой или новой строкой",
-  "selectFile": "Выберите файл",
+  "selectFile": "Выбрать файл",
+  "emailVerificationToggle": "Подтверждение электронной почты",
+  "authToChangeEmailVerificationSetting": "Авторизуйтесь, чтобы изменить подтверждение электронной почты",
   "authToViewYourRecoveryKey": "Пожалуйста, авторизуйтесь для просмотра вашего ключа восстановления",
   "authToChangeYourEmail": "Пожалуйста, авторизуйтесь, чтобы изменить адрес электронной почты",
   "authToChangeYourPassword": "Пожалуйста, авторизуйтесь, чтобы изменить пароль",
@@ -90,6 +110,18 @@
   "enterYourPasswordHint": "Введите пароль",
   "forgotPassword": "Забыл пароль",
   "oops": "Ой",
+  "suggestFeatures": "Предложить улучшения",
+  "faq": "FAQ",
+  "faq_q_1": "Насколько безопасен ente Auth?",
+  "faq_a_1": "Все коды, которые вы резервируете с помощью ente, хранятся в зашифрованном виде. Это означает, что только вы можете получить доступ к своим кодам. Наши приложения имеют открытый исходный код, а наша криптография прошла внешний аудит.",
+  "faq_q_2": "Могу ли я получить доступ к моим кодам на компьютере?",
+  "faq_a_2": "Вы можете получить доступ к своим кодам на сайте @ auth.ente.io.",
+  "faq_q_3": "Как я могу удалить коды?",
+  "faq_a_3": "Вы можете удалить код, проведя пальцем влево по этому элементу.",
+  "faq_q_4": "Как я могу поддержать этот проект?",
+  "faq_a_4": "Вы можете поддержать развитие этого проекта, подписавшись на наше приложение Photos @ ente.io.",
+  "faq_q_5": "Как мне включить блокировку FaceID в ente Auth?",
+  "faq_a_5": "Вы можете включить блокировку FaceID в Настройки → Безопасность → Экран блокировки.",
   "somethingWentWrongMessage": "Что-то пошло не так. Попробуйте еще раз",
   "leaveFamily": "Покинуть семью",
   "leaveFamilyMessage": "Вы уверены, что хотите отказаться от семейного плана?",
@@ -156,6 +188,7 @@
   "recoveryKeySaveDescription": "Мы не храним этот ключ, пожалуйста, сохраните этот ключ в безопасном месте.",
   "doThisLater": "Сделать позже",
   "saveKey": "Сохранить ключ",
+  "back": "Вернуться",
   "createAccount": "Создать аккаунт",
   "passwordStrength": "Мощность пароля: {passwordStrengthValue}",
   "@passwordStrength": {
@@ -263,5 +296,24 @@
   "thisWillLogYouOutOfTheFollowingDevice": "Вы выйдете из списка следующих устройств:",
   "terminateSession": "Завершить сеанс?",
   "terminate": "Завершить",
-  "thisDevice": "Это устройство"
+  "thisDevice": "Это устройство",
+  "toResetVerifyEmail": "Чтобы сбросить пароль, сначала подтвердите свой адрес электронной почты.",
+  "thisEmailIsAlreadyInUse": "Этот адрес электронной почты уже используется",
+  "verificationFailedPleaseTryAgain": "Проверка не удалась, попробуйте еще раз",
+  "yourVerificationCodeHasExpired": "Срок действия вашего проверочного кода истек",
+  "incorrectCode": "Неверный код",
+  "sorryTheCodeYouveEnteredIsIncorrect": "Извините, введенный вами код неверный",
+  "emailChangedTo": "Адрес электронной почты изменен на {newEmail}",
+  "authenticationFailedPleaseTryAgain": "Аутентификация не удалась, попробуйте еще раз",
+  "authenticationSuccessful": "Аутентификация прошла успешно!",
+  "twofactorAuthenticationSuccessfullyReset": "Двухфакторная аутентификация успешно сброшена",
+  "incorrectRecoveryKey": "Неправильный ключ восстановления",
+  "theRecoveryKeyYouEnteredIsIncorrect": "Введен неправильный ключ восстановления",
+  "enterPassword": "Введите пароль",
+  "selectExportFormat": "Выбрать формат экспорта",
+  "exportDialogDesc": "Зашифрованные экспортированные данные будут защищены паролем, который вы выберете.",
+  "encrypted": "Зашифрованный",
+  "plainText": "Обычный текст",
+  "passwordToEncryptExport": "Пароль для шифрования экспорта",
+  "export": "Экспорт"
 }

lib/l10n/arb/app_tr.arb

@@ -9,8 +9,11 @@
   "onBoardingGetStarted": "Başlayın",
   "setupFirstAccount": "İlk hesabınızı ekleyin",
   "importScanQrCode": "Karekodu tara",
+  "qrCode": "QR Kodu",
   "importEnterSetupKey": "Kurulum anahtarını giriniz",
   "importAccountPageTitle": "Hesap bilgilerinizi girin",
+  "incorrectDetails": "Bilgiler yanlış",
+  "pleaseVerifyDetails": "Lütfen bilgileri doğrulayın ve tekrar deneyin",
   "codeIssuerHint": "Yayınlayan",
   "codeSecretKeyHint": "Gizli Anahtar",
   "codeAccountHint": "Hesap (örnek@domain.com)",
@@ -24,7 +27,7 @@
   "timeBasedKeyType": "Zaman tabanlı (TOTP)",
   "counterBasedKeyType": "Sayaç tabanlı (HOTP)",
   "saveAction": "Kaydet",
-  "nextTotpTitle": "ileri",
+  "nextTotpTitle": "sonraki",
   "deleteCodeTitle": "Kodu silmek istiyor musunuz?",
   "deleteCodeMessage": "Bu kodu silmek istediğinize emin misiniz? Bu geri alınamaz bir işlemdir.",
   "viewLogsAction": "Günlüğü görüntüle",
@@ -53,6 +56,9 @@
     }
   },
   "contactSupport": "Destek ekibiyle iletişime geçin",
+  "rateUsOnStore": "Bizi {storeName} üzerinden değerlendirin",
+  "blog": "Blog",
+  "merchandise": "Ürünler",
   "verifyPassword": "Şifreyi doğrulayın",
   "pleaseWait": "Lütfen bekleyin...",
   "generatingEncryptionKeysTitle": "Şifreleme anahtarları üretiliyor...",
@@ -67,11 +73,23 @@
   "changeEmail": "E-postayı değiştir",
   "changePassword": "Şifreyi değiştir",
   "data": "Veriler",
-  "importCodes": "Kodu İçe Aktar",
+  "importCodes": "Kodu içe aktar",
+  "importTypePlainText": "Düz metin",
+  "importTypeEnteEncrypted": "ente Şifreli dışa aktarma",
+  "passwordForDecryptingExport": "Dışa aktarımın şifresini çözmek için parola",
+  "passwordEmptyError": "Şifre boş olamaz",
+  "importFromApp": "Kodları {appName} uygulamasından içe aktarın",
+  "importGoogleAuthGuide": "\"Hesapları Aktar\" seçeneğini kullanarak hesaplarınızı Google Authenticator'dan bir QR koduna aktarın. Ardından başka bir cihaz kullanarak QR kodunu tarayın.\n\nİpucu: QR kodunun fotoğrafını çekmek için dizüstü bilgisayarınızın kamerasını kullanabilirsiniz.",
+  "importSelectJsonFile": "JSON dosyasını seçin",
+  "importEnteEncGuide": "Ente'den dışa aktarılan şifrelenmiş JSON dosyasını seçin",
+  "importRaivoGuide": "Raivo'nun ayarlarında \"OTP'leri Zip arşivine aktar\" seçeneğini kullanın.\n\nZip dosyasını çıkarın ve JSON dosyasını içe aktarın.",
   "exportCodes": "Kodu dışa aktar",
+  "importLabel": "İçe aktar",
   "importInstruction": "Lütfen aşağıdaki şekilde kodlarınızın listesini içeren dosyayı seçiniz",
   "importCodeDelimiterInfo": "Kodlar, virgülle ya da yeni bir satırla ayrılabilir",
   "selectFile": "Dosya seç",
+  "emailVerificationToggle": "E-posta doğrulama",
+  "authToChangeEmailVerificationSetting": "E-posta doğrulamasını değiştirmek için lütfen kimlik doğrulaması yapın",
   "authToViewYourRecoveryKey": "Kurtarma anahtarınızı görmek için lütfen kimliğinizi doğrulayın",
   "authToChangeYourEmail": "Epostanızı değiştirmek için lütfen kimliğinizi doğrulayın",
   "authToChangeYourPassword": "Şifrenizi değiştirmek için lütfen kimliğinizi doğrulayın",
@@ -90,6 +108,18 @@
   "enterYourPasswordHint": "Parolanızı girin",
   "forgotPassword": "Şifremi unuttum",
   "oops": "Hay aksi",
+  "suggestFeatures": "Özellik önerin",
+  "faq": "SSS",
+  "faq_q_1": "Ente Auth ne kadar güvenli?",
+  "faq_a_1": "Ente aracılığıyla yedeklediğiniz tüm kodlar uçtan uca şifrelenmiş olarak saklanır. Bu, kodlarınıza yalnızca sizin erişebileceğiniz anlamına gelir. Uygulamalarımız açık kaynaklıdır ve kriptografimiz harici olarak denetlenmiştir.",
+  "faq_q_2": "Kodlarıma masaüstünden erişebilir miyim?",
+  "faq_a_2": "Kodlarınıza internet üzerinden @ auth.ente.io adresinden erişebilirsiniz.",
+  "faq_q_3": "Kodları nasıl silebilirim?",
+  "faq_a_3": "Bir kodu, o öğenin üzerinde sola kaydırarak silebilirsiniz.",
+  "faq_q_4": "Bu projeye nasıl destek olabilirim?",
+  "faq_a_4": "Fotoğraflar uygulamamıza @ ente.io abone olarak bu projenin geliştirilmesine destek olabilirsiniz.",
+  "faq_q_5": "FaceID kilidini ente Auth'ta nasıl etkinleştirebilirim",
+  "faq_a_5": "FaceID kilidini Ayarlar → Güvenlik → Kilit Ekranı altında etkinleştirebilirsiniz.",
   "somethingWentWrongMessage": "Bir şeyler ters gitti, lütfen tekrar deneyin",
   "leaveFamily": "Aile planından ayrıl",
   "leaveFamilyMessage": "Aile planından ayrılmak istediğinize emin misiniz?",
@@ -156,6 +186,7 @@
   "recoveryKeySaveDescription": "Biz bu anahtarı saklamıyoruz, lütfen. bu 24 kelimelik anahtarı güvenli bir yerde saklayın.",
   "doThisLater": "Bunu daha sonra yap",
   "saveKey": "Anahtarı kaydet",
+  "back": "Geri",
   "createAccount": "Hesap oluştur",
   "passwordStrength": "Şifre gücü: {passwordStrengthValue}",
   "@passwordStrength": {
@@ -214,6 +245,7 @@
   "enterYourRecoveryKey": "Kurtarma anahtarınızı girin",
   "tempErrorContactSupportIfPersists": "Bir şeyler ters gitmiş gibi görünüyor. Lütfen bir süre sonra tekrar deneyin. Hata devam ederse, lütfen destek ekibimizle iletişime geçin.",
   "itLooksLikeSomethingWentWrongPleaseRetryAfterSome": "Bir şeyler ters gitmiş gibi görünüyor. Lütfen bir süre sonra tekrar deneyin. Hata devam ederse, lütfen destek ekibimizle iletişime geçin.",
+  "about": "Hakkında",
   "weAreOpenSource": "Biz açık kaynağız!",
   "privacy": "Gizlilik",
   "terms": "Şartlar",
@@ -238,6 +270,7 @@
       }
     }
   },
+  "sorry": "Üzgünüz",
   "importFailureDesc": "Seçilen dosya ayrıştırılamadı.\nYardıma ihtiyacınız varsa lütfen support@ente.io adresine yazın!",
   "pendingSyncs": "Uyarı",
   "pendingSyncsWarningBody": "Kodlarınızdan bazıları yedeklenmemiş.\n\nLütfen oturumu kapatmadan önce bu kodların yedeğini aldığınızdan emin olun.",
@@ -257,7 +290,28 @@
   },
   "activeSessions": "Aktif oturumlar",
   "somethingWentWrongPleaseTryAgain": "Bir şeyler ters gitti, lütfen tekrar deneyin",
+  "thisWillLogYouOutOfThisDevice": "Bu sizin bu cihazdaki oturumunuzu kapatacaktır!",
+  "thisWillLogYouOutOfTheFollowingDevice": "Bu, aşağıdaki cihazdan çıkış yapmanızı sağlayacaktır:",
   "terminateSession": "Oturumu sonlandır?",
   "terminate": "Sonlandır",
-  "thisDevice": "Bu cihaz"
+  "thisDevice": "Bu cihaz",
+  "toResetVerifyEmail": "Şifrenizi sıfırlamak için lütfen önce e-postanızı doğrulayın.",
+  "thisEmailIsAlreadyInUse": "Bu e-posta zaten kullanılıyor",
+  "verificationFailedPleaseTryAgain": "Doğrulama başarısız oldu, lütfen tekrar deneyin",
+  "yourVerificationCodeHasExpired": "Doğrulama kodunuzun süresi doldu",
+  "incorrectCode": "Yanlış kod",
+  "sorryTheCodeYouveEnteredIsIncorrect": "Üzgünüz, girdiğiniz kod yanlış",
+  "emailChangedTo": "E-posta {newEmail} olarak değiştirildi",
+  "authenticationFailedPleaseTryAgain": "Kimlik doğrulama başarısız oldu, lütfen tekrar deneyin",
+  "authenticationSuccessful": "Kimlik doğrulama başarılı!",
+  "twofactorAuthenticationSuccessfullyReset": "İki faktörlü kimlik doğrulama başarıyla sıfırlandı",
+  "incorrectRecoveryKey": "Yanlış kurtarma kodu",
+  "theRecoveryKeyYouEnteredIsIncorrect": "Girdiğiniz kurtarma kodu yanlış",
+  "enterPassword": "Şifreyi girin",
+  "selectExportFormat": "Dışa aktarma formatını seç",
+  "exportDialogDesc": "Şifrelenmiş dışa aktarımlar seçtiğiniz bir parola ile korunacaktır.",
+  "encrypted": "Şifreli",
+  "plainText": "Düz metin",
+  "passwordToEncryptExport": "Dışa aktarımı şifrelemek için parola",
+  "export": "Dışa aktar"
 }

lib/l10n/arb/app_vi.arb

@@ -0,0 +1,271 @@
+{
+  "account": "Tài khoản",
+  "recoveryKey": "Khóa khôi phục",
+  "counterAppBarTitle": "Bộ Đếm",
+  "@counterAppBarTitle": {
+    "description": "Text shown in the AppBar of the Counter Page"
+  },
+  "onBoardingBody": "Bảo mật mã 2FA của bạn",
+  "onBoardingGetStarted": "Bắt đầu",
+  "setupFirstAccount": "Thiết lập tài khoản đầu tiên của bạn",
+  "importScanQrCode": "Quét mã QR",
+  "importEnterSetupKey": "Nhập khóa thiết lập",
+  "importAccountPageTitle": "Nhập chi tiết tài khoản",
+  "secretCanNotBeEmpty": "Khoá bí mật không được để trống",
+  "bothIssuerAndAccountCanNotBeEmpty": "Cả nhà phát hành và tài khoản không được để trống",
+  "incorrectDetails": "Thông tin chi tiết không chính xác",
+  "pleaseVerifyDetails": "Vui lòng xác minh chi tiết và thử lại",
+  "codeIssuerHint": "Nhà phát hành",
+  "codeSecretKeyHint": "Khóa bí mật",
+  "codeAccountHint": "Tài khoản (bạn@miền.com)",
+  "accountKeyType": "Loại khóa",
+  "sessionExpired": "Phiên làm việc đã hết hạn",
+  "@sessionExpired": {
+    "description": "Title of the dialog when the users current session is invalid/expired"
+  },
+  "pleaseLoginAgain": "Vui lòng đăng nhập lại",
+  "loggingOut": "Đang thoát...",
+  "timeBasedKeyType": "Dựa trên thời gian (TOTP)",
+  "counterBasedKeyType": "Dựa trên bộ đếm (HOTP)",
+  "saveAction": "Lưu",
+  "nextTotpTitle": "tiếp",
+  "deleteCodeTitle": "Xóa mã?",
+  "deleteCodeMessage": "Bạn có chắc chắn muốn xóa mã này không? Hành động này không thể đảo ngược.",
+  "viewLogsAction": "Xem các bản ghi",
+  "sendLogsDescription": "Thao tác này sẽ gửi nhật ký để giúp chúng tôi gỡ lỗi sự cố của bạn. Mặc dù chúng tôi thực hiện các biện pháp phòng ngừa để đảm bảo rằng thông tin nhạy cảm không được ghi lại, nhưng chúng tôi khuyến khích bạn xem các nhật ký này trước khi chia sẻ chúng.",
+  "preparingLogsTitle": "Đang chuẩn bị nhật ký...",
+  "emailLogsTitle": "Nhật ký email",
+  "emailLogsMessage": "Vui lòng gửi nhật ký tới {email}",
+  "@emailLogsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "copyEmailAction": "Sao chép email",
+  "exportLogsAction": "Xuất nhật ký",
+  "reportABug": "Báo cáo lỗi",
+  "crashAndErrorReporting": "Báo cáo sự cố và lỗi",
+  "reportBug": "Báo lỗi",
+  "emailUsMessage": "Vui lòng gửi email cho chúng tôi tại {email}",
+  "@emailUsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "contactSupport": "Liên hệ hỗ trợ",
+  "verifyPassword": "Xác nhận mật khẩu",
+  "pleaseWait": "Vui lòng chờ...",
+  "generatingEncryptionKeysTitle": "Đang tạo khóa mã hóa...",
+  "recreatePassword": "Tạo lại mật khẩu",
+  "recreatePasswordMessage": "Thiết bị hiện tại không đủ mạnh để xác minh mật khẩu của bạn, vì vậy chúng tôi cần tạo lại mật khẩu một lần theo cách hoạt động với tất cả các thiết bị. \n\nVui lòng đăng nhập bằng khóa khôi phục và tạo lại mật khẩu của bạn (bạn có thể sử dụng lại cùng một mật khẩu nếu muốn).",
+  "useRecoveryKey": "Dùng khóa khôi phục",
+  "incorrectPasswordTitle": "Mật khẩu không đúng",
+  "welcomeBack": "Chào mừng trở lại!",
+  "madeWithLoveAtPrefix": "được làm bằng ❤️ tại ",
+  "supportDevs": "Đăng ký <bold-green>ente</bold-green> để hỗ trợ dự án này.",
+  "supportDiscount": "Sử dụng mã giảm giá \"AUTH\" để được giảm 10% trong năm đầu tiên",
+  "changeEmail": "Thay đổi email",
+  "changePassword": "Thay đổi mật khẩu",
+  "data": "Dữ liệu",
+  "importCodes": "Nhập mã",
+  "exportCodes": "Xuất mã",
+  "importInstruction": "Vui lòng chọn tệp chứa danh sách mã của bạn ở định dạng sau",
+  "importCodeDelimiterInfo": "Các mã có thể được phân tách bằng một dấu phẩy hoặc một dòng mới",
+  "selectFile": "Chọn tập tin",
+  "authToViewYourRecoveryKey": "Vui lòng xác thực để xem khóa khôi phục của bạn",
+  "authToChangeYourEmail": "Vui lòng xác thực để thay đổi email của bạn",
+  "authToChangeYourPassword": "Vui lòng xác thực để thay đổi mật khẩu của bạn",
+  "ok": "Được rồi",
+  "cancel": "Hủy",
+  "yes": "Đúng",
+  "no": "Không",
+  "email": "Thư điện tử",
+  "support": "Hỗ trợ",
+  "settings": "Cài đặt",
+  "copied": "\u001dĐã sao chép",
+  "pleaseTryAgain": "Vui lòng thử lại",
+  "existingUser": "Người dùng hiện tại",
+  "newUser": "Mới tham gia ente",
+  "delete": "Xóa",
+  "enterYourPasswordHint": "Nhập mật khẩu của bạn",
+  "forgotPassword": "Quên mật khẩu",
+  "oops": "Rất tiếc",
+  "somethingWentWrongMessage": "Phát hiện có lỗi, xin thử lại",
+  "leaveFamily": "Rời khỏi gia đình",
+  "leaveFamilyMessage": "Bạn có chắc chắn muốn thoát khỏi gói dành cho gia đình không?",
+  "inFamilyPlanMessage": "Bạn đang sử dụng gói dành cho gia đình!",
+  "swipeHint": "Vuốt sang trái để chỉnh sửa hoặc xóa mã",
+  "scan": "Quét",
+  "scanACode": "Quét mã",
+  "verify": "Xác minh",
+  "verifyEmail": "Xác nhận địa chỉ Email",
+  "enterCodeHint": "Nhập mã gồm 6 chữ số từ ứng dụng xác thực của bạn",
+  "lostDeviceTitle": "Bạn đã mất thiết bị?",
+  "twoFactorAuthTitle": "Xác thực hai yếu tố",
+  "recoverAccount": "Khôi phục tài khoản",
+  "enterRecoveryKeyHint": "Nhập khóa khôi phục của bạn",
+  "recover": "Khôi phục",
+  "contactSupportViaEmailMessage": "Vui lòng gửi email đến {email} từ địa chỉ email đã đăng ký của bạn",
+  "@contactSupportViaEmailMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "noRecoveryKeyTitle": "Không có khóa khôi phục?",
+  "enterEmailHint": "Nhập địa chỉ email của bạn",
+  "invalidEmailTitle": "Địa chỉ email không hợp lệ",
+  "invalidEmailMessage": "Xin vui lòng nhập một địa chỉ email hợp lệ.",
+  "deleteAccount": "Xoá tài khoản",
+  "deleteAccountQuery": "Chúng tôi sẽ rất tiếc khi thấy bạn đi. Bạn đang phải đối mặt với một số vấn đề?",
+  "yesSendFeedbackAction": "Có, gửi phản hồi",
+  "noDeleteAccountAction": "Không, xóa tài khoản",
+  "initiateAccountDeleteTitle": "Vui lòng xác thực để bắt đầu xóa tài khoản",
+  "confirmAccountDeleteTitle": "Bạn có chắc rằng bạn muốn xóa tài khoản ente của bạn không?",
+  "confirmAccountDeleteMessage": "Dữ liệu đã tải lên của bạn, trên tất cả các ứng dụng (cả Ảnh và Authenticator), sẽ được lên lịch xóa và tài khoản của bạn sẽ bị xóa vĩnh viễn.",
+  "sendEmail": "Gửi email",
+  "createNewAccount": "Tạo tài khoản mới",
+  "weakStrength": "Yếu",
+  "strongStrength": "Mạnh",
+  "moderateStrength": "Trung bình",
+  "confirmPassword": "Xác nhận mật khẩu",
+  "close": "Đóng",
+  "oopsSomethingWentWrong": "Rất tiếc, Đã xảy ra lỗi.",
+  "selectLanguage": "Chọn ngôn ngữ",
+  "language": "Ngôn ngữ",
+  "social": "Xã hội",
+  "security": "Bảo mật",
+  "lockscreen": "Màn hình khoá",
+  "authToChangeLockscreenSetting": "Vui lòng xác thực để thay đổi cài đặt màn hình khóa",
+  "lockScreenEnablePreSteps": "Để bật màn hình khóa, vui lòng thiết lập mật khẩu thiết bị hoặc khóa màn hình trong cài đặt hệ thống của bạn.",
+  "viewActiveSessions": "Xem danh sách phiên làm việc hiện tại",
+  "authToViewYourActiveSessions": "Vui lòng xác thực để xem danh sách phiên làm việc của bạn",
+  "searchHint": "Tìm kiếm...",
+  "search": "Tìm kiếm",
+  "sorryUnableToGenCode": "Rất tiếc, không thể tạo mã cho {issuerName}",
+  "noResult": "Không có kết quả",
+  "addCode": "Thêm mã",
+  "scanAQrCode": "Quét mã QR",
+  "enterDetailsManually": "Nhập chi tiết thủ công",
+  "edit": "Sửa",
+  "copiedToClipboard": "Đã sao chép vào khay nhớ tạm",
+  "error": "Lỗi",
+  "recoveryKeyCopiedToClipboard": "Đã sao chép khóa khôi phục vào bộ nhớ tạm",
+  "recoveryKeyOnForgotPassword": "Nếu bạn quên mật khẩu, cách duy nhất bạn có thể khôi phục dữ liệu của mình là sử dụng khóa này.",
+  "recoveryKeySaveDescription": "Chúng tôi không lưu trữ khóa này, vui lòng lưu khóa 24 từ này ở nơi an toàn.",
+  "doThisLater": "Để sau",
+  "saveKey": "Lưu khóa",
+  "createAccount": "Tạo tài khoản",
+  "passwordStrength": "Độ mạnh mật khẩu: {passwordStrengthValue}",
+  "@passwordStrength": {
+    "description": "Text to indicate the password strength",
+    "placeholders": {
+      "passwordStrengthValue": {
+        "description": "The strength of the password as a string",
+        "type": "String",
+        "example": "Weak or Moderate or Strong"
+      }
+    },
+    "message": "Password Strength: {passwordStrengthText}"
+  },
+  "password": "Mật khẩu",
+  "signUpTerms": "Tôi đồng ý với <u-terms>điều khoản dịch vụ</u-terms> và <u-policy>chính sách quyền riêng tư</u-policy>",
+  "privacyPolicyTitle": "Chính sách bảo mật",
+  "termsOfServicesTitle": "Điều khoản",
+  "encryption": "Mã hóa",
+  "setPasswordTitle": "Đặt mật khẩu",
+  "changePasswordTitle": "Thay đổi mật khẩu",
+  "resetPasswordTitle": "Đặt lại mật khẩu",
+  "encryptionKeys": "Khóa mã hóa",
+  "passwordWarning": "Chúng tôi không lưu trữ mật khẩu này, vì vậy nếu bạn quên, <underline>chúng tôi không thể giải mã dữ liệu của bạn</underline>",
+  "enterPasswordToEncrypt": "Nhập mật khẩu mà chúng tôi có thể sử dụng để mã hóa dữ liệu của bạn",
+  "enterNewPasswordToEncrypt": "Nhập một mật khẩu mới mà chúng tôi có thể sử dụng để mã hóa dữ liệu của bạn",
+  "passwordChangedSuccessfully": "Thay đổi mật khẩu thành công",
+  "generatingEncryptionKeys": "Đang tạo khóa mã hóa...",
+  "continueLabel": "Tiếp tục",
+  "insecureDevice": "Thiết bị không an toàn",
+  "sorryWeCouldNotGenerateSecureKeysOnThisDevicennplease": "Rất tiếc, chúng tôi không thể tạo khóa bảo mật trên thiết bị này.\n\nvui lòng đăng ký từ một thiết bị khác.",
+  "howItWorks": "Cách thức hoạt động",
+  "ackPasswordLostWarning": "Tôi hiểu rằng việc mất mật khẩu có thể đồng nghĩa với việc mất dữ liệu của tôi vì dữ liệu của tôi được <underline>mã hóa hai đầu</underline>.",
+  "loginTerms": "Bằng cách nhấp vào đăng nhập, tôi đồng ý với <u-terms>điều khoản dịch vụ</u-terms> và <u-policy>chính sách quyền riêng tư</u-policy>",
+  "logInLabel": "Đăng nhập",
+  "logout": "Đăng xuất",
+  "areYouSureYouWantToLogout": "Bạn có chắc chắn muốn đăng xuất?",
+  "yesLogout": "Có, đăng xuất",
+  "exit": "Thoát",
+  "verifyingRecoveryKey": "Đang xác minh khóa khôi phục...",
+  "recoveryKeyVerified": "Khóa khôi phục đã được xác thực",
+  "recoveryKeySuccessBody": "Tuyệt vời! Khóa khôi phục của bạn hợp lệ. Cảm ơn bạn đã xác minh.\n\nHãy nhớ sao lưu khóa khôi phục của bạn một cách an toàn.",
+  "invalidRecoveryKey": "Khóa khôi phục bạn đã nhập không hợp lệ. Vui lòng đảm bảo rằng nó chứa 24 từ và kiểm tra chính tả của từng từ.\n\nNếu bạn đã nhập mã khôi phục cũ hơn, hãy đảm bảo mã đó dài 64 ký tự và kiểm tra từng ký tự.",
+  "recreatePasswordTitle": "Tạo lại mật khẩu",
+  "recreatePasswordBody": "Thiết bị hiện tại không đủ mạnh để xác minh mật khẩu của bạn nhưng chúng tôi có thể tạo lại mật khẩu theo cách hoạt động với tất cả các thiết bị.\n\nVui lòng đăng nhập bằng khóa khôi phục và tạo lại mật khẩu của bạn (bạn có thể sử dụng lại cùng một mật khẩu nếu muốn).",
+  "invalidKey": "Khoá không hợp lệ",
+  "tryAgain": "Thử lại",
+  "viewRecoveryKey": "Hiển thị khóa khôi phục",
+  "confirmRecoveryKey": "Xác nhận khóa khôi phục",
+  "recoveryKeyVerifyReason": "Nếu bạn quên mật khẩu, khóa khôi phục là cách duy nhất để khôi phục ảnh của bạn. Bạn có thể tìm thấy khóa khôi phục của mình trong Cài đặt > Tài khoản.\n\nVui lòng nhập khóa khôi phục của bạn tại đây để xác minh rằng bạn đã lưu chính xác.",
+  "confirmYourRecoveryKey": "Xác nhận khóa khôi phục",
+  "confirm": "Xác nhận",
+  "emailYourLogs": "Gửi email nhật ký của bạn",
+  "pleaseSendTheLogsTo": "Vui lòng gửi nhật ký đến \n{toEmail}",
+  "copyEmailAddress": "Sao chép địa chỉ email",
+  "exportLogs": "Xuất nhật ký",
+  "enterYourRecoveryKey": "Nhập khóa khôi phục của bạn",
+  "tempErrorContactSupportIfPersists": "Có vẻ như đã xảy ra sự cố. Vui lòng thử lại sau một thời gian. Nếu lỗi vẫn tiếp diễn, vui lòng liên hệ với nhóm hỗ trợ của chúng tôi.",
+  "itLooksLikeSomethingWentWrongPleaseRetryAfterSome": "Có vẻ như đã xảy ra sự cố. Vui lòng thử lại sau một thời gian. Nếu lỗi vẫn tiếp diễn, vui lòng liên hệ với nhóm hỗ trợ của chúng tôi.",
+  "about": "Về chúng tôi",
+  "weAreOpenSource": "Chúng tôi có mã nguồn mở!",
+  "privacy": "Riêng tư",
+  "terms": "Điều khoản",
+  "checkForUpdates": "Kiểm tra cập nhật",
+  "checking": "Đang kiểm tra...",
+  "youAreOnTheLatestVersion": "Bạn đang sử dụng phiên bản mới nhất",
+  "warning": "Cánh báo",
+  "exportWarningDesc": "Tệp đã xuất chứa thông tin nhạy cảm. Hãy lưu trữ tệp này một cách an toàn.",
+  "iUnderStand": "Tôi hiểu",
+  "@iUnderStand": {
+    "description": "Text for the button to confirm the user understands the warning"
+  },
+  "authToExportCodes": "Vui lòng xác thực để xuất mã của bạn",
+  "importSuccessTitle": "Hoan hô!",
+  "importSuccessDesc": "Bạn đã nhập {count} mã!",
+  "@importSuccessDesc": {
+    "placeholders": {
+      "count": {
+        "description": "The number of codes imported",
+        "type": "int",
+        "example": "1"
+      }
+    }
+  },
+  "sorry": "Xin lỗi",
+  "importFailureDesc": "Không thể phân tích cú pháp tệp đã chọn.\nVui lòng viết thư cho support@ente.io nếu bạn cần trợ giúp!",
+  "pendingSyncs": "Cánh báo",
+  "pendingSyncsWarningBody": "Một số mã của bạn chưa được sao lưu.\n\nVui lòng đảm bảo rằng bạn có bản sao lưu cho các mã này trước khi đăng xuất.",
+  "checkInboxAndSpamFolder": "Vui lòng kiểm tra hộp thư đến (và thư rác) của bạn để hoàn tất xác minh",
+  "tapToEnterCode": "Chạm để nhập mã",
+  "resendEmail": "Gửi lại email",
+  "weHaveSendEmailTo": "Chúng tôi đã gửi thư đến <green>{email}</green>",
+  "@weHaveSendEmailTo": {
+    "description": "Text to indicate that we have sent a mail to the user",
+    "placeholders": {
+      "email": {
+        "description": "The email address of the user",
+        "type": "String",
+        "example": "example@ente.io"
+      }
+    }
+  },
+  "activeSessions": "Các phiên làm việc hiện tại",
+  "somethingWentWrongPleaseTryAgain": "Phát hiện có lỗi, xin thử lại",
+  "thisWillLogYouOutOfThisDevice": "Thao tác này sẽ đăng xuất bạn khỏi thiết bị này!",
+  "thisWillLogYouOutOfTheFollowingDevice": "Thao tác này sẽ đăng xuất bạn khỏi thiết bị sau:",
+  "terminateSession": "Chấm dứt phiên?",
+  "terminate": "Dừng lại",
+  "thisDevice": "Thiết bị này"
+}

lib/l10n/arb/app_zh.arb

@@ -9,8 +9,13 @@
   "onBoardingGetStarted": "开始",
   "setupFirstAccount": "设置您的第一个账户",
   "importScanQrCode": "扫描二维码",
+  "qrCode": "二维码",
   "importEnterSetupKey": "输入设置密钥",
   "importAccountPageTitle": "输入账户详细信息",
+  "secretCanNotBeEmpty": "密码不能为空",
+  "bothIssuerAndAccountCanNotBeEmpty": "发行人和账户均不能为空",
+  "incorrectDetails": "详细信息不正确",
+  "pleaseVerifyDetails": "请验证详细信息并重试",
   "codeIssuerHint": "发行人",
   "codeSecretKeyHint": "私钥",
   "codeAccountHint": "账户 (you@domain.com)",
@@ -53,6 +58,9 @@
     }
   },
   "contactSupport": "联系支持",
+  "rateUsOnStore": "在 {storeName} 上给我们评分",
+  "blog": "博客",
+  "merchandise": "商品",
   "verifyPassword": "验证密码",
   "pleaseWait": "请稍候...",
   "generatingEncryptionKeysTitle": "正在生成加密密钥...",
@@ -68,10 +76,22 @@
   "changePassword": "修改密码",
   "data": "数据",
   "importCodes": "导入代码",
+  "importTypePlainText": "纯文本",
+  "importTypeEnteEncrypted": "ente 加密导出",
+  "passwordForDecryptingExport": "用来解密导出的密码",
+  "passwordEmptyError": "密码不能为空",
+  "importFromApp": "从 {appName} 导入代码",
+  "importGoogleAuthGuide": "使用“转移帐户”选项将您的帐户从 Google 身份验证器导出到二维码。然后使用另一台设备扫描二维码。\n\n提示：您可以使用笔记本电脑的网络摄像头拍摄二维码的照片。",
+  "importSelectJsonFile": "选择 JSON 文件",
+  "importEnteEncGuide": "选择从ente导出的加密JSON文件",
+  "importRaivoGuide": "使用 Raivo 设置中的“将 OTP 导出到 Zip 存档”选项。\n\n解压 zip 文件并导入 JSON 文件。",
   "exportCodes": "导出代码",
+  "importLabel": "导入",
   "importInstruction": "请以以下格式选择包含代码列表的文件",
   "importCodeDelimiterInfo": "代码可以用逗号或新行分隔。",
   "selectFile": "选择文件",
+  "emailVerificationToggle": "电子邮件验证",
+  "authToChangeEmailVerificationSetting": "请进行身份验证以更改电子邮件验证",
   "authToViewYourRecoveryKey": "请验证以查看您的恢复密钥",
   "authToChangeYourEmail": "请验证以更改您的电子邮件",
   "authToChangeYourPassword": "请验证以更改密码",
@@ -90,6 +110,18 @@
   "enterYourPasswordHint": "输入您的密码",
   "forgotPassword": "忘记密码",
   "oops": "哎呀",
+  "suggestFeatures": "建议新功能",
+  "faq": "常见问题",
+  "faq_q_1": "ente Auth的安全程度如何？",
+  "faq_a_1": "您通过 ente 备份的所有代码均以端到端加密方式存储。这意味着只有您可以访问您的代码。 我们的应用程序是开源的，我们的加密技术已经过外部审计。",
+  "faq_q_2": "我可以在桌面上访问我的代码吗？",
+  "faq_a_2": "您可以在 web @auth.ente.io 上访问您的代码。",
+  "faq_q_3": "我如何删除代码？",
+  "faq_a_3": "您可以通过向左滑动该项目来删除该代码。",
+  "faq_q_4": "我该如何支持该项目？",
+  "faq_a_4": "您可以通过订阅我们的照片应用程序@ente.io来支持该项目的开发。",
+  "faq_q_5": "如何在 ente Auth 中启用 FaceID 锁定",
+  "faq_a_5": "您可以在“设置”→“安全”→“锁屏”下启用 FaceID 锁定。",
   "somethingWentWrongMessage": "出了点问题，请重试",
   "leaveFamily": "离开家庭",
   "leaveFamilyMessage": "您确定要离开家庭计划吗？",
@@ -156,6 +188,7 @@
   "recoveryKeySaveDescription": "我们不会存储此密钥，请将此24个单词密钥保存在一个安全的地方。",
   "doThisLater": "稍后再做",
   "saveKey": "保存密钥",
+  "back": "返回",
   "createAccount": "创建账户",
   "passwordStrength": "密码强度： {passwordStrengthValue}",
   "@passwordStrength": {
@@ -263,5 +296,24 @@
   "thisWillLogYouOutOfTheFollowingDevice": "这将使您在以下设备中退出登录：",
   "terminateSession": "是否终止会话？",
   "terminate": "终止",
-  "thisDevice": "此设备"
+  "thisDevice": "此设备",
+  "toResetVerifyEmail": "要重置您的密码，请先验证您的电子邮件。",
+  "thisEmailIsAlreadyInUse": "该电子邮件已被使用",
+  "verificationFailedPleaseTryAgain": "验证失败，请再试一次",
+  "yourVerificationCodeHasExpired": "您的验证码已过期",
+  "incorrectCode": "验证码错误",
+  "sorryTheCodeYouveEnteredIsIncorrect": "抱歉，您输入的验证码不正确",
+  "emailChangedTo": "电子邮件已更改为 {newEmail}",
+  "authenticationFailedPleaseTryAgain": "认证失败，请重试",
+  "authenticationSuccessful": "认证成功！",
+  "twofactorAuthenticationSuccessfullyReset": "双因素身份验证已成功重置",
+  "incorrectRecoveryKey": "恢复密钥不正确",
+  "theRecoveryKeyYouEnteredIsIncorrect": "您输入的恢复密钥不正确",
+  "enterPassword": "输入密码",
+  "selectExportFormat": "选择导出格式",
+  "exportDialogDesc": "加密导出将由您选择的密码保护。",
+  "encrypted": "已加密",
+  "plainText": "纯文本",
+  "passwordToEncryptExport": "用来加密导出的密码",
+  "export": "导出"
 }

lib/main.dart

@@ -1,4 +1,5 @@
 import 'package:adaptive_theme/adaptive_theme.dart';
+import 'package:computer/computer.dart';
 import "package:ente_auth/app/view/app.dart";
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/constants.dart';
@@ -16,7 +17,9 @@ import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/ui/tools/app_lock.dart';
 import 'package:ente_auth/ui/tools/lock_screen.dart';
+import 'package:ente_auth/ui/utils/icon_utils.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
+import 'package:flutter/foundation.dart';
 import "package:flutter/material.dart";
 import 'package:logging/logging.dart';
 import 'package:path_provider/path_provider.dart';
@@ -70,6 +73,8 @@ Future _runWithLogs(Function() function, {String prefix = ""}) async {
 }
 
 Future<void> _init(bool bool, {String? via}) async {
+  // Start workers asynchronously. No need to wait for them to start
+  Computer.shared().turnOn(workersCount: 4, verbose: kDebugMode);
   CryptoUtil.init();
   await PreferenceService.instance.init();
   await CodeStore.instance.init();
@@ -81,4 +86,5 @@ Future<void> _init(bool bool, {String? via}) async {
   await BillingService.instance.init();
   await NotificationService.instance.init();
   await UpdateService.instance.init();
+  await IconUtils.instance.init();
 }

lib/models/api/user/srp.dart

@@ -0,0 +1,135 @@
+class SetupSRPRequest {
+  final String srpUserID;
+  final String srpSalt;
+  final String srpVerifier;
+  final String srpA;
+  final bool isUpdate;
+
+  SetupSRPRequest({
+    required this.srpUserID,
+    required this.srpSalt,
+    required this.srpVerifier,
+    required this.srpA,
+    required this.isUpdate,
+  });
+
+  Map<String, dynamic> toMap() {
+    return {
+      'srpUserID': srpUserID.toString(),
+      'srpSalt': srpSalt,
+      'srpVerifier': srpVerifier,
+      'srpA': srpA,
+      'isUpdate': isUpdate,
+    };
+  }
+
+  factory SetupSRPRequest.fromJson(Map<String, dynamic> json) {
+    return SetupSRPRequest(
+      srpUserID: json['srpUserID'],
+      srpSalt: json['srpSalt'],
+      srpVerifier: json['srpVerifier'],
+      srpA: json['srpA'],
+      isUpdate: json['isUpdate'],
+    );
+  }
+}
+
+class SetupSRPResponse {
+  final String setupID;
+  final String srpB;
+
+  SetupSRPResponse({
+    required this.setupID,
+    required this.srpB,
+  });
+
+  Map<String, dynamic> toMap() {
+    return {
+      'setupID': setupID.toString(),
+      'srpB': srpB,
+    };
+  }
+
+  factory SetupSRPResponse.fromJson(Map<String, dynamic> json) {
+    return SetupSRPResponse(
+      setupID: json['setupID'],
+      srpB: json['srpB'],
+    );
+  }
+}
+
+class CompleteSRPSetupRequest {
+  final String setupID;
+  final String srpM1;
+
+  CompleteSRPSetupRequest({
+    required this.setupID,
+    required this.srpM1,
+  });
+
+  Map<String, dynamic> toMap() {
+    return {
+      'setupID': setupID.toString(),
+      'srpM1': srpM1,
+    };
+  }
+
+  factory CompleteSRPSetupRequest.fromJson(Map<String, dynamic> json) {
+    return CompleteSRPSetupRequest(
+      setupID: json['setupID'],
+      srpM1: json['srpM1'],
+    );
+  }
+}
+class SrpAttributes {
+  final String srpUserID;
+  final String srpSalt;
+  final int memLimit;
+  final int opsLimit;
+  final String kekSalt;
+  final bool isEmailMFAEnabled;
+
+  SrpAttributes({
+    required this.srpUserID,
+    required this.srpSalt,
+    required this.memLimit,
+    required this.opsLimit,
+    required this.kekSalt,
+    required this.isEmailMFAEnabled,
+  });
+
+  factory SrpAttributes.fromMap(Map<String, dynamic> map) {
+    return SrpAttributes(
+      srpUserID: map['attributes']['srpUserID'],
+      srpSalt: map['attributes']['srpSalt'],
+      memLimit: map['attributes']['memLimit'],
+      opsLimit: map['attributes']['opsLimit'],
+      kekSalt: map['attributes']['kekSalt'],
+      isEmailMFAEnabled: map['attributes']['isEmailMFAEnabled'],
+    );
+  }
+}
+
+class CompleteSRPSetupResponse {
+  final String setupID;
+  final String srpM2;
+
+  CompleteSRPSetupResponse({
+    required this.setupID,
+    required this.srpM2,
+  });
+
+  Map<String, dynamic> toMap() {
+    return {
+      'setupID': setupID,
+      'srpM2': srpM2,
+    };
+  }
+
+  factory CompleteSRPSetupResponse.fromJson(Map<String, dynamic> json) {
+    return CompleteSRPSetupResponse(
+      setupID: json['setupID'],
+      srpM2: json['srpM2'],
+    );
+  }
+}

lib/models/code.dart

@@ -13,6 +13,7 @@ class Code {
   final Algorithm algorithm;
   final Type type;
   final String rawData;
+  final int counter;
   bool? hasSynced;
 
   Code(
@@ -23,6 +24,7 @@ class Code {
     this.secret,
     this.algorithm,
     this.type,
+    this.counter,
     this.rawData, {
     this.generatedID,
   });
@@ -35,6 +37,7 @@ class Code {
     String? secret,
     Algorithm? algorithm,
     Type? type,
+    int? counter,
   }) {
     final String updateAccount = account ?? this.account;
     final String updateIssuer = issuer ?? this.issuer;
@@ -43,6 +46,7 @@ class Code {
     final String updatedSecret = secret ?? this.secret;
     final Algorithm updatedAlgo = algorithm ?? this.algorithm;
     final Type updatedType = type ?? this.type;
+    final int updatedCounter = counter ?? this.counter;
 
     return Code(
       updateAccount,
@@ -52,6 +56,7 @@ class Code {
       updatedSecret,
       updatedAlgo,
       updatedType,
+      updatedCounter,
       "otpauth://${updatedType.name}/" +
           updateIssuer +
           ":" +
@@ -59,7 +64,7 @@ class Code {
           "?algorithm=${updatedAlgo.name}&digits=$updatedDigits&issuer=" +
           updateIssuer +
           "&period=$updatePeriod&secret=" +
-          updatedSecret,
+          updatedSecret + (updatedType == Type.hotp ? "&counter=$updatedCounter" : ""),
       generatedID: generatedID,
     );
   }
@@ -77,6 +82,7 @@ class Code {
       secret,
       Algorithm.sha1,
       Type.totp,
+      0,
       "otpauth://totp/" +
           issuer +
           ":" +
@@ -99,6 +105,7 @@ class Code {
       getSanitizedSecret(uri.queryParameters['secret']!),
       _getAlgorithm(uri),
       _getType(uri),
+      _getCounter(uri),
       rawData,
     );
     } catch(e) {
@@ -163,6 +170,18 @@ class Code {
     }
   }
 
+  static int _getCounter(Uri uri) {
+    try {
+      final bool hasCounterKey = uri.queryParameters.containsKey('counter');
+      if (!hasCounterKey) {
+        return 0;
+      }
+      return int.parse(uri.queryParameters['counter']!);
+    } catch (e) {
+      return defaultPeriod;
+    }
+  }
+
   static Algorithm _getAlgorithm(Uri uri) {
     try {
       final algorithm =
@@ -197,6 +216,7 @@ class Code {
         other.digits == digits &&
         other.period == period &&
         other.secret == secret &&
+        other.counter == counter &&
         other.type == type &&
         other.rawData == rawData;
   }
@@ -209,6 +229,7 @@ class Code {
         period.hashCode ^
         secret.hashCode ^
         type.hashCode ^
+        counter.hashCode ^
         rawData.hashCode;
   }
 }

lib/models/export/ente.dart

@@ -0,0 +1,66 @@
+/*
+Version: 1.0
+KDF Algo: ARGON2ID
+Decrypted Data Format: It contains code.rawData [1] separated by new line.
+[1] otpauth://totp/provider.com:you@email.com?secret=YOUR_SECRET
+*/
+
+class EnteAuthExport {
+  final int version;
+  final KDFParams kdfParams;
+  final String encryptedData;
+  final String encryptionNonce;
+
+  // Named constructor which can be used to specify each field individually
+  EnteAuthExport({
+    required this.version,
+    required this.kdfParams,
+    required this.encryptedData,
+    required this.encryptionNonce,
+  });
+
+  // Convert EnteExport object to JSON
+  Map<String, dynamic> toJson() => {
+        'version': version,
+        'kdfParams': kdfParams.toJson(),
+        'encryptedData': encryptedData,
+        'encryptionNonce': encryptionNonce,
+      };
+
+  // Convert JSON to EnteExport object
+  static EnteAuthExport fromJson(Map<String, dynamic> json) => EnteAuthExport(
+        version: json['version'],
+        kdfParams: KDFParams.fromJson(json['kdfParams']),
+        encryptedData: json['encryptedData'],
+        encryptionNonce: json['encryptionNonce'],
+      );
+}
+
+// KDFParams is a class that holds the parameters for the KDF function.
+// It is used to derive a key from a password.
+class KDFParams {
+  final int memLimit;
+  final int opsLimit;
+  final String salt;
+
+  // Named constructor which can be used to specify each field individually
+  KDFParams({
+    required this.memLimit,
+    required this.opsLimit,
+    required this.salt,
+  });
+
+  // Convert KDFParams object to JSON
+  Map<String, dynamic> toJson() => {
+        'memLimit': memLimit,
+        'opsLimit': opsLimit,
+        'salt': salt,
+      };
+
+  // Convert JSON to KDFParams object
+  static KDFParams fromJson(Map<String, dynamic> json) => KDFParams(
+        memLimit: json['memLimit'],
+        opsLimit: json['opsLimit'],
+        salt: json['salt'],
+      );
+}

lib/models/key_gen_result.dart

@@ -1,9 +1,12 @@
+import 'dart:typed_data';
+
 import 'package:ente_auth/models/key_attributes.dart';
 import 'package:ente_auth/models/private_key_attributes.dart';
 
 class KeyGenResult {
   final KeyAttributes keyAttributes;
   final PrivateKeyAttributes privateKeyAttributes;
+  final Uint8List loginKey;
 
-  KeyGenResult(this.keyAttributes, this.privateKeyAttributes);
+  KeyGenResult(this.keyAttributes, this.privateKeyAttributes, this.loginKey);
 }

lib/models/protos/googleauth.pb.dart

@@ -0,0 +1,201 @@
+//
+//  Generated code. Do not modify.
+//  source: googleauth.proto
+//
+// @dart = 2.12
+
+// ignore_for_file: annotate_overrides, camel_case_types
+// ignore_for_file: constant_identifier_names, library_prefixes
+// ignore_for_file: non_constant_identifier_names, prefer_final_fields
+// ignore_for_file: unnecessary_import, unnecessary_this, unused_import
+
+import 'dart:core' as $core;
+
+import 'package:fixnum/fixnum.dart' as $fixnum;
+import 'package:protobuf/protobuf.dart' as $pb;
+
+import 'googleauth.pbenum.dart';
+
+export 'googleauth.pbenum.dart';
+
+class MigrationPayload_OtpParameters extends $pb.GeneratedMessage {
+  factory MigrationPayload_OtpParameters() => create();
+  MigrationPayload_OtpParameters._() : super();
+  factory MigrationPayload_OtpParameters.fromBuffer($core.List<$core.int> i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromBuffer(i, r);
+  factory MigrationPayload_OtpParameters.fromJson($core.String i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromJson(i, r);
+
+  static final $pb.BuilderInfo _i = $pb.BuilderInfo(_omitMessageNames ? '' : 'MigrationPayload.OtpParameters', package: const $pb.PackageName(_omitMessageNames ? '' : 'googleauth'), createEmptyInstance: create)
+    ..a<$core.List<$core.int>>(1, _omitFieldNames ? '' : 'secret', $pb.PbFieldType.OY)
+    ..aOS(2, _omitFieldNames ? '' : 'name')
+    ..aOS(3, _omitFieldNames ? '' : 'issuer')
+    ..e<MigrationPayload_Algorithm>(4, _omitFieldNames ? '' : 'algorithm', $pb.PbFieldType.OE, defaultOrMaker: MigrationPayload_Algorithm.ALGORITHM_UNSPECIFIED, valueOf: MigrationPayload_Algorithm.valueOf, enumValues: MigrationPayload_Algorithm.values)
+    ..e<MigrationPayload_DigitCount>(5, _omitFieldNames ? '' : 'digits', $pb.PbFieldType.OE, defaultOrMaker: MigrationPayload_DigitCount.DIGIT_COUNT_UNSPECIFIED, valueOf: MigrationPayload_DigitCount.valueOf, enumValues: MigrationPayload_DigitCount.values)
+    ..e<MigrationPayload_OtpType>(6, _omitFieldNames ? '' : 'type', $pb.PbFieldType.OE, defaultOrMaker: MigrationPayload_OtpType.OTP_TYPE_UNSPECIFIED, valueOf: MigrationPayload_OtpType.valueOf, enumValues: MigrationPayload_OtpType.values)
+    ..aInt64(7, _omitFieldNames ? '' : 'counter')
+    ..hasRequiredFields = false
+  ;
+
+  @$core.Deprecated(
+  'Using this can add significant overhead to your binary. '
+  'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
+  'Will be removed in next major version')
+  MigrationPayload_OtpParameters clone() => MigrationPayload_OtpParameters()..mergeFromMessage(this);
+  @$core.Deprecated(
+  'Using this can add significant overhead to your binary. '
+  'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
+  'Will be removed in next major version')
+  MigrationPayload_OtpParameters copyWith(void Function(MigrationPayload_OtpParameters) updates) => super.copyWith((message) => updates(message as MigrationPayload_OtpParameters)) as MigrationPayload_OtpParameters;
+
+  $pb.BuilderInfo get info_ => _i;
+
+  @$core.pragma('dart2js:noInline')
+  static MigrationPayload_OtpParameters create() => MigrationPayload_OtpParameters._();
+  MigrationPayload_OtpParameters createEmptyInstance() => create();
+  static $pb.PbList<MigrationPayload_OtpParameters> createRepeated() => $pb.PbList<MigrationPayload_OtpParameters>();
+  @$core.pragma('dart2js:noInline')
+  static MigrationPayload_OtpParameters getDefault() => _defaultInstance ??= $pb.GeneratedMessage.$_defaultFor<MigrationPayload_OtpParameters>(create);
+  static MigrationPayload_OtpParameters? _defaultInstance;
+
+  @$pb.TagNumber(1)
+  $core.List<$core.int> get secret => $_getN(0);
+  @$pb.TagNumber(1)
+  set secret($core.List<$core.int> v) { $_setBytes(0, v); }
+  @$pb.TagNumber(1)
+  $core.bool hasSecret() => $_has(0);
+  @$pb.TagNumber(1)
+  void clearSecret() => clearField(1);
+
+  @$pb.TagNumber(2)
+  $core.String get name => $_getSZ(1);
+  @$pb.TagNumber(2)
+  set name($core.String v) { $_setString(1, v); }
+  @$pb.TagNumber(2)
+  $core.bool hasName() => $_has(1);
+  @$pb.TagNumber(2)
+  void clearName() => clearField(2);
+
+  @$pb.TagNumber(3)
+  $core.String get issuer => $_getSZ(2);
+  @$pb.TagNumber(3)
+  set issuer($core.String v) { $_setString(2, v); }
+  @$pb.TagNumber(3)
+  $core.bool hasIssuer() => $_has(2);
+  @$pb.TagNumber(3)
+  void clearIssuer() => clearField(3);
+
+  @$pb.TagNumber(4)
+  MigrationPayload_Algorithm get algorithm => $_getN(3);
+  @$pb.TagNumber(4)
+  set algorithm(MigrationPayload_Algorithm v) { setField(4, v); }
+  @$pb.TagNumber(4)
+  $core.bool hasAlgorithm() => $_has(3);
+  @$pb.TagNumber(4)
+  void clearAlgorithm() => clearField(4);
+
+  @$pb.TagNumber(5)
+  MigrationPayload_DigitCount get digits => $_getN(4);
+  @$pb.TagNumber(5)
+  set digits(MigrationPayload_DigitCount v) { setField(5, v); }
+  @$pb.TagNumber(5)
+  $core.bool hasDigits() => $_has(4);
+  @$pb.TagNumber(5)
+  void clearDigits() => clearField(5);
+
+  @$pb.TagNumber(6)
+  MigrationPayload_OtpType get type => $_getN(5);
+  @$pb.TagNumber(6)
+  set type(MigrationPayload_OtpType v) { setField(6, v); }
+  @$pb.TagNumber(6)
+  $core.bool hasType() => $_has(5);
+  @$pb.TagNumber(6)
+  void clearType() => clearField(6);
+
+  @$pb.TagNumber(7)
+  $fixnum.Int64 get counter => $_getI64(6);
+  @$pb.TagNumber(7)
+  set counter($fixnum.Int64 v) { $_setInt64(6, v); }
+  @$pb.TagNumber(7)
+  $core.bool hasCounter() => $_has(6);
+  @$pb.TagNumber(7)
+  void clearCounter() => clearField(7);
+}
+
+class MigrationPayload extends $pb.GeneratedMessage {
+  factory MigrationPayload() => create();
+  MigrationPayload._() : super();
+  factory MigrationPayload.fromBuffer($core.List<$core.int> i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromBuffer(i, r);
+  factory MigrationPayload.fromJson($core.String i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromJson(i, r);
+
+  static final $pb.BuilderInfo _i = $pb.BuilderInfo(_omitMessageNames ? '' : 'MigrationPayload', package: const $pb.PackageName(_omitMessageNames ? '' : 'googleauth'), createEmptyInstance: create)
+    ..pc<MigrationPayload_OtpParameters>(1, _omitFieldNames ? '' : 'otpParameters', $pb.PbFieldType.PM, subBuilder: MigrationPayload_OtpParameters.create)
+    ..a<$core.int>(2, _omitFieldNames ? '' : 'version', $pb.PbFieldType.O3)
+    ..a<$core.int>(3, _omitFieldNames ? '' : 'batchSize', $pb.PbFieldType.O3)
+    ..a<$core.int>(4, _omitFieldNames ? '' : 'batchIndex', $pb.PbFieldType.O3)
+    ..a<$core.int>(5, _omitFieldNames ? '' : 'batchId', $pb.PbFieldType.O3)
+    ..hasRequiredFields = false
+  ;
+
+  @$core.Deprecated(
+  'Using this can add significant overhead to your binary. '
+  'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
+  'Will be removed in next major version')
+  MigrationPayload clone() => MigrationPayload()..mergeFromMessage(this);
+  @$core.Deprecated(
+  'Using this can add significant overhead to your binary. '
+  'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
+  'Will be removed in next major version')
+  MigrationPayload copyWith(void Function(MigrationPayload) updates) => super.copyWith((message) => updates(message as MigrationPayload)) as MigrationPayload;
+
+  $pb.BuilderInfo get info_ => _i;
+
+  @$core.pragma('dart2js:noInline')
+  static MigrationPayload create() => MigrationPayload._();
+  MigrationPayload createEmptyInstance() => create();
+  static $pb.PbList<MigrationPayload> createRepeated() => $pb.PbList<MigrationPayload>();
+  @$core.pragma('dart2js:noInline')
+  static MigrationPayload getDefault() => _defaultInstance ??= $pb.GeneratedMessage.$_defaultFor<MigrationPayload>(create);
+  static MigrationPayload? _defaultInstance;
+
+  @$pb.TagNumber(1)
+  $core.List<MigrationPayload_OtpParameters> get otpParameters => $_getList(0);
+
+  @$pb.TagNumber(2)
+  $core.int get version => $_getIZ(1);
+  @$pb.TagNumber(2)
+  set version($core.int v) { $_setSignedInt32(1, v); }
+  @$pb.TagNumber(2)
+  $core.bool hasVersion() => $_has(1);
+  @$pb.TagNumber(2)
+  void clearVersion() => clearField(2);
+
+  @$pb.TagNumber(3)
+  $core.int get batchSize => $_getIZ(2);
+  @$pb.TagNumber(3)
+  set batchSize($core.int v) { $_setSignedInt32(2, v); }
+  @$pb.TagNumber(3)
+  $core.bool hasBatchSize() => $_has(2);
+  @$pb.TagNumber(3)
+  void clearBatchSize() => clearField(3);
+
+  @$pb.TagNumber(4)
+  $core.int get batchIndex => $_getIZ(3);
+  @$pb.TagNumber(4)
+  set batchIndex($core.int v) { $_setSignedInt32(3, v); }
+  @$pb.TagNumber(4)
+  $core.bool hasBatchIndex() => $_has(3);
+  @$pb.TagNumber(4)
+  void clearBatchIndex() => clearField(4);
+
+  @$pb.TagNumber(5)
+  $core.int get batchId => $_getIZ(4);
+  @$pb.TagNumber(5)
+  set batchId($core.int v) { $_setSignedInt32(4, v); }
+  @$pb.TagNumber(5)
+  $core.bool hasBatchId() => $_has(4);
+  @$pb.TagNumber(5)
+  void clearBatchId() => clearField(5);
+}
+
+
+const _omitFieldNames = $core.bool.fromEnvironment('protobuf.omit_field_names');
+const _omitMessageNames = $core.bool.fromEnvironment('protobuf.omit_message_names');

lib/models/protos/googleauth.pbenum.dart

@@ -0,0 +1,72 @@
+//
+//  Generated code. Do not modify.
+//  source: googleauth.proto
+//
+// @dart = 2.12
+
+// ignore_for_file: annotate_overrides, camel_case_types
+// ignore_for_file: constant_identifier_names, library_prefixes
+// ignore_for_file: non_constant_identifier_names, prefer_final_fields
+// ignore_for_file: unnecessary_import, unnecessary_this, unused_import
+
+import 'dart:core' as $core;
+
+import 'package:protobuf/protobuf.dart' as $pb;
+
+class MigrationPayload_Algorithm extends $pb.ProtobufEnum {
+  static const MigrationPayload_Algorithm ALGORITHM_UNSPECIFIED = MigrationPayload_Algorithm._(0, _omitEnumNames ? '' : 'ALGORITHM_UNSPECIFIED');
+  static const MigrationPayload_Algorithm ALGORITHM_SHA1 = MigrationPayload_Algorithm._(1, _omitEnumNames ? '' : 'ALGORITHM_SHA1');
+  static const MigrationPayload_Algorithm ALGORITHM_SHA256 = MigrationPayload_Algorithm._(2, _omitEnumNames ? '' : 'ALGORITHM_SHA256');
+  static const MigrationPayload_Algorithm ALGORITHM_SHA512 = MigrationPayload_Algorithm._(3, _omitEnumNames ? '' : 'ALGORITHM_SHA512');
+  static const MigrationPayload_Algorithm ALGORITHM_MD5 = MigrationPayload_Algorithm._(4, _omitEnumNames ? '' : 'ALGORITHM_MD5');
+
+  static const $core.List<MigrationPayload_Algorithm> values = <MigrationPayload_Algorithm> [
+    ALGORITHM_UNSPECIFIED,
+    ALGORITHM_SHA1,
+    ALGORITHM_SHA256,
+    ALGORITHM_SHA512,
+    ALGORITHM_MD5,
+  ];
+
+  static final $core.Map<$core.int, MigrationPayload_Algorithm> _byValue = $pb.ProtobufEnum.initByValue(values);
+  static MigrationPayload_Algorithm? valueOf($core.int value) => _byValue[value];
+
+  const MigrationPayload_Algorithm._($core.int v, $core.String n) : super(v, n);
+}
+
+class MigrationPayload_DigitCount extends $pb.ProtobufEnum {
+  static const MigrationPayload_DigitCount DIGIT_COUNT_UNSPECIFIED = MigrationPayload_DigitCount._(0, _omitEnumNames ? '' : 'DIGIT_COUNT_UNSPECIFIED');
+  static const MigrationPayload_DigitCount DIGIT_COUNT_SIX = MigrationPayload_DigitCount._(1, _omitEnumNames ? '' : 'DIGIT_COUNT_SIX');
+  static const MigrationPayload_DigitCount DIGIT_COUNT_EIGHT = MigrationPayload_DigitCount._(2, _omitEnumNames ? '' : 'DIGIT_COUNT_EIGHT');
+
+  static const $core.List<MigrationPayload_DigitCount> values = <MigrationPayload_DigitCount> [
+    DIGIT_COUNT_UNSPECIFIED,
+    DIGIT_COUNT_SIX,
+    DIGIT_COUNT_EIGHT,
+  ];
+
+  static final $core.Map<$core.int, MigrationPayload_DigitCount> _byValue = $pb.ProtobufEnum.initByValue(values);
+  static MigrationPayload_DigitCount? valueOf($core.int value) => _byValue[value];
+
+  const MigrationPayload_DigitCount._($core.int v, $core.String n) : super(v, n);
+}
+
+class MigrationPayload_OtpType extends $pb.ProtobufEnum {
+  static const MigrationPayload_OtpType OTP_TYPE_UNSPECIFIED = MigrationPayload_OtpType._(0, _omitEnumNames ? '' : 'OTP_TYPE_UNSPECIFIED');
+  static const MigrationPayload_OtpType OTP_TYPE_HOTP = MigrationPayload_OtpType._(1, _omitEnumNames ? '' : 'OTP_TYPE_HOTP');
+  static const MigrationPayload_OtpType OTP_TYPE_TOTP = MigrationPayload_OtpType._(2, _omitEnumNames ? '' : 'OTP_TYPE_TOTP');
+
+  static const $core.List<MigrationPayload_OtpType> values = <MigrationPayload_OtpType> [
+    OTP_TYPE_UNSPECIFIED,
+    OTP_TYPE_HOTP,
+    OTP_TYPE_TOTP,
+  ];
+
+  static final $core.Map<$core.int, MigrationPayload_OtpType> _byValue = $pb.ProtobufEnum.initByValue(values);
+  static MigrationPayload_OtpType? valueOf($core.int value) => _byValue[value];
+
+  const MigrationPayload_OtpType._($core.int v, $core.String n) : super(v, n);
+}
+
+
+const _omitEnumNames = $core.bool.fromEnvironment('protobuf.omit_enum_names');

lib/models/protos/googleauth.pbjson.dart

@@ -0,0 +1,93 @@
+//
+//  Generated code. Do not modify.
+//  source: googleauth.proto
+//
+// @dart = 2.12
+
+// ignore_for_file: annotate_overrides, camel_case_types
+// ignore_for_file: constant_identifier_names, library_prefixes
+// ignore_for_file: non_constant_identifier_names, prefer_final_fields
+// ignore_for_file: unnecessary_import, unnecessary_this, unused_import
+
+import 'dart:convert' as $convert;
+import 'dart:core' as $core;
+import 'dart:typed_data' as $typed_data;
+
+@$core.Deprecated('Use migrationPayloadDescriptor instead')
+const MigrationPayload$json = {
+  '1': 'MigrationPayload',
+  '2': [
+    {'1': 'otp_parameters', '3': 1, '4': 3, '5': 11, '6': '.googleauth.MigrationPayload.OtpParameters', '10': 'otpParameters'},
+    {'1': 'version', '3': 2, '4': 1, '5': 5, '10': 'version'},
+    {'1': 'batch_size', '3': 3, '4': 1, '5': 5, '10': 'batchSize'},
+    {'1': 'batch_index', '3': 4, '4': 1, '5': 5, '10': 'batchIndex'},
+    {'1': 'batch_id', '3': 5, '4': 1, '5': 5, '10': 'batchId'},
+  ],
+  '3': [MigrationPayload_OtpParameters$json],
+  '4': [MigrationPayload_Algorithm$json, MigrationPayload_DigitCount$json, MigrationPayload_OtpType$json],
+};
+
+@$core.Deprecated('Use migrationPayloadDescriptor instead')
+const MigrationPayload_OtpParameters$json = {
+  '1': 'OtpParameters',
+  '2': [
+    {'1': 'secret', '3': 1, '4': 1, '5': 12, '10': 'secret'},
+    {'1': 'name', '3': 2, '4': 1, '5': 9, '10': 'name'},
+    {'1': 'issuer', '3': 3, '4': 1, '5': 9, '10': 'issuer'},
+    {'1': 'algorithm', '3': 4, '4': 1, '5': 14, '6': '.googleauth.MigrationPayload.Algorithm', '10': 'algorithm'},
+    {'1': 'digits', '3': 5, '4': 1, '5': 14, '6': '.googleauth.MigrationPayload.DigitCount', '10': 'digits'},
+    {'1': 'type', '3': 6, '4': 1, '5': 14, '6': '.googleauth.MigrationPayload.OtpType', '10': 'type'},
+    {'1': 'counter', '3': 7, '4': 1, '5': 3, '10': 'counter'},
+  ],
+};
+
+@$core.Deprecated('Use migrationPayloadDescriptor instead')
+const MigrationPayload_Algorithm$json = {
+  '1': 'Algorithm',
+  '2': [
+    {'1': 'ALGORITHM_UNSPECIFIED', '2': 0},
+    {'1': 'ALGORITHM_SHA1', '2': 1},
+    {'1': 'ALGORITHM_SHA256', '2': 2},
+    {'1': 'ALGORITHM_SHA512', '2': 3},
+    {'1': 'ALGORITHM_MD5', '2': 4},
+  ],
+};
+
+@$core.Deprecated('Use migrationPayloadDescriptor instead')
+const MigrationPayload_DigitCount$json = {
+  '1': 'DigitCount',
+  '2': [
+    {'1': 'DIGIT_COUNT_UNSPECIFIED', '2': 0},
+    {'1': 'DIGIT_COUNT_SIX', '2': 1},
+    {'1': 'DIGIT_COUNT_EIGHT', '2': 2},
+  ],
+};
+
+@$core.Deprecated('Use migrationPayloadDescriptor instead')
+const MigrationPayload_OtpType$json = {
+  '1': 'OtpType',
+  '2': [
+    {'1': 'OTP_TYPE_UNSPECIFIED', '2': 0},
+    {'1': 'OTP_TYPE_HOTP', '2': 1},
+    {'1': 'OTP_TYPE_TOTP', '2': 2},
+  ],
+};
+
+/// Descriptor for `MigrationPayload`. Decode as a `google.protobuf.DescriptorProto`.
+final $typed_data.Uint8List migrationPayloadDescriptor = $convert.base64Decode(
+    'ChBNaWdyYXRpb25QYXlsb2FkElEKDm90cF9wYXJhbWV0ZXJzGAEgAygLMiouZ29vZ2xlYXV0aC'
+    '5NaWdyYXRpb25QYXlsb2FkLk90cFBhcmFtZXRlcnNSDW90cFBhcmFtZXRlcnMSGAoHdmVyc2lv'
+    'bhgCIAEoBVIHdmVyc2lvbhIdCgpiYXRjaF9zaXplGAMgASgFUgliYXRjaFNpemUSHwoLYmF0Y2'
+    'hfaW5kZXgYBCABKAVSCmJhdGNoSW5kZXgSGQoIYmF0Y2hfaWQYBSABKAVSB2JhdGNoSWQargIK'
+    'DU90cFBhcmFtZXRlcnMSFgoGc2VjcmV0GAEgASgMUgZzZWNyZXQSEgoEbmFtZRgCIAEoCVIEbm'
+    'FtZRIWCgZpc3N1ZXIYAyABKAlSBmlzc3VlchJECglhbGdvcml0aG0YBCABKA4yJi5nb29nbGVh'
+    'dXRoLk1pZ3JhdGlvblBheWxvYWQuQWxnb3JpdGhtUglhbGdvcml0aG0SPwoGZGlnaXRzGAUgAS'
+    'gOMicuZ29vZ2xlYXV0aC5NaWdyYXRpb25QYXlsb2FkLkRpZ2l0Q291bnRSBmRpZ2l0cxI4CgR0'
+    'eXBlGAYgASgOMiQuZ29vZ2xlYXV0aC5NaWdyYXRpb25QYXlsb2FkLk90cFR5cGVSBHR5cGUSGA'
+    'oHY291bnRlchgHIAEoA1IHY291bnRlciJ5CglBbGdvcml0aG0SGQoVQUxHT1JJVEhNX1VOU1BF'
+    'Q0lGSUVEEAASEgoOQUxHT1JJVEhNX1NIQTEQARIUChBBTEdPUklUSE1fU0hBMjU2EAISFAoQQU'
+    'xHT1JJVEhNX1NIQTUxMhADEhEKDUFMR09SSVRITV9NRDUQBCJVCgpEaWdpdENvdW50EhsKF0RJ'
+    'R0lUX0NPVU5UX1VOU1BFQ0lGSUVEEAASEwoPRElHSVRfQ09VTlRfU0lYEAESFQoRRElHSVRfQ0'
+    '9VTlRfRUlHSFQQAiJJCgdPdHBUeXBlEhgKFE9UUF9UWVBFX1VOU1BFQ0lGSUVEEAASEQoNT1RQ'
+    'X1RZUEVfSE9UUBABEhEKDU9UUF9UWVBFX1RPVFAQAg==');
+

lib/models/protos/googleauth.pbserver.dart

@@ -0,0 +1,14 @@
+//
+//  Generated code. Do not modify.
+//  source: googleauth.proto
+//
+// @dart = 2.12
+
+// ignore_for_file: annotate_overrides, camel_case_types
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: deprecated_member_use_from_same_package, library_prefixes
+// ignore_for_file: non_constant_identifier_names, prefer_final_fields
+// ignore_for_file: unnecessary_import, unnecessary_this, unused_import
+
+export 'googleauth.pb.dart';
+

lib/models/user_details.dart

@@ -1,3 +1,4 @@
+import 'dart:convert';
 import 'dart:math';
 
 import 'package:collection/collection.dart';
@@ -10,6 +11,7 @@ class UserDetails {
   final int sharedCollectionsCount;
   final Subscription subscription;
   final FamilyData? familyData;
+  final ProfileData? profileData;
 
   UserDetails(
     this.email,
@@ -18,6 +20,7 @@ class UserDetails {
     this.sharedCollectionsCount,
     this.subscription,
     this.familyData,
+      this.profileData,
   );
 
   bool isPartOfFamily() {
@@ -59,8 +62,10 @@ class UserDetails {
       (map['sharedCollectionsCount'] ?? 0) as int,
       Subscription.fromMap(map['subscription']),
       FamilyData.fromMap(map['familyData']),
+      ProfileData.fromJson(map['profileData']),
     );
   }
+
 }
 
 class FamilyMember {
@@ -80,7 +85,39 @@ class FamilyMember {
     );
   }
 }
+class ProfileData {
+  bool canDisableEmailMFA;
+  bool isEmailMFAEnabled;
+  bool isTwoFactorEnabled;
 
+  // Constructor with default values
+  ProfileData({
+    this.canDisableEmailMFA = false,
+    this.isEmailMFAEnabled = false,
+    this.isTwoFactorEnabled = false,
+  });
+
+  // Factory method to create ProfileData instance from JSON
+  factory ProfileData.fromJson(Map<String, dynamic>? json) {
+    if (json == null) null;
+
+    return ProfileData(
+      canDisableEmailMFA: json!['canDisableEmailMFA'] ?? false,
+      isEmailMFAEnabled: json['isEmailMFAEnabled'] ?? false,
+      isTwoFactorEnabled: json['isTwoFactorEnabled'] ?? false,
+    );
+  }
+
+  // Method to convert ProfileData instance to JSON
+  Map<String, dynamic> toJson() {
+    return {
+      'canDisableEmailMFA': canDisableEmailMFA,
+      'isEmailMFAEnabled': isEmailMFAEnabled,
+      'isTwoFactorEnabled': isTwoFactorEnabled,
+    };
+  }
+  String toJsonString() => json.encode(toJson());
+}
 class FamilyData {
   final List<FamilyMember>? members;
 

lib/onboarding/view/onboarding_page.dart

@@ -163,7 +163,7 @@ class _OnboardingPageState extends State<OnboardingPage> {
       // No key
       if (Configuration.instance.getKeyAttributes() == null) {
         // Never had a key
-        page = const PasswordEntryPage();
+        page = const PasswordEntryPage(mode: PasswordEntryMode.set,);
       } else if (Configuration.instance.getKey() == null) {
         // Yet to decrypt the key
         page = const PasswordReentryPage();
@@ -189,7 +189,7 @@ class _OnboardingPageState extends State<OnboardingPage> {
       // No key
       if (Configuration.instance.getKeyAttributes() == null) {
         // Never had a key
-        page = const PasswordEntryPage();
+        page = const PasswordEntryPage(mode: PasswordEntryMode.set,);
       } else if (Configuration.instance.getKey() == null) {
         // Yet to decrypt the key
         page = const PasswordReentryPage();

lib/onboarding/view/setup_enter_secret_key_page.dart

@@ -23,12 +23,12 @@ class _SetupEnterSecretKeyPageState extends State<SetupEnterSecretKeyPage> {
   void initState() {
     _issuerController = TextEditingController(
       text: widget.code != null
-          ? Uri.decodeFull(widget.code!.issuer).trim()
+          ? safeDecode(widget.code!.issuer).trim()
           : null,
     );
     _accountController = TextEditingController(
       text: widget.code != null
-          ? Uri.decodeFull(widget.code!.account).trim()
+          ? safeDecode(widget.code!.account).trim()
           : null,
     );
     _secretController = TextEditingController(
@@ -132,7 +132,7 @@ class _SetupEnterSecretKeyPageState extends State<SetupEnterSecretKeyPage> {
                                 secret: secret,
                               );
                         // Verify the validity of the code
-                        getTotp(newCode);
+                        getOTP(newCode);
                         Navigator.of(context).pop(newCode);
                       } catch (e) {
                         _showIncorrectDetailsDialog(context);

lib/onboarding/view/view_qr_page.dart

@@ -0,0 +1,100 @@
+
+import 'dart:math';
+
+import "package:ente_auth/l10n/l10n.dart";
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/theme/ente_theme.dart';
+import "package:flutter/material.dart";
+import 'package:qr_flutter/qr_flutter.dart';
+
+class ViewQrPage extends StatelessWidget {
+  final Code? code;
+
+  ViewQrPage({this.code, Key? key}) : super(key: key);
+
+  @override
+  Widget build(BuildContext context) {
+    final screenWidth = MediaQuery.of(context).size.width;
+    final double qrSize = min(screenWidth - 80, 300.0);
+    final enteTextTheme = getEnteTextTheme(context);
+    final l10n = context.l10n;
+    return Scaffold(
+      appBar: AppBar(
+        title: Text(l10n.qrCode),
+      ),
+      body: SafeArea(
+        child: Center(
+          child: Padding(
+            padding: const EdgeInsets.symmetric(vertical: 40.0, horizontal: 40),
+            child: Column(
+              children: [
+                QrImage(
+                  data: code!.rawData,
+                  foregroundColor: Theme.of(context).colorScheme.onBackground,
+                  version: QrVersions.auto,
+                  size: qrSize,
+                ),
+                const SizedBox(
+                  height: 20,
+                ),
+                Row(
+                  mainAxisAlignment: MainAxisAlignment.center,
+                  children: [
+                    Text(
+                      l10n.account,
+                      style: enteTextTheme.largeMuted,
+                    ),
+                    const SizedBox(
+                      width: 10,
+                    ),
+                    Text(
+                      code?.account ?? '',
+                      style: enteTextTheme.largeBold,
+                    ),
+                  ],
+                ),
+                const SizedBox(
+                  height: 4,
+                ),
+                Row(
+                  mainAxisAlignment: MainAxisAlignment.center,
+                  children: [
+                    Text(
+                      l10n.codeIssuerHint,
+                      style: enteTextTheme.largeMuted,
+                    ),
+                    const SizedBox(
+                      width: 10,
+                    ),
+                    Text(
+                      code?.issuer ?? '',
+                      style: enteTextTheme.largeBold,
+                    ),
+                  ],
+                ),
+                const SizedBox(
+                  height: 80,
+                ),
+                SizedBox(
+                  width: 400,
+                  child: OutlinedButton(
+                    onPressed: () {
+                      Navigator.of(context).pop();
+                    },
+                    child: Padding(
+                      padding: const EdgeInsets.symmetric(
+                        horizontal: 16.0,
+                        vertical: 4,
+                      ),
+                      child: Text(l10n.back),
+                    ),
+                  ),
+                )
+              ],
+            ),
+          ),
+        ),
+      ),
+    );
+  }
+}

lib/services/authenticator_service.dart

@@ -217,7 +217,7 @@ class AuthenticatorService {
       final AuthKey response = await _gateway.getKey();
       final authKey = CryptoUtil.decryptSync(
         Sodium.base642bin(response.encryptedKey),
-        _config.getKey(),
+        _config.getKey()!,
         Sodium.base642bin(response.header),
       );
       await _config.setAuthSecretKey(Sodium.bin2base64(authKey));

lib/services/update_service.dart

@@ -5,16 +5,18 @@ import 'dart:io';
 import 'package:ente_auth/core/constants.dart';
 import 'package:ente_auth/core/network.dart';
 import 'package:ente_auth/services/notification_service.dart';
-import 'package:flutter/foundation.dart';
 import 'package:logging/logging.dart';
 import 'package:package_info_plus/package_info_plus.dart';
 import 'package:shared_preferences/shared_preferences.dart';
+import 'package:tuple/tuple.dart';
+import 'package:url_launcher/url_launcher_string.dart';
 
 class UpdateService {
   UpdateService._privateConstructor();
 
   static final UpdateService instance = UpdateService._privateConstructor();
   static const kUpdateAvailableShownTimeKey = "update_available_shown_time_key";
+  static const String flavor = String.fromEnvironment('app.flavor');
 
   LatestVersionInfo? _latestVersion;
   final _logger = Logger("UpdateService");
@@ -87,11 +89,47 @@ class UpdateService {
     return LatestVersionInfo.fromMap(response.data["latestVersion"]);
   }
 
-  bool isIndependent() {
-    if (Platform.isIOS) {
-      return false;
+  // getRateDetails returns details about the place
+  Tuple2<String, String> getRateDetails() {
+    // Note: in auth, currently we don't have a way to identify if the
+    // app was installed from play store, f-droid or github based on pkg name
+    if (Platform.isAndroid) {
+      if(flavor == "playstore") {
+        return const Tuple2(
+          "Play Store",
+          "market://details??id=io.ente.auth",
+        );
+      }
+      return const Tuple2(
+        "AlternativeTo",
+        "https://alternativeto.net/software/ente-authenticator/about/",
+      );
     }
-    return kDebugMode || _packageInfo.packageName.endsWith("independent");
+    return const Tuple2(
+      "App Store",
+      "https://apps.apple.com/in/app/ente-photos/id6444121398",
+    );
+  }
+
+  Future<void> launchReviewUrl() async {
+    final String url = getRateDetails().item2;
+    try {
+      await launchUrlString(url, mode: LaunchMode.externalApplication);
+    } catch (e) {
+      _logger.severe("Failed top open launch url $url", e);
+      // Fall back if we fail to open play-store market app on android
+      if (Platform.isAndroid && url.startsWith("market://")) {
+        launchUrlString(
+          "https://play.google.com/store/apps/details?id=io"
+              ".ente.auth",
+          mode: LaunchMode.externalApplication,
+        ).ignore();
+      }
+    }
+  }
+
+  bool isIndependent() {
+    return flavor == "independent" || _packageInfo.packageName.endsWith("independent");
   }
 }
 

lib/store/code_store.dart

@@ -1,5 +1,6 @@
 import 'dart:convert';
 
+import 'package:collection/collection.dart';
 import 'package:ente_auth/core/event_bus.dart';
 import 'package:ente_auth/events/codes_updated_event.dart';
 import 'package:ente_auth/models/authenticator/entity_result.dart';
@@ -33,11 +34,11 @@ class CodeStore {
 
     // sort codes by issuer,account
     codes.sort((a, b) {
-      final issuerComparison = a.issuer.compareTo(b.issuer);
+      final issuerComparison = compareAsciiLowerCaseNatural(a.issuer, b.issuer);
       if (issuerComparison != 0) {
         return issuerComparison;
       }
-      return a.account.compareTo(b.account);
+      return compareAsciiLowerCaseNatural(a.account, b.account);
     });
     return codes;
   }

lib/theme/text_style.dart

@@ -5,6 +5,18 @@ const FontWeight _regularWeight = FontWeight.w500;
 const FontWeight _boldWeight = FontWeight.w600;
 const String _fontFamily = 'Inter';
 
+const TextStyle brandStyleSmall = TextStyle(
+  fontWeight: FontWeight.bold,
+  fontFamily: 'Montserrat',
+  fontSize: 21,
+);
+
+const TextStyle brandStyleMedium = TextStyle(
+  fontWeight: FontWeight.bold,
+  fontFamily: 'Montserrat',
+  fontSize: 24,
+);
+
 const TextStyle h1 = TextStyle(
   fontSize: 48,
   height: 48 / 28,
@@ -31,7 +43,7 @@ const TextStyle large = TextStyle(
 );
 const TextStyle body = TextStyle(
   fontSize: 16,
-  height: 19.4 / 16.0,
+  height: 20 / 16.0,
   fontWeight: _regularWeight,
   fontFamily: _fontFamily,
 );
@@ -71,6 +83,29 @@ class EnteTextTheme {
   final TextStyle miniBold;
   final TextStyle tiny;
   final TextStyle tinyBold;
+  final TextStyle brandSmall;
+  final TextStyle brandMedium;
+
+  // textMuted variants
+  final TextStyle h1Muted;
+  final TextStyle h2Muted;
+  final TextStyle h3Muted;
+  final TextStyle largeMuted;
+  final TextStyle bodyMuted;
+  final TextStyle smallMuted;
+  final TextStyle miniMuted;
+  final TextStyle miniBoldMuted;
+  final TextStyle tinyMuted;
+
+  // textFaint variants
+  final TextStyle h1Faint;
+  final TextStyle h2Faint;
+  final TextStyle h3Faint;
+  final TextStyle largeFaint;
+  final TextStyle bodyFaint;
+  final TextStyle smallFaint;
+  final TextStyle miniFaint;
+  final TextStyle tinyFaint;
 
   const EnteTextTheme({
     required this.h1,
@@ -89,13 +124,45 @@ class EnteTextTheme {
     required this.miniBold,
     required this.tiny,
     required this.tinyBold,
+    required this.brandSmall,
+    required this.brandMedium,
+    required this.h1Muted,
+    required this.h2Muted,
+    required this.h3Muted,
+    required this.largeMuted,
+    required this.bodyMuted,
+    required this.smallMuted,
+    required this.miniMuted,
+    required this.miniBoldMuted,
+    required this.tinyMuted,
+    required this.h1Faint,
+    required this.h2Faint,
+    required this.h3Faint,
+    required this.largeFaint,
+    required this.bodyFaint,
+    required this.smallFaint,
+    required this.miniFaint,
+    required this.tinyFaint,
   });
 }
 
-EnteTextTheme lightTextTheme = _buildEnteTextStyle(textBaseLight);
-EnteTextTheme darkTextTheme = _buildEnteTextStyle(textBaseDark);
+EnteTextTheme lightTextTheme = _buildEnteTextStyle(
+  textBaseLight,
+  textMutedLight,
+  textFaintLight,
+);
 
-EnteTextTheme _buildEnteTextStyle(Color color) {
+EnteTextTheme darkTextTheme = _buildEnteTextStyle(
+  textBaseDark,
+  textMutedDark,
+  textFaintDark,
+);
+
+EnteTextTheme _buildEnteTextStyle(
+    Color color,
+    Color textMuted,
+    Color textFaint,
+    ) {
   return EnteTextTheme(
     h1: h1.copyWith(color: color),
     h1Bold: h1.copyWith(color: color, fontWeight: _boldWeight),
@@ -113,5 +180,24 @@ EnteTextTheme _buildEnteTextStyle(Color color) {
     miniBold: mini.copyWith(color: color, fontWeight: _boldWeight),
     tiny: tiny.copyWith(color: color),
     tinyBold: tiny.copyWith(color: color, fontWeight: _boldWeight),
+    brandSmall: brandStyleSmall.copyWith(color: color),
+    brandMedium: brandStyleMedium.copyWith(color: color),
+    h1Muted: h1.copyWith(color: textMuted),
+    h2Muted: h2.copyWith(color: textMuted),
+    h3Muted: h3.copyWith(color: textMuted),
+    largeMuted: large.copyWith(color: textMuted),
+    bodyMuted: body.copyWith(color: textMuted),
+    smallMuted: small.copyWith(color: textMuted),
+    miniMuted: mini.copyWith(color: textMuted),
+    miniBoldMuted: mini.copyWith(color: textMuted, fontWeight: _boldWeight),
+    tinyMuted: tiny.copyWith(color: textMuted),
+    h1Faint: h1.copyWith(color: textFaint),
+    h2Faint: h2.copyWith(color: textFaint),
+    h3Faint: h3.copyWith(color: textFaint),
+    largeFaint: large.copyWith(color: textFaint),
+    bodyFaint: body.copyWith(color: textFaint),
+    smallFaint: small.copyWith(color: textFaint),
+    miniFaint: mini.copyWith(color: textFaint),
+    tinyFaint: tiny.copyWith(color: textFaint),
   );
 }

lib/ui/account/login_page.dart

@@ -1,10 +1,14 @@
 import 'package:email_validator/email_validator.dart';
 import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/core/errors.dart';
 import "package:ente_auth/l10n/l10n.dart";
+import 'package:ente_auth/models/api/user/srp.dart';
 import 'package:ente_auth/services/user_service.dart';
+import 'package:ente_auth/ui/account/login_pwd_verification_page.dart';
 import 'package:ente_auth/ui/common/dynamic_fab.dart';
 import 'package:ente_auth/ui/common/web_page.dart';
 import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
 import "package:styled_text/styled_text.dart";
 
 class LoginPage extends StatefulWidget {
@@ -19,6 +23,7 @@ class _LoginPageState extends State<LoginPage> {
   bool _emailIsValid = false;
   String? _email;
   Color? _emailInputFieldColor;
+  final Logger _logger = Logger('_LoginPageState');
 
   @override
   void initState() {
@@ -55,10 +60,32 @@ class _LoginPageState extends State<LoginPage> {
         isKeypadOpen: isKeypadOpen,
         isFormValid: _emailIsValid,
         buttonText: context.l10n.logInLabel,
-        onPressedFunction: () {
+        onPressedFunction: () async {
           UserService.instance.setEmail(_email!);
-          UserService.instance
-              .sendOtt(context, _email!, isCreateAccountScreen: false);
+          SrpAttributes? attr;
+          bool isEmailVerificationEnabled = true;
+          try {
+            attr = await UserService.instance.getSrpAttributes(_email!);
+            isEmailVerificationEnabled = attr.isEmailMFAEnabled;
+          } catch (e) {
+            if (e is! SrpSetupNotCompleteError) {
+              _logger.severe('Error getting SRP attributes', e);
+            }
+          }
+          if (attr != null && !isEmailVerificationEnabled) {
+            Navigator.of(context).push(
+              MaterialPageRoute(
+                builder: (BuildContext context) {
+                  return LoginPasswordVerificationPage(
+                    srpAttributes: attr!,
+                  );
+                },
+              ),
+            );
+          } else {
+            await UserService.instance
+                .sendOtt(context, _email!, isCreateAccountScreen: false);
+          }
           FocusScope.of(context).unfocus();
         },
       ),

lib/ui/account/login_pwd_verification_page.dart

@@ -0,0 +1,232 @@
+
+import 'package:ente_auth/core/configuration.dart';
+import "package:ente_auth/l10n/l10n.dart";
+import "package:ente_auth/models/api/user/srp.dart";
+import "package:ente_auth/services/user_service.dart";
+import "package:ente_auth/theme/ente_theme.dart";
+import 'package:ente_auth/ui/common/dynamic_fab.dart';
+import "package:ente_auth/utils/dialog_util.dart";
+import 'package:flutter/material.dart';
+import "package:logging/logging.dart";
+
+// LoginPasswordVerificationPage is a page that allows the user to enter their password to verify their identity.
+// If the password is correct, then the user is either directed to
+// PasswordReentryPage (if the user has not yet set up 2FA) or TwoFactorAuthenticationPage (if the user has set up 2FA).
+// In the PasswordReentryPage, the password is auto-filled based on the
+// volatile password.
+class LoginPasswordVerificationPage extends StatefulWidget {
+  final SrpAttributes srpAttributes;
+  const LoginPasswordVerificationPage({Key? key, required this.srpAttributes}) : super(key: key);
+
+  @override
+  State<LoginPasswordVerificationPage> createState() => _LoginPasswordVerificationPageState();
+}
+
+class _LoginPasswordVerificationPageState extends
+State<LoginPasswordVerificationPage> {
+  final _logger = Logger((_LoginPasswordVerificationPageState).toString());
+  final _passwordController = TextEditingController();
+  final FocusNode _passwordFocusNode = FocusNode();
+  String? email;
+  bool _passwordInFocus = false;
+  bool _passwordVisible = false;
+
+  @override
+  void initState() {
+    super.initState();
+    email = Configuration.instance.getEmail();
+    _passwordFocusNode.addListener(() {
+      setState(() {
+        _passwordInFocus = _passwordFocusNode.hasFocus;
+      });
+    });
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    final isKeypadOpen = MediaQuery.of(context).viewInsets.bottom > 100;
+
+    FloatingActionButtonLocation? fabLocation() {
+      if (isKeypadOpen) {
+        return null;
+      } else {
+        return FloatingActionButtonLocation.centerFloat;
+      }
+    }
+
+    return Scaffold(
+      resizeToAvoidBottomInset: isKeypadOpen,
+      appBar: AppBar(
+        elevation: 0,
+        leading: IconButton(
+          icon: const Icon(Icons.arrow_back),
+          color: Theme.of(context).iconTheme.color,
+          onPressed: () {
+            Navigator.of(context).pop();
+          },
+        ),
+      ),
+      body: _getBody(),
+      floatingActionButton: DynamicFAB(
+        key: const ValueKey("verifyPasswordButton"),
+        isKeypadOpen: isKeypadOpen,
+        isFormValid: _passwordController.text.isNotEmpty,
+        buttonText: context.l10n.logInLabel,
+        onPressedFunction: () async {
+          FocusScope.of(context).unfocus();
+          await UserService.instance.verifyEmailViaPassword(context, widget
+              .srpAttributes,
+              _passwordController.text,);
+        },
+      ),
+      floatingActionButtonLocation: fabLocation(),
+      floatingActionButtonAnimator: NoScalingAnimation(),
+    );
+  }
+
+  Widget _getBody() {
+    return Column(
+      children: [
+        Expanded(
+          child: AutofillGroup(
+            child: ListView(
+              children: [
+                Padding(
+                  padding:
+                  const EdgeInsets.only(top: 30, left: 20, right: 20),
+                  child: Text(
+                    context.l10n.enterPassword,
+                    style: Theme.of(context).textTheme.headlineMedium,
+                  ),
+                ),
+                Padding(
+                  padding: const EdgeInsets.only(bottom: 30, left: 22, right:
+                  20,),
+                  child: Text(email ?? '', style: getEnteTextTheme(context).smallMuted,),
+                ),
+                Visibility(
+                  // hidden textForm for suggesting auto-fill service for saving
+                  // password
+                  visible: false,
+                  child: TextFormField(
+                    autofillHints: const [
+                      AutofillHints.email,
+                    ],
+                    autocorrect: false,
+                    keyboardType: TextInputType.emailAddress,
+                    initialValue: email,
+                    textInputAction: TextInputAction.next,
+                  ),
+                ),
+                Padding(
+                  padding: const EdgeInsets.fromLTRB(20, 24, 20, 0),
+                  child: TextFormField(
+                    key: const ValueKey("passwordInputField"),
+                    autofillHints: const [AutofillHints.password],
+                    decoration: InputDecoration(
+                      hintText: context.l10n.enterYourPasswordHint,
+                      filled: true,
+                      contentPadding: const EdgeInsets.all(20),
+                      border: UnderlineInputBorder(
+                        borderSide: BorderSide.none,
+                        borderRadius: BorderRadius.circular(6),
+                      ),
+                      suffixIcon: _passwordInFocus
+                          ? IconButton(
+                        icon: Icon(
+                          _passwordVisible
+                              ? Icons.visibility
+                              : Icons.visibility_off,
+                          color: Theme.of(context).iconTheme.color,
+                          size: 20,
+                        ),
+                        onPressed: () {
+                          setState(() {
+                            _passwordVisible = !_passwordVisible;
+                          });
+                        },
+                      )
+                          : null,
+                    ),
+                    style: const TextStyle(
+                      fontSize: 14,
+                    ),
+                    controller: _passwordController,
+                    autofocus: true,
+                    autocorrect: false,
+                    obscureText: !_passwordVisible,
+                    keyboardType: TextInputType.visiblePassword,
+                    focusNode: _passwordFocusNode,
+                    onChanged: (_) {
+                      setState(() {});
+                    },
+                  ),
+                ),
+                const Padding(
+                  padding: EdgeInsets.symmetric(vertical: 18),
+                  child: Divider(
+                    thickness: 1,
+                  ),
+                ),
+                Padding(
+                  padding: const EdgeInsets.symmetric(horizontal: 20),
+                  child: Row(
+                    mainAxisAlignment: MainAxisAlignment.spaceBetween,
+                    children: [
+                      GestureDetector(
+                        behavior: HitTestBehavior.opaque,
+                        onTap: () async {
+                          await UserService.instance
+                              .sendOtt(context, email!,
+                              isResetPasswordScreen: true,);
+                        },
+                        child: Center(
+                          child: Text(
+                            context.l10n.forgotPassword,
+                            style: Theme.of(context)
+                                .textTheme
+                                .titleMedium!
+                                .copyWith(
+                              fontSize: 14,
+                              decoration: TextDecoration.underline,
+                            ),
+                          ),
+                        ),
+                      ),
+                      GestureDetector(
+                        behavior: HitTestBehavior.opaque,
+                        onTap: () async {
+                          final dialog = createProgressDialog(
+                            context,
+                            context.l10n.pleaseWait,
+                          );
+                          await dialog.show();
+                          await Configuration.instance.logout();
+                          await dialog.hide();
+                          Navigator.of(context)
+                              .popUntil((route) => route.isFirst);
+                        },
+                        child: Center(
+                          child: Text(
+                            context.l10n.changeEmail,
+                            style: Theme.of(context)
+                                .textTheme
+                                .titleMedium!
+                                .copyWith(
+                              fontSize: 14,
+                              decoration: TextDecoration.underline,
+                            ),
+                          ),
+                        ),
+                      ),
+                    ],
+                  ),
+                )
+              ],
+            ),
+          ),
+        ),
+      ],
+    );
+  }
+}

lib/ui/account/logout_dialog.dart

@@ -42,6 +42,7 @@ Future<void> autoLogoutAlert(BuildContext context) async {
   );
   await showDialog(
     context: context,
+    barrierDismissible: false,
     builder: (BuildContext context) {
       return alert;
     },

lib/ui/account/ott_verification_page.dart

@@ -10,11 +10,13 @@ class OTTVerificationPage extends StatefulWidget {
   final String email;
   final bool isChangeEmail;
   final bool isCreateAccountScreen;
+  final bool isResetPasswordScreen;
 
   const OTTVerificationPage(
     this.email, {
     this.isChangeEmail = false,
     this.isCreateAccountScreen = false,
+    this.isResetPasswordScreen = false,
     Key? key,
   }) : super(key: key);
 
@@ -78,7 +80,8 @@ class _OTTVerificationPageState extends State<OTTVerificationPage> {
             );
           } else {
             UserService.instance
-                .verifyEmail(context, _verificationCodeController.text);
+                .verifyEmail(context, _verificationCodeController.text,
+              isResettingPasswordScreen: widget.isResetPasswordScreen,);
           }
           FocusScope.of(context).unfocus();
         },
@@ -129,13 +132,21 @@ class _OTTVerificationPageState extends State<OTTVerificationPage> {
                             },
                           ),
                         ),
-                        Text(
-                          l10n.checkInboxAndSpamFolder,
-                          style: Theme.of(context)
-                              .textTheme
-                              .subtitle1!
-                              .copyWith(fontSize: 14),
-                        ),
+                        widget.isResetPasswordScreen
+                            ? Text(
+                                l10n.toResetVerifyEmail,
+                                style: Theme.of(context)
+                                    .textTheme
+                                    .titleMedium!
+                                    .copyWith(fontSize: 14),
+                              )
+                            : Text(
+                                l10n.checkInboxAndSpamFolder,
+                                style: Theme.of(context)
+                                    .textTheme
+                                    .subtitle1!
+                                    .copyWith(fontSize: 14),
+                              ),
                       ],
                     ),
                   ),
@@ -182,6 +193,8 @@ class _OTTVerificationPageState extends State<OTTVerificationPage> {
                         context,
                         widget.email,
                         isCreateAccountScreen: widget.isCreateAccountScreen,
+                        isChangeEmail: widget.isChangeEmail,
+                        isResetPasswordScreen: widget.isResetPasswordScreen,
                       );
                     },
                     child: Text(

lib/ui/account/password_entry_page.dart

@@ -1,5 +1,6 @@
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/key_gen_result.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/account/recovery_key_page.dart';
 import 'package:ente_auth/ui/common/dynamic_fab.dart';
@@ -23,7 +24,7 @@ enum PasswordEntryMode {
 class PasswordEntryPage extends StatefulWidget {
   final PasswordEntryMode mode;
 
-  const PasswordEntryPage({this.mode = PasswordEntryMode.set, Key? key})
+  const PasswordEntryPage({required this.mode, Key? key})
       : super(key: key);
 
   @override
@@ -377,9 +378,9 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
         createProgressDialog(context, context.l10n.generatingEncryptionKeys);
     await dialog.show();
     try {
-      final keyAttributes = await Configuration.instance
-          .updatePassword(_passwordController1.text);
-      await UserService.instance.updateKeyAttributes(keyAttributes);
+      final result = await Configuration.instance
+          .getAttributesForNewPassword(_passwordController1.text);
+      await UserService.instance.updateKeyAttributes(result.item1, result.item2);
       await dialog.hide();
       showShortToast(context, context.l10n.passwordChangedSuccessfully);
       Navigator.of(context).pop();
@@ -399,7 +400,7 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
         createProgressDialog(context, l10n.generatingEncryptionKeysTitle);
     await dialog.show();
     try {
-      final result = await Configuration.instance.generateKey(password);
+      final KeyGenResult result = await Configuration.instance.generateKey(password);
       Configuration.instance.setVolatilePassword(null);
       await dialog.hide();
       onDone() async {
@@ -408,6 +409,7 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
         try {
           await UserService.instance.setAttributes(result);
           await dialog.hide();
+          Configuration.instance.setVolatilePassword(null);
           Navigator.of(context).pushAndRemoveUntil(
             MaterialPageRoute(
               builder: (BuildContext context) {

lib/ui/account/password_reentry_page.dart

@@ -1,12 +1,15 @@
 import 'dart:async';
+import 'dart:typed_data';
 
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/errors.dart';
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/ui/account/recovery_page.dart';
 import 'package:ente_auth/ui/common/dynamic_fab.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
 import 'package:ente_auth/ui/home_page.dart';
+import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/email_util.dart';
 import 'package:flutter/material.dart';
@@ -26,11 +29,20 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
   String? email;
   bool _passwordInFocus = false;
   bool _passwordVisible = false;
+  String? _volatilePassword;
 
   @override
   void initState() {
     super.initState();
     email = Configuration.instance.getEmail();
+    _volatilePassword = Configuration.instance.getVolatilePassword();
+    if (_volatilePassword != null) {
+      _passwordController.text = _volatilePassword!;
+      Future.delayed(
+        Duration.zero,
+            () => verifyPassword(_volatilePassword!),
+      );
+    }
     _passwordFocusNode.addListener(() {
       setState(() {
         _passwordInFocus = _passwordFocusNode.hasFocus;
@@ -64,68 +76,13 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
       ),
       body: _getBody(),
       floatingActionButton: DynamicFAB(
+        key: const ValueKey("verifyPasswordButton"),
         isKeypadOpen: isKeypadOpen,
         isFormValid: _passwordController.text.isNotEmpty,
         buttonText: context.l10n.verifyPassword,
         onPressedFunction: () async {
           FocusScope.of(context).unfocus();
-          final dialog = createProgressDialog(context, context.l10n.pleaseWait);
-          await dialog.show();
-          try {
-            await Configuration.instance.decryptAndSaveSecrets(
-              _passwordController.text,
-              Configuration.instance.getKeyAttributes()!,
-            );
-          } on KeyDerivationError catch (e, s) {
-            _logger.severe("Password verification failed", e, s);
-            await dialog.hide();
-            final dialogChoice = await showChoiceDialog(
-              context,
-              title: context.l10n.recreatePasswordTitle,
-              body: context.l10n.recreatePasswordBody,
-              firstButtonLabel: context.l10n.useRecoveryKey,
-            );
-            if (dialogChoice!.action == ButtonAction.first) {
-              Navigator.of(context).push(
-                MaterialPageRoute(
-                  builder: (BuildContext context) {
-                    return const RecoveryPage();
-                  },
-                ),
-              );
-            }
-            return;
-          } catch (e, s) {
-            _logger.severe("Password verification failed", e, s);
-            await dialog.hide();
-            final dialogChoice = await showChoiceDialog(
-              context,
-              title: context.l10n.incorrectPasswordTitle,
-              body: context.l10n.pleaseTryAgain,
-              firstButtonLabel: context.l10n.contactSupport,
-              secondButtonLabel: context.l10n.ok,
-            );
-            if (dialogChoice!.action == ButtonAction.first) {
-              await sendLogs(
-                context,
-                context.l10n.contactSupport,
-                "support@ente.io",
-                postShare: () {},
-              );
-            }
-            return;
-          }
-          await dialog.hide();
-          unawaited(
-            Navigator.of(context).pushAndRemoveUntil(
-              MaterialPageRoute(
-                builder: (BuildContext context) {
-                  return const HomePage();
-                },
-              ),
-              (route) => false,
-            ),
-          );
+          await verifyPassword(_passwordController.text);
         },
       ),
       floatingActionButtonLocation: fabLocation(),
@@ -133,6 +90,90 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
     );
   }
 
+  Future<void> verifyPassword(String password) async {
+    FocusScope.of(context).unfocus();
+    final dialog =
+    createProgressDialog(context, context.l10n.pleaseWait);
+    await dialog.show();
+    try {
+      final kek = await Configuration.instance.decryptSecretsAndGetKeyEncKey(
+        password,
+        Configuration.instance.getKeyAttributes()!,
+      );
+      _registerSRPForExistingUsers(kek).ignore();
+    } on KeyDerivationError catch (e, s) {
+      _logger.severe("Password verification failed", e, s);
+      await dialog.hide();
+      final dialogChoice = await showChoiceDialog(
+        context,
+        title: context.l10n.recreatePasswordTitle,
+        body: context.l10n.recreatePasswordBody,
+        firstButtonLabel: context.l10n.useRecoveryKey,
+      );
+      if (dialogChoice!.action == ButtonAction.first) {
+        Navigator.of(context).push(
+          MaterialPageRoute(
+            builder: (BuildContext context) {
+              return const RecoveryPage();
+            },
+          ),
+        );
+      }
+      return;
+    } catch (e, s) {
+      _logger.severe("Password verification failed", e, s);
+      await dialog.hide();
+      final dialogChoice = await showChoiceDialog(
+        context,
+        title: context.l10n.incorrectPasswordTitle,
+        body: context.l10n.pleaseTryAgain,
+        firstButtonLabel: context.l10n.contactSupport,
+        secondButtonLabel: context.l10n.ok,
+      );
+      if (dialogChoice!.action == ButtonAction.first) {
+        await sendLogs(
+          context,
+          context.l10n.contactSupport,
+          "support@ente.io",
+          postShare: () {},
+        );
+      }
+      return;
+    }
+    await dialog.hide();
+    Configuration.instance.setVolatilePassword(null);
+    unawaited(
+      Navigator.of(context).pushAndRemoveUntil(
+        MaterialPageRoute(
+          builder: (BuildContext context) {
+            return const HomePage();
+          },
+        ),
+            (route) => false,
+      ),
+    );
+  }
+
+  Future<void> _registerSRPForExistingUsers(Uint8List key) async {
+    bool shouldSetupSRP = false;
+    try {
+      // ignore: unused_local_variable
+      final attr = await UserService.instance.getSrpAttributes(email!);
+    } on SrpSetupNotCompleteError {
+      shouldSetupSRP = true;
+    } catch (e, s) {
+      _logger.severe("error while fetching attr", e, s);
+    }
+    if (shouldSetupSRP) {
+      try {
+        final Uint8List loginKey = await CryptoUtil.deriveLoginKey(key);
+        await UserService.instance.registerOrUpdateSrp(loginKey);
+      } catch (e, s) {
+        _logger.severe("error while setting up srp for existing users", e, s);
+      }
+    }
+  }
+
   Widget _getBody() {
     return Column(
       children: [
@@ -142,10 +183,10 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
               children: [
                 Padding(
                   padding:
-                      const EdgeInsets.symmetric(vertical: 30, horizontal: 20),
+                  const EdgeInsets.symmetric(vertical: 30, horizontal: 20),
                   child: Text(
                     context.l10n.welcomeBack,
-                    style: Theme.of(context).textTheme.headline4,
+                    style: Theme.of(context).textTheme.headlineMedium,
                   ),
                 ),
                 Visibility(
@@ -165,6 +206,7 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                 Padding(
                   padding: const EdgeInsets.fromLTRB(20, 24, 20, 0),
                   child: TextFormField(
+                    key: const ValueKey("passwordInputField"),
                     autofillHints: const [AutofillHints.password],
                     decoration: InputDecoration(
                       hintText: context.l10n.enterYourPasswordHint,
@@ -176,19 +218,19 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                       ),
                       suffixIcon: _passwordInFocus
                           ? IconButton(
-                              icon: Icon(
-                                _passwordVisible
-                                    ? Icons.visibility
-                                    : Icons.visibility_off,
-                                color: Theme.of(context).iconTheme.color,
-                                size: 20,
-                              ),
-                              onPressed: () {
-                                setState(() {
-                                  _passwordVisible = !_passwordVisible;
-                                });
-                              },
-                            )
+                        icon: Icon(
+                          _passwordVisible
+                              ? Icons.visibility
+                              : Icons.visibility_off,
+                          color: Theme.of(context).iconTheme.color,
+                          size: 20,
+                        ),
+                        onPressed: () {
+                          setState(() {
+                            _passwordVisible = !_passwordVisible;
+                          });
+                        },
+                      )
                           : null,
                     ),
                     style: const TextStyle(
@@ -230,11 +272,13 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                         child: Center(
                           child: Text(
                             context.l10n.forgotPassword,
-                            style:
-                                Theme.of(context).textTheme.subtitle1!.copyWith(
-                                      fontSize: 14,
-                                      decoration: TextDecoration.underline,
-                                    ),
+                            style: Theme.of(context)
+                                .textTheme
+                                .titleMedium!
+                                .copyWith(
+                              fontSize: 14,
+                              decoration: TextDecoration.underline,
+                            ),
                           ),
                         ),
                       ),
@@ -254,11 +298,13 @@ class _PasswordReentryPageState extends State<PasswordReentryPage> {
                         child: Center(
                           child: Text(
                             context.l10n.changeEmail,
-                            style:
-                                Theme.of(context).textTheme.subtitle1!.copyWith(
-                                      fontSize: 14,
-                                      decoration: TextDecoration.underline,
-                                    ),
+                            style: Theme.of(context)
+                                .textTheme
+                                .titleMedium!
+                                .copyWith(
+                              fontSize: 14,
+                              decoration: TextDecoration.underline,
+                            ),
                           ),
                         ),
                       ),

lib/ui/account/request_pwd_verification_page.dart

@@ -0,0 +1,216 @@
+import "dart:convert";
+import "dart:typed_data";
+
+import 'package:ente_auth/core/configuration.dart';
+import "package:ente_auth/l10n/l10n.dart";
+import "package:ente_auth/theme/ente_theme.dart";
+import 'package:ente_auth/ui/common/dynamic_fab.dart';
+import "package:ente_auth/utils/crypto_util.dart";
+import "package:ente_auth/utils/dialog_util.dart";
+import 'package:flutter/material.dart';
+import "package:flutter_sodium/flutter_sodium.dart";
+import "package:logging/logging.dart";
+
+typedef OnPasswordVerifiedFn = Future<void> Function(Uint8List bytes);
+
+class RequestPasswordVerificationPage extends StatefulWidget {
+  final OnPasswordVerifiedFn onPasswordVerified;
+  final Function? onPasswordError;
+
+  const RequestPasswordVerificationPage(
+      {super.key, required this.onPasswordVerified, this.onPasswordError,});
+
+  @override
+  State<RequestPasswordVerificationPage> createState() =>
+      _RequestPasswordVerificationPageState();
+}
+
+class _RequestPasswordVerificationPageState
+    extends State<RequestPasswordVerificationPage> {
+  final _logger = Logger((_RequestPasswordVerificationPageState).toString());
+  final _passwordController = TextEditingController();
+  final FocusNode _passwordFocusNode = FocusNode();
+  String? email;
+  bool _passwordInFocus = false;
+  bool _passwordVisible = false;
+
+  @override
+  void initState() {
+    super.initState();
+    email = Configuration.instance.getEmail();
+    _passwordFocusNode.addListener(() {
+      setState(() {
+        _passwordInFocus = _passwordFocusNode.hasFocus;
+      });
+    });
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    final isKeypadOpen = MediaQuery.of(context).viewInsets.bottom > 100;
+
+    FloatingActionButtonLocation? fabLocation() {
+      if (isKeypadOpen) {
+        return null;
+      } else {
+        return FloatingActionButtonLocation.centerFloat;
+      }
+    }
+
+    return Scaffold(
+      resizeToAvoidBottomInset: isKeypadOpen,
+      appBar: AppBar(
+        elevation: 0,
+        leading: IconButton(
+          icon: const Icon(Icons.arrow_back),
+          color: Theme.of(context).iconTheme.color,
+          onPressed: () {
+            Navigator.of(context).pop();
+          },
+        ),
+      ),
+      body: _getBody(),
+      floatingActionButton: DynamicFAB(
+        key: const ValueKey("verifyPasswordButton"),
+        isKeypadOpen: isKeypadOpen,
+        isFormValid: _passwordController.text.isNotEmpty,
+        buttonText: context.l10n.verifyPassword,
+        onPressedFunction: () async {
+          FocusScope.of(context).unfocus();
+          final dialog = createProgressDialog(context, context.l10n.pleaseWait);
+          dialog.show();
+          try {
+            final attributes = Configuration.instance.getKeyAttributes()!;
+            final Uint8List keyEncryptionKey = await CryptoUtil.deriveKey(
+              utf8.encode(_passwordController.text) as Uint8List,
+              Sodium.base642bin(attributes.kekSalt),
+              attributes.memLimit,
+              attributes.opsLimit,
+            );
+            CryptoUtil.decryptSync(
+              Sodium.base642bin(attributes.encryptedKey),
+              keyEncryptionKey,
+              Sodium.base642bin(attributes.keyDecryptionNonce),
+            );
+            dialog.show();
+            // pop
+            await widget.onPasswordVerified(keyEncryptionKey);
+            dialog.hide();
+            Navigator.of(context).pop(true);
+          } catch (e, s) {
+            _logger.severe("Error while verifying password", e, s);
+            dialog.hide();
+            if (widget.onPasswordError != null) {
+              widget.onPasswordError!();
+            } else {
+              showErrorDialog(
+                context,
+                context.l10n.incorrectPasswordTitle,
+                context.l10n.pleaseTryAgain,
+              );
+            }
+          }
+        },
+      ),
+      floatingActionButtonLocation: fabLocation(),
+      floatingActionButtonAnimator: NoScalingAnimation(),
+    );
+  }
+
+  Widget _getBody() {
+    return Column(
+      children: [
+        Expanded(
+          child: AutofillGroup(
+            child: ListView(
+              children: [
+                Padding(
+                  padding: const EdgeInsets.only(top: 30, left: 20, right: 20),
+                  child: Text(
+                    context.l10n.enterPassword,
+                    style: Theme.of(context).textTheme.headlineMedium,
+                  ),
+                ),
+                Padding(
+                  padding: const EdgeInsets.only(
+                    bottom: 30,
+                    left: 22,
+                    right: 20,
+                  ),
+                  child: Text(
+                    email ?? '',
+                    style: getEnteTextTheme(context).smallMuted,
+                  ),
+                ),
+                Visibility(
+                  // hidden textForm for suggesting auto-fill service for saving
+                  // password
+                  visible: false,
+                  child: TextFormField(
+                    autofillHints: const [
+                      AutofillHints.email,
+                    ],
+                    autocorrect: false,
+                    keyboardType: TextInputType.emailAddress,
+                    initialValue: email,
+                    textInputAction: TextInputAction.next,
+                  ),
+                ),
+                Padding(
+                  padding: const EdgeInsets.fromLTRB(20, 24, 20, 0),
+                  child: TextFormField(
+                    key: const ValueKey("passwordInputField"),
+                    autofillHints: const [AutofillHints.password],
+                    decoration: InputDecoration(
+                      hintText: context.l10n.enterYourPasswordHint,
+                      filled: true,
+                      contentPadding: const EdgeInsets.all(20),
+                      border: UnderlineInputBorder(
+                        borderSide: BorderSide.none,
+                        borderRadius: BorderRadius.circular(6),
+                      ),
+                      suffixIcon: _passwordInFocus
+                          ? IconButton(
+                              icon: Icon(
+                                _passwordVisible
+                                    ? Icons.visibility
+                                    : Icons.visibility_off,
+                                color: Theme.of(context).iconTheme.color,
+                                size: 20,
+                              ),
+                              onPressed: () {
+                                setState(() {
+                                  _passwordVisible = !_passwordVisible;
+                                });
+                              },
+                            )
+                          : null,
+                    ),
+                    style: const TextStyle(
+                      fontSize: 14,
+                    ),
+                    controller: _passwordController,
+                    autofocus: true,
+                    autocorrect: false,
+                    obscureText: !_passwordVisible,
+                    keyboardType: TextInputType.visiblePassword,
+                    focusNode: _passwordFocusNode,
+                    onChanged: (_) {
+                      setState(() {});
+                    },
+                  ),
+                ),
+                const Padding(
+                  padding: EdgeInsets.symmetric(vertical: 18),
+                  child: Divider(
+                    thickness: 1,
+                  ),
+                ),
+              ],
+            ),
+          ),
+        ),
+      ],
+    );
+  }
+}

lib/ui/code_widget.dart

@@ -5,8 +5,11 @@ import 'package:ente_auth/ente_theme_data.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
 import 'package:ente_auth/onboarding/view/setup_enter_secret_key_page.dart';
+import 'package:ente_auth/onboarding/view/view_qr_page.dart';
 import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/ui/code_timer_progress.dart';
+import 'package:ente_auth/ui/utils/icon_utils.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/toast_util.dart';
 import 'package:ente_auth/utils/totp_util.dart';
 import 'package:flutter/material.dart';
@@ -27,18 +30,20 @@ class _CodeWidgetState extends State<CodeWidget> {
   final ValueNotifier<String> _currentCode = ValueNotifier<String>("");
   final ValueNotifier<String> _nextCode = ValueNotifier<String>("");
   final Logger logger = Logger("_CodeWidgetState");
+  bool _isInitialized = false;
 
   @override
   void initState() {
     super.initState();
-    _currentCode.value = _getTotp();
-    _nextCode.value = _getNextTotp();
+
     _everySecondTimer =
         Timer.periodic(const Duration(milliseconds: 500), (Timer t) {
-      String newCode = _getTotp();
+      String newCode = _getCurrentOTP();
       if (newCode != _currentCode.value) {
         _currentCode.value = newCode;
-        _nextCode.value = _getNextTotp();
+        if (widget.code.type == Type.totp) {
+          _nextCode.value = _getNextTotp();
+        }
       }
     });
   }
@@ -53,14 +58,39 @@ class _CodeWidgetState extends State<CodeWidget> {
 
   @override
   Widget build(BuildContext context) {
+    if (!_isInitialized) {
+      _currentCode.value = _getCurrentOTP();
+      if (widget.code.type == Type.totp) {
+        _nextCode.value = _getNextTotp();
+      }
+      _isInitialized = true;
+    }
     final l10n = context.l10n;
     return Container(
       margin: const EdgeInsets.only(left: 16, right: 16, bottom: 8, top: 8),
       child: Slidable(
         key: ValueKey(widget.code.hashCode),
         endActionPane: ActionPane(
+          extentRatio: 0.60,
           motion: const ScrollMotion(),
           children: [
+            const SizedBox(
+              width: 4,
+            ),
+            SlidableAction(
+              onPressed: _onShowQrPressed,
+              backgroundColor: Colors.grey.withOpacity(0.1),
+              borderRadius: const BorderRadius.all(Radius.circular(12.0)),
+              foregroundColor:
+                  Theme.of(context).colorScheme.inverseBackgroundColor,
+              icon: Icons.qr_code_2_outlined,
+              label: "QR",
+              padding: const EdgeInsets.only(left: 4, right: 0),
+              spacing: 8,
+            ),
+            const SizedBox(
+              width: 4,
+            ),
             SlidableAction(
               onPressed: _onEditPressed,
               backgroundColor: Colors.grey.withOpacity(0.1),
@@ -87,120 +117,146 @@ class _CodeWidgetState extends State<CodeWidget> {
             ),
           ],
         ),
-        child: Container(
-          margin: const EdgeInsets.only(right: 10),
-          child: ClipRRect(
-            borderRadius: BorderRadius.circular(8),
-            child: Container(
-              color: Theme.of(context).colorScheme.codeCardBackgroundColor,
-              child: Material(
-                color: Colors.transparent,
-                child: InkWell(
-                  customBorder: RoundedRectangleBorder(
-                    borderRadius: BorderRadius.circular(10),
-                  ),
-                  onTap: () {
-                    _copyToClipboard();
-                  },
-                  onLongPress: () {
-                    _copyToClipboard();
-                  },
-                  child: SizedBox(
-                    child: Column(
-                      crossAxisAlignment: CrossAxisAlignment.start,
-                      mainAxisAlignment: MainAxisAlignment.center,
-                      children: [
+        child: ClipRRect(
+          borderRadius: BorderRadius.circular(8),
+          child: Container(
+            color: Theme.of(context).colorScheme.codeCardBackgroundColor,
+            child: Material(
+              color: Colors.transparent,
+              child: InkWell(
+                customBorder: RoundedRectangleBorder(
+                  borderRadius: BorderRadius.circular(10),
+                ),
+                onTap: () {
+                  _copyToClipboard();
+                },
+                onLongPress: () {
+                  _copyToClipboard();
+                },
+                child: SizedBox(
+                  child: Column(
+                    crossAxisAlignment: CrossAxisAlignment.start,
+                    mainAxisAlignment: MainAxisAlignment.center,
+                    children: [
+                      if (widget.code.type == Type.totp)
                         CodeTimerProgress(
                           period: widget.code.period,
                         ),
-                        const SizedBox(
-                          height: 16,
-                        ),
-                        Padding(
-                          padding: const EdgeInsets.only(left: 16, right: 16),
-                          child: Row(
-                            mainAxisAlignment: MainAxisAlignment.spaceBetween,
-                            crossAxisAlignment: CrossAxisAlignment.start,
-                            children: [
-                              Column(
-                                crossAxisAlignment: CrossAxisAlignment.start,
-                                children: [
-                                  Text(
-                                    safeDecode(widget.code.issuer).trim(),
-                                    style:
-                                        Theme.of(context).textTheme.headline6,
-                                  ),
-                                  const SizedBox(height: 2),
-                                  Text(
-                                    safeDecode(widget.code.account).trim(),
-                                    style: Theme.of(context)
-                                        .textTheme
-                                        .caption
-                                        ?.copyWith(
-                                          fontSize: 12,
-                                          color: Colors.grey,
-                                        ),
-                                  ),
-                                ],
-                              ),
-                              widget.code.hasSynced != null &&
-                                      widget.code.hasSynced!
-                                  ? Container()
-                                  : const Icon(
-                                      Icons.sync_disabled,
-                                      size: 20,
-                                      color: Colors.amber,
-                                    ),
-                            ],
-                          ),
-                        ),
-                        const SizedBox(height: 4),
-                        Container(
-                          padding: const EdgeInsets.only(left: 16, right: 16),
-                          child: Row(
-                            mainAxisAlignment: MainAxisAlignment.start,
-                            crossAxisAlignment: CrossAxisAlignment.end,
-                            children: [
-                              Expanded(
-                                child: ValueListenableBuilder<String>(
-                                  valueListenable: _currentCode,
-                                  builder: (context, value, child) {
-                                    return Text(
-                                      value,
-                                      style: const TextStyle(fontSize: 24),
-                                    );
-                                  },
+                      const SizedBox(
+                        height: 16,
+                      ),
+                      Padding(
+                        padding: const EdgeInsets.only(left: 16, right: 16),
+                        child: Row(
+                          mainAxisAlignment: MainAxisAlignment.spaceBetween,
+                          crossAxisAlignment: CrossAxisAlignment.start,
+                          children: [
+                            Column(
+                              crossAxisAlignment: CrossAxisAlignment.start,
+                              children: [
+                                Text(
+                                  safeDecode(widget.code.issuer).trim(),
+                                  style: Theme.of(context).textTheme.headline6,
                                 ),
+                                const SizedBox(height: 2),
+                                Text(
+                                  safeDecode(widget.code.account).trim(),
+                                  style: Theme.of(context)
+                                      .textTheme
+                                      .caption
+                                      ?.copyWith(
+                                        fontSize: 12,
+                                        color: Colors.grey,
+                                      ),
+                                ),
+                              ],
+                            ),
+                            Row(
+                              mainAxisAlignment: MainAxisAlignment.end,
+                              children: [
+                                widget.code.hasSynced != null &&
+                                        widget.code.hasSynced!
+                                    ? Container()
+                                    : const Icon(
+                                        Icons.sync_disabled,
+                                        size: 20,
+                                        color: Colors.amber,
+                                      ),
+                                const SizedBox(width: 12),
+                                IconUtils.instance.getIcon(
+                                  safeDecode(widget.code.issuer).trim(),
+                                ),
+                              ],
+                            ),
+                          ],
+                        ),
+                      ),
+                      const SizedBox(height: 4),
+                      Container(
+                        padding: const EdgeInsets.only(left: 16, right: 16),
+                        child: Row(
+                          mainAxisAlignment: MainAxisAlignment.start,
+                          crossAxisAlignment: CrossAxisAlignment.end,
+                          children: [
+                            Expanded(
+                              child: ValueListenableBuilder<String>(
+                                valueListenable: _currentCode,
+                                builder: (context, value, child) {
+                                  return Text(
+                                    value,
+                                    style: const TextStyle(fontSize: 24),
+                                  );
+                                },
                               ),
-                              Column(
-                                crossAxisAlignment: CrossAxisAlignment.end,
-                                children: [
-                                  Text(
-                                    l10n.nextTotpTitle,
-                                    style: Theme.of(context).textTheme.caption,
-                                  ),
-                                  ValueListenableBuilder<String>(
-                                    valueListenable: _nextCode,
-                                    builder: (context, value, child) {
-                                      return Text(
-                                        value,
-                                        style: const TextStyle(
-                                          fontSize: 18,
+                            ),
+                            widget.code.type == Type.totp
+                                ? Column(
+                                    crossAxisAlignment: CrossAxisAlignment.end,
+                                    children: [
+                                      Text(
+                                        l10n.nextTotpTitle,
+                                        style:
+                                            Theme.of(context).textTheme.caption,
+                                      ),
+                                      ValueListenableBuilder<String>(
+                                        valueListenable: _nextCode,
+                                        builder: (context, value, child) {
+                                          return Text(
+                                            value,
+                                            style: const TextStyle(
+                                              fontSize: 18,
+                                              color: Colors.grey,
+                                            ),
+                                          );
+                                        },
+                                      ),
+                                    ],
+                                  )
+                                : Column(
+                                    crossAxisAlignment: CrossAxisAlignment.end,
+                                    children: [
+                                      Text(
+                                        l10n.nextTotpTitle,
+                                        style:
+                                            Theme.of(context).textTheme.caption,
+                                      ),
+                                      InkWell(
+                                        onTap: _onNextHotpTapped,
+                                        child: const Icon(
+                                          Icons.forward_outlined,
+                                          size: 32,
                                           color: Colors.grey,
                                         ),
-                                      );
-                                    },
+                                      ),
+                                    ],
                                   ),
-                                ],
-                              ),
-                            ],
-                          ),
+                          ],
                         ),
-                        const SizedBox(
-                          height: 20,
-                        ),
-                      ],
-                    ),
+                      ),
+                      const SizedBox(
+                        height: 20,
+                      ),
+                    ],
                   ),
                 ),
               ),
@@ -212,10 +268,21 @@ class _CodeWidgetState extends State<CodeWidget> {
   }
 
   void _copyToClipboard() {
-    FlutterClipboard.copy(_getTotp())
+    FlutterClipboard.copy(_getCurrentOTP())
         .then((value) => showToast(context, context.l10n.copiedToClipboard));
   }
 
+  void _onNextHotpTapped() {
+    if (widget.code.type == Type.hotp) {
+      CodeStore.instance
+          .addCode(
+            widget.code.copyWith(counter: widget.code.counter + 1),
+            shouldSync: true,
+          )
+          .ignore();
+    }
+  }
+
   Future<void> _onEditPressed(_) async {
     final Code? code = await Navigator.of(context).push(
       MaterialPageRoute(
@@ -229,66 +296,33 @@ class _CodeWidgetState extends State<CodeWidget> {
     }
   }
 
-  void _onDeletePressed(_) {
+  Future<void> _onShowQrPressed(_) async {
+    final Code? code = await Navigator.of(context).push(
+      MaterialPageRoute(
+        builder: (BuildContext context) {
+          return ViewQrPage(code: widget.code);
+        },
+      ),
+    );
+  }
+
+  void _onDeletePressed(_) async {
     final l10n = context.l10n;
-    final AlertDialog alert = AlertDialog(
-      shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
-      title: Text(
-        l10n.deleteCodeTitle,
-        style: Theme.of(context).textTheme.headline6,
-      ),
-      content: Text(
-        l10n.deleteCodeMessage,
-      ),
-      actions: [
-        TextButton(
-          child: Text(
-            l10n.delete,
-            style: const TextStyle(
-              color: Colors.red,
-            ),
-          ),
-          onPressed: () {
-            CodeStore.instance.removeCode(widget.code);
-            Navigator.of(context, rootNavigator: true).pop('dialog');
-          },
-        ),
-        TextButton(
-          child: Text(
-            l10n.cancel,
-            style: TextStyle(
-              color: Theme.of(context).colorScheme.onSurface,
-            ),
-          ),
-          onPressed: () {
-            Navigator.of(context, rootNavigator: true).pop('dialog');
-          },
-        ),
-      ],
-    );
-
-    showDialog(
-      context: context,
-      builder: (BuildContext context) {
-        return alert;
+    await showChoiceActionSheet(
+      context,
+      title: l10n.deleteCodeTitle,
+      body: l10n.deleteCodeMessage,
+      firstButtonLabel: l10n.delete,
+      isCritical: true,
+      firstButtonOnTap: () async {
+        await CodeStore.instance.removeCode(widget.code);
       },
-      barrierColor: Colors.black12,
     );
   }
 
-  String safeDecode(String value) {
+  String _getCurrentOTP() {
     try {
-      return Uri.decodeComponent(value);
-    } catch (e) {
-      // note: don't log the value, it might contain sensitive information
-      logger.severe("Failed to decode", e);
-      return value;
-    }
-  }
-
-  String _getTotp() {
-    try {
-      return getTotp(widget.code);
+      return getOTP(widget.code);
     } catch (e) {
       return context.l10n.error;
     }
@@ -296,6 +330,7 @@ class _CodeWidgetState extends State<CodeWidget> {
 
   String _getNextTotp() {
     try {
+      assert(widget.code.type == Type.totp);
       return getNextTotp(widget.code);
     } catch (e) {
       return context.l10n.error;

lib/ui/components/dialog_widget.dart

@@ -73,19 +73,22 @@ class DialogWidget extends StatelessWidget {
         boxShadow: shadowFloatLight,
         borderRadius: const BorderRadius.all(Radius.circular(8)),
       ),
-      child: Padding(
-        padding: const EdgeInsets.all(16),
-        child: Column(
-          mainAxisSize: MainAxisSize.min,
-          children: [
-            ContentContainer(
-              title: title,
-              body: body,
-              icon: icon,
-            ),
-            const SizedBox(height: 36),
-            Actions(buttons),
-          ],
+      child: Material(
+        color: Colors.transparent,
+        child: Padding(
+          padding: const EdgeInsets.all(16),
+          child: Column(
+            mainAxisSize: MainAxisSize.min,
+            children: [
+              ContentContainer(
+                title: title,
+                body: body,
+                icon: icon,
+              ),
+              const SizedBox(height: 36),
+              Actions(buttons),
+            ],
+          ),
         ),
       ),
     );

lib/ui/home/home_empty_state.dart

@@ -1,4 +1,8 @@
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/theme/ente_theme.dart';
+import 'package:ente_auth/ui/settings/data/import_page.dart';
+import 'package:ente_auth/ui/settings/faq.dart';
+import 'package:ente_auth/utils/navigation_util.dart';
 import 'package:flutter/material.dart';
 
 class HomeEmptyStateWidget extends StatelessWidget {
@@ -50,6 +54,33 @@ class HomeEmptyStateWidget extends StatelessWidget {
                       child: Text(l10n.importEnterSetupKey),
                     ),
                   ),
+                  const SizedBox(height: 54),
+                  InkWell(
+                    onTap: () {
+                      routeToPage(context, ImportCodePage());
+                    },
+                    child: Text(
+                      l10n.importCodes,
+                      textAlign: TextAlign.center,
+                      style: getEnteTextTheme(context).bodyFaint.copyWith(decoration: TextDecoration.underline),
+                    ),),
+                  const SizedBox(height: 18),
+                  InkWell(
+                    onTap: () {
+                      showModalBottomSheet<void>(
+                        backgroundColor: Theme.of(context).colorScheme.background,
+                        barrierColor: Colors.black87,
+                        context: context,
+                        builder: (context) {
+                          return const FAQQuestionsWidget();
+                        },
+                      );
+                    },
+                    child: Text(
+                      l10n.faq,
+                      textAlign: TextAlign.center,
+                      style: getEnteTextTheme(context).bodyFaint.copyWith(decoration: TextDecoration.underline),
+                    ),),
                 ],
               ),
             ],

lib/ui/home_page.dart

@@ -54,6 +54,7 @@ class _HomePageState extends State<HomePage> {
 
   @override
   void initState() {
+    super.initState();
     _textController.addListener(_applyFilteringAndRefresh);
     _loadCodes();
     _streamSubscription = Bus.instance.on<CodesUpdatedEvent>().listen((event) {
@@ -64,7 +65,7 @@ class _HomePageState extends State<HomePage> {
       await autoLogoutAlert(context);
     });
     _initDeepLinks();
-    super.initState();
+
   }
 
   void _loadCodes() {
@@ -222,7 +223,11 @@ class _HomePageState extends State<HomePage> {
       } else {
         final list = ListView.builder(
           itemBuilder: ((context, index) {
-            return CodeWidget(_filteredCodes[index]);
+            try {
+              return CodeWidget(_filteredCodes[index]);
+            } catch(e) {
+              return const Text("Failed");
+            }
           }),
           itemCount: _filteredCodes.length,
         );

lib/ui/scanner_gauth_page.dart

@@ -0,0 +1,97 @@
+import 'dart:io';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/theme/ente_theme.dart';
+import 'package:ente_auth/ui/settings/data/import/google_auth_import.dart';
+import 'package:ente_auth/utils/toast_util.dart';
+import 'package:flutter/material.dart';
+import 'package:qr_code_scanner/qr_code_scanner.dart';
+
+class ScannerGoogleAuthPage extends StatefulWidget {
+  const ScannerGoogleAuthPage({Key? key}) : super(key: key);
+
+  @override
+  State<ScannerGoogleAuthPage> createState() => ScannerGoogleAuthPageState();
+}
+
+class ScannerGoogleAuthPageState extends State<ScannerGoogleAuthPage> {
+  final GlobalKey qrKey = GlobalKey(debugLabel: 'QR');
+  QRViewController? controller;
+  String? totp;
+
+  // In order to get hot reload to work we need to pause the camera if the platform
+  // is android, or resume the camera if the platform is iOS.
+  @override
+  void reassemble() {
+    super.reassemble();
+    if (Platform.isAndroid) {
+      controller!.pauseCamera();
+    } else if (Platform.isIOS) {
+      controller!.resumeCamera();
+    }
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    final l10n = context.l10n;
+    return Scaffold(
+      appBar: AppBar(
+        title: Text(l10n.scan),
+      ),
+      body: Column(
+        children: <Widget>[
+          Expanded(
+            flex: 5,
+            child: QRView(
+              key: qrKey,
+              overlay: QrScannerOverlayShape(
+                  borderColor: getEnteColorScheme(context).primary700,),
+              onQRViewCreated: _onQRViewCreated,
+              formatsAllowed: const [BarcodeFormat.qrcode],
+            ),
+          ),
+          Expanded(
+            flex: 1,
+            child: Center(
+              child: (totp != null) ? Text(totp!) : Text(l10n.scanACode),
+            ),
+          )
+        ],
+      ),
+    );
+  }
+
+  void _onQRViewCreated(QRViewController controller) {
+    this.controller = controller;
+    // h4ck to remove black screen on Android scanners: https://github.com/juliuscanute/qr_code_scanner/issues/560#issuecomment-1159611301
+    if (Platform.isAndroid) {
+      controller.pauseCamera();
+      controller.resumeCamera();
+    }
+    controller.scannedDataStream.listen((scanData) {
+      try {
+        if (scanData.code == null) {
+          return;
+        }
+        if (scanData.code!.startsWith(kGoogleAuthExportPrefix)) {
+          List<Code> codes = parseGoogleAuth(scanData.code!);
+          controller.dispose();
+          Navigator.of(context).pop(codes);
+        } else {
+          showToast(context, "Invalid QR code");
+        }
+      } catch (e) {
+        controller.dispose();
+        Navigator.of(context).pop();
+        showToast(context, "Error " + e.toString());
+      }
+    });
+  }
+
+  @override
+  void dispose() {
+    controller?.dispose();
+    super.dispose();
+  }
+}

lib/ui/settings/about_section_widget.dart

@@ -36,7 +36,7 @@ class AboutSectionWidget extends StatelessWidget {
           trailingIcon: Icons.chevron_right_outlined,
           trailingIconIsMuted: true,
           onTap: () async {
-            launchUrl(Uri.parse("https://github.com/ente-io/photos-app"));
+            launchUrl(Uri.parse("https://github.com/ente-io/auth"));
           },
         ),
         sectionOptionSpacing,

lib/ui/settings/account_section_widget.dart

@@ -1,14 +1,14 @@
 
 
 import 'package:ente_auth/app/view/app.dart';
-import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/locale.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
+import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/account/change_email_dialog.dart';
+import 'package:ente_auth/ui/account/delete_account_page.dart';
 import 'package:ente_auth/ui/account/password_entry_page.dart';
-import 'package:ente_auth/ui/account/recovery_key_page.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
 import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
 import 'package:ente_auth/ui/components/menu_item_widget.dart';
@@ -17,7 +17,6 @@ import 'package:ente_auth/ui/settings/language_picker.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
 import 'package:flutter/material.dart';
-import 'package:flutter_sodium/flutter_sodium.dart';
 
 class AccountSectionWidget extends StatelessWidget {
   AccountSectionWidget({Key? key}) : super(key: key);
@@ -36,41 +35,6 @@ class AccountSectionWidget extends StatelessWidget {
     final l10n = context.l10n;
     List<Widget> children = [];
     children.addAll([
-      sectionOptionSpacing,
-      MenuItemWidget(
-        captionedTextWidget: CaptionedTextWidget(
-          title: l10n.recoveryKey,
-        ),
-        pressedColor: getEnteColorScheme(context).fillFaint,
-        trailingIcon: Icons.chevron_right_outlined,
-        trailingIconIsMuted: true,
-        onTap: () async {
-          final hasAuthenticated = await LocalAuthenticationService.instance
-              .requestLocalAuthentication(
-            context,
-            l10n.authToViewYourRecoveryKey,
-          );
-          if (hasAuthenticated) {
-            String recoveryKey;
-            try {
-              recoveryKey =
-                  Sodium.bin2hex(Configuration.instance.getRecoveryKey());
-            } catch (e) {
-              showGenericErrorDialog(context: context);
-              return;
-            }
-            routeToPage(
-              context,
-              RecoveryKeyPage(
-                recoveryKey,
-                l10n.ok,
-                showAppBar: true,
-                onDone: () {},
-              ),
-            );
-          }
-        },
-      ),
       sectionOptionSpacing,
       MenuItemWidget(
         captionedTextWidget: CaptionedTextWidget(
@@ -148,9 +112,44 @@ class AccountSectionWidget extends StatelessWidget {
         },
       ),
       sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: context.l10n.logout,
+        ),
+        pressedColor: getEnteColorScheme(context).fillFaint,
+        trailingIcon: Icons.chevron_right_outlined,
+        trailingIconIsMuted: true,
+        onTap: () async {
+          _onLogoutTapped(context);
+        },
+      ),
+      sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: context.l10n.deleteAccount,
+        ),
+        pressedColor: getEnteColorScheme(context).fillFaint,
+        trailingIcon: Icons.chevron_right_outlined,
+        trailingIconIsMuted: true,
+        onTap: () async {
+          routeToPage(context, const DeleteAccountPage());
+        },
+      ),
+      sectionOptionSpacing,
     ]);
     return Column(
       children: children,
     );
   }
+  void _onLogoutTapped(BuildContext context) {
+    showChoiceActionSheet(
+      context,
+      title: context.l10n.areYouSureYouWantToLogout,
+      firstButtonLabel: context.l10n.yesLogout,
+      isCritical: true,
+      firstButtonOnTap: () async {
+        await UserService.instance.logout(context);
+      },
+    );
+  }
 }

lib/ui/settings/data/data_section_widget.dart

@@ -0,0 +1,63 @@
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/theme/ente_theme.dart';
+import 'package:ente_auth/ui/components/captioned_text_widget.dart';
+import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
+import 'package:ente_auth/ui/components/menu_item_widget.dart';
+import 'package:ente_auth/ui/settings/common_settings.dart';
+import 'package:ente_auth/ui/settings/data/export_widget.dart';
+import 'package:ente_auth/ui/settings/data/import_page.dart';
+import 'package:ente_auth/utils/navigation_util.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+
+class DataSectionWidget extends StatelessWidget {
+  final _logger = Logger("AccountSectionWidget");
+
+  DataSectionWidget({Key? key}) : super(key: key);
+
+  @override
+  Widget build(BuildContext context) {
+    final l10n = context.l10n;
+    return ExpandableMenuItemWidget(
+      title: l10n.data,
+      selectionOptionsWidget: _getSectionOptions(context),
+      leadingIcon: Icons.key_outlined,
+    );
+  }
+
+  Column _getSectionOptions(BuildContext context) {
+    final l10n = context.l10n;
+    List<Widget> children = [];
+    children.addAll([
+      sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: l10n.importCodes,
+        ),
+        pressedColor: getEnteColorScheme(context).fillFaint,
+        trailingIcon: Icons.chevron_right_outlined,
+        trailingIconIsMuted: true,
+        onTap: () async {
+          routeToPage(context, ImportCodePage());
+        },
+      ),
+      sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: l10n.exportCodes,
+        ),
+        pressedColor: getEnteColorScheme(context).fillFaint,
+        trailingIcon: Icons.chevron_right_outlined,
+        trailingIconIsMuted: true,
+        onTap: () async {
+          handleExportClick(context);
+        },
+      ),
+      sectionOptionSpacing,
+    ]);
+    return Column(
+      children: children,
+    );
+  }
+}

lib/ui/settings/data/export_widget.dart

@@ -0,0 +1,153 @@
+import 'dart:convert';
+import 'dart:io';
+
+import 'package:ente_auth/core/configuration.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/export/ente.dart';
+import 'package:ente_auth/services/local_authentication_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/utils/crypto_util.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/foundation.dart';
+import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
+import 'package:logging/logging.dart';
+import 'package:share_plus/share_plus.dart';
+
+Future<void> handleExportClick(BuildContext context) async {
+  final result = await showDialogWidget(
+    context: context,
+    title: context.l10n.selectExportFormat,
+    body: context.l10n.exportDialogDesc,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: context.l10n.encrypted,
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.plainText,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _requestForEncryptionPassword(context);
+    } else {
+      await _showExportWarningDialog(context);
+    }
+  }
+}
+
+Future<void> _requestForEncryptionPassword(
+  BuildContext context, {
+  String? password,
+}) async {
+  final l10n = context.l10n;
+  await showTextInputDialog(
+    context,
+    title: l10n.passwordToEncryptExport,
+    submitButtonLabel: l10n.export,
+    hintText: l10n.enterPassword,
+    isPasswordInput: true,
+    alwaysShowSuccessState: false,
+    onSubmit: (String password) async {
+      if (password.isEmpty || password.length < 4) {
+        showToast(context, "Password must be at least 4 characters long.");
+        Future.delayed(const Duration(seconds: 0), () {
+          _requestForEncryptionPassword(context, password: password);
+        });
+        return;
+      }
+      if (password.isNotEmpty) {
+        try {
+          final kekSalt = CryptoUtil.getSaltToDeriveKey();
+          final derivedKeyResult = await CryptoUtil.deriveSensitiveKey(
+            utf8.encode(password) as Uint8List,
+            kekSalt,
+          );
+          String exportPlainText = await _getAuthDataForExport();
+          // Encrypt the key with this derived key
+          final encResult = await CryptoUtil.encryptChaCha(
+            utf8.encode(exportPlainText) as Uint8List,
+            derivedKeyResult.key,
+          );
+          final encContent = Sodium.bin2base64(encResult.encryptedData!);
+          final encNonce = Sodium.bin2base64(encResult.header!);
+          final EnteAuthExport data = EnteAuthExport(
+            version: 1,
+            encryptedData: encContent,
+            encryptionNonce: encNonce,
+            kdfParams: KDFParams(
+              memLimit: derivedKeyResult.memLimit,
+              opsLimit: derivedKeyResult.opsLimit,
+              salt: Sodium.bin2base64(kekSalt),
+            ),
+          );
+          // get json value of data
+          _exportCodes(context, jsonEncode(data.toJson()));
+        } catch (e, s) {
+          Logger("ExportWidget").severe(e, s);
+          showToast(context, "Error while exporting codes.");
+        }
+      }
+    },
+  );
+}
+
+Future<void> _showExportWarningDialog(BuildContext context) async {
+  await showChoiceActionSheet(
+    context,
+    title: context.l10n.warning,
+    body: context.l10n.exportWarningDesc,
+    isCritical: true,
+    firstButtonOnTap: () async {
+      final data = await _getAuthDataForExport();
+      await _exportCodes(context, data);
+    },
+    secondButtonLabel: context.l10n.cancel,
+    firstButtonLabel: context.l10n.iUnderStand,
+  );
+}
+
+Future<void> _exportCodes(BuildContext context, String fileContent) async {
+  final _codeFile = File(
+    Configuration.instance.getTempDirectory() + "ente-authenticator-codes.txt",
+  );
+  final hasAuthenticated = await LocalAuthenticationService.instance
+      .requestLocalAuthentication(context, context.l10n.authToExportCodes);
+  if (!hasAuthenticated) {
+    return;
+  }
+  if (_codeFile.existsSync()) {
+    await _codeFile.delete();
+  }
+  _codeFile.writeAsStringSync(fileContent);
+  final Size size = MediaQuery.of(context).size;
+  await Share.shareFiles([_codeFile.path], sharePositionOrigin: Rect.fromLTWH(0, 0, size.width, size.height / 2),);
+  Future.delayed(const Duration(seconds: 15), () async {
+    if (_codeFile.existsSync()) {
+      _codeFile.deleteSync();
+    }
+  });
+}
+
+Future<String> _getAuthDataForExport() async {
+  final codes = await CodeStore.instance.getAllCodes();
+  String data = "";
+  for (final code in codes) {
+    data += code.rawData + "\n";
+  }
+  return data;
+}

lib/ui/settings/data/import/aegis_import.dart

@@ -0,0 +1,236 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:io';
+import 'dart:typed_data';
+import 'package:convert/convert.dart';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/common/progress_dialog.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+import 'package:pointycastle/block/aes.dart';
+import 'package:pointycastle/block/modes/gcm.dart';
+import 'package:pointycastle/key_derivators/scrypt.dart';
+import 'package:pointycastle/pointycastle.dart';
+
+Future<void> showAegisImportInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("Aegis Authenticator"),
+    body: l10n.importAegisGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.importSelectJsonFile,
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _pickAegisJsonFile(context);
+    } else {}
+  }
+}
+
+Future<void> _pickAegisJsonFile(BuildContext context) async {
+  final l10n = context.l10n;
+  FilePickerResult? result = await FilePicker.platform
+      .pickFiles(dialogTitle: l10n.importSelectJsonFile);
+  if (result == null) {
+    return;
+  }
+  final ProgressDialog progressDialog =
+      createProgressDialog(context, l10n.pleaseWait);
+  await progressDialog.show();
+  try {
+    String path = result.files.single.path!;
+    int? count = await _processAegisExportFile(context, path, progressDialog);
+    await progressDialog.hide();
+    if (count != null) {
+      await importSuccessDialog(context, count);
+    }
+  } catch (e, s) {
+    Logger('AegisImport').severe('exception while processing for aegis', e, s);
+    await progressDialog.hide();
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}
+
+Future<int?> _processAegisExportFile(
+  BuildContext context,
+  String path,
+  final ProgressDialog dialog,
+) async {
+  File file = File(path);
+
+  final jsonString = await file.readAsString();
+  final decodedJson = jsonDecode(jsonString);
+  final isEncrypted = decodedJson['header']['slots'] != null;
+  var aegisDB;
+  if (isEncrypted) {
+    String? password;
+    try {
+      await showTextInputDialog(
+        context,
+        title: "Enter password to aegis vault",
+        submitButtonLabel: "Submit",
+        isPasswordInput: true,
+        onSubmit: (value) async {
+          password = value;
+        },
+      );
+      if (password == null) {
+        await dialog.hide();
+        return null;
+      }
+      final content = decryptAegisVault(decodedJson, password: password!);
+      aegisDB = jsonDecode(content);
+    } catch (e, s) {
+      Logger("AegisImport")
+          .warning("exception while decrypting aegis vault", e, s);
+      await dialog.hide();
+      if (password != null) {
+        await showErrorDialog(
+          context,
+          "Failed to decrypt aegis vault",
+          "Please check your password and try again.",
+        );
+      }
+      return null;
+    }
+  } else {
+    aegisDB = decodedJson['db'];
+  }
+  final parsedCodes = [];
+  for (var item in aegisDB['entries']) {
+    var kind = item['type'];
+    var account = item['name'];
+    var issuer = item['issuer'];
+    var algorithm = item['info']['algo'];
+    var secret = item['info']['secret'];
+    var timer = item['info']['period'];
+    var digits = item['info']['digits'];
+
+    var counter = item['info']['counter'];
+
+    // Build the OTP URL
+    String otpUrl;
+
+    if (kind.toLowerCase() == 'totp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&period=$timer';
+    } else if (kind.toLowerCase() == 'hotp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
+    } else {
+      throw Exception('Invalid OTP type');
+    }
+    parsedCodes.add(Code.fromRawData(otpUrl));
+  }
+
+  for (final code in parsedCodes) {
+    await CodeStore.instance.addCode(code, shouldSync: false);
+  }
+  unawaited(AuthenticatorService.instance.sync());
+  int count = parsedCodes.length;
+  return count;
+}
+
+String decryptAegisVault(dynamic data, {required String password}) {
+  final header = data["header"];
+  final slots =
+      (header["slots"] as List).where((slot) => slot["type"] == 1).toList();
+
+  Uint8List? masterKey;
+  for (final slot in slots) {
+    final salt = Uint8List.fromList(hex.decode(slot["salt"]));
+    final int iterations = slot["n"];
+    final int r = slot["r"];
+    final int p = slot["p"];
+    const int derivedKeyLength = 32;
+    final script = Scrypt()
+      ..init(
+        ScryptParameters(
+          iterations,
+          r,
+          p,
+          derivedKeyLength,
+          salt,
+        ),
+      );
+
+    final key = script.process(Uint8List.fromList(utf8.encode(password)));
+
+    final params = slot["key_params"];
+    final nonce = Uint8List.fromList(hex.decode(params["nonce"]));
+    final encryptedKeyWithTag =
+        Uint8List.fromList(hex.decode(slot["key"]) + hex.decode(params["tag"]));
+
+    final cipher = GCMBlockCipher(AESEngine())
+      ..init(
+        false,
+        AEADParameters(
+          KeyParameter(key),
+          128,
+          nonce,
+          Uint8List.fromList(<int>[]),
+        ),
+      );
+
+    try {
+      masterKey = cipher.process(encryptedKeyWithTag);
+      break;
+    } catch (e) {
+      // Ignore decryption failure and continue to next slot
+    }
+  }
+
+  if (masterKey == null) {
+    throw Exception("Unable to decrypt the master key with the given password");
+  }
+
+  final content = base64.decode(data["db"]);
+  final params = header["params"];
+  final nonce = Uint8List.fromList(hex.decode(params["nonce"]));
+  final tag = Uint8List.fromList(hex.decode(params["tag"]));
+  final cipherTextWithTag = Uint8List.fromList(content + tag);
+
+  final cipher = GCMBlockCipher(AESEngine())
+    ..init(
+      false,
+      AEADParameters(
+        KeyParameter(masterKey),
+        128,
+        nonce,
+        Uint8List.fromList(<int>[]),
+      ),
+    );
+
+  final dbBytes = cipher.process(cipherTextWithTag);
+  return utf8.decode(dbBytes);
+}

lib/ui/settings/data/import/encrypted_ente_import.dart

@@ -0,0 +1,156 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:io';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/models/export/ente.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/crypto_util.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/foundation.dart';
+import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
+import 'package:logging/logging.dart';
+
+Future<void> showEncryptedImportInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("ente Auth"),
+    body: l10n.importEnteEncGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.importSelectJsonFile,
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _pickEnteJsonFile(context);
+    } else {}
+  }
+}
+
+Future<void> _decryptExportData(
+  BuildContext context,
+  EnteAuthExport enteAuthExport, {
+  String? password,
+}) async {
+  final l10n = context.l10n;
+  bool isPasswordIncorrect = false;
+  int? importedCodeCount;
+  await showTextInputDialog(
+    context,
+    title: l10n.passwordForDecryptingExport,
+    submitButtonLabel: l10n.importLabel,
+    hintText: l10n.enterYourPasswordHint,
+    isPasswordInput: true,
+    alwaysShowSuccessState: false,
+    showOnlyLoadingState: true,
+    onSubmit: (String password) async {
+      if (password.isEmpty) {
+        showToast(context, l10n.passwordEmptyError);
+        Future.delayed(const Duration(seconds: 0), () {
+          _decryptExportData(context, enteAuthExport, password: password);
+        });
+        return;
+      }
+      if (password.isNotEmpty) {
+        final progressDialog = createProgressDialog(context, l10n.pleaseWait);
+        try {
+          await progressDialog.show();
+          final derivedKey = await CryptoUtil.deriveKey(
+            utf8.encode(password) as Uint8List,
+            Sodium.base642bin(enteAuthExport.kdfParams.salt),
+            enteAuthExport.kdfParams.memLimit,
+            enteAuthExport.kdfParams.opsLimit,
+          );
+          Uint8List? decryptedContent;
+          // Encrypt the key with this derived key
+          try {
+            decryptedContent = await CryptoUtil.decryptChaCha(
+              Sodium.base642bin(enteAuthExport.encryptedData),
+              derivedKey,
+              Sodium.base642bin(enteAuthExport.encryptionNonce),
+            );
+          } catch (e) {
+            showToast(context, l10n.incorrectPasswordTitle);
+            isPasswordIncorrect = true;
+          }
+          if (isPasswordIncorrect) {
+            await progressDialog.hide();
+
+            Future.delayed(const Duration(seconds: 0), () {
+              _decryptExportData(context, enteAuthExport, password: password);
+            });
+            return;
+          }
+          String content = utf8.decode(decryptedContent!);
+          List<String> splitCodes = content.split("\n");
+          final parsedCodes = [];
+          for (final code in splitCodes) {
+            try {
+              parsedCodes.add(Code.fromRawData(code));
+            } catch (e) {
+              Logger('EncryptedText').severe("Could not parse code", e);
+            }
+          }
+          for (final code in parsedCodes) {
+            await CodeStore.instance.addCode(code, shouldSync: false);
+          }
+          unawaited(AuthenticatorService.instance.sync());
+          importedCodeCount = parsedCodes.length;
+          await progressDialog.hide();
+        } catch (e, s) {
+          await progressDialog.hide();
+          Logger("ExportWidget").severe(e, s);
+          showToast(context, "Error while exporting codes.");
+        }
+      }
+    },
+  );
+  if (importedCodeCount != null) {
+    await importSuccessDialog(context, importedCodeCount!);
+  }
+}
+
+Future<void> _pickEnteJsonFile(BuildContext context) async {
+  FilePickerResult? result = await FilePicker.platform.pickFiles();
+  if (result == null) {
+    return;
+  }
+
+  try {
+    File file = File(result.files.single.path!);
+    final jsonString = await file.readAsString();
+    EnteAuthExport exportedData =
+        EnteAuthExport.fromJson(jsonDecode(jsonString));
+    await _decryptExportData(context, exportedData);
+  } catch (e) {
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}

lib/ui/settings/data/import/google_auth_import.dart

@@ -0,0 +1,133 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:typed_data';
+import 'package:base32/base32.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/models/protos/googleauth.pb.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/scanner_gauth_page.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:flutter/material.dart';
+import 'package:flutter/widgets.dart';
+import 'package:logging/logging.dart';
+
+const kGoogleAuthExportPrefix = 'otpauth-migration://offline?data=';
+
+Future<void> showGoogleAuthInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("Google Authenticator"),
+    body: l10n.importGoogleAuthGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.scanAQrCode,
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      final List<Code>? codes = await Navigator.of(context).push(
+        MaterialPageRoute(
+          builder: (BuildContext context) {
+            return const ScannerGoogleAuthPage();
+          },
+        ),
+      );
+      if (codes == null || codes.isEmpty) {
+        return;
+      }
+      for (final code in codes) {
+        await CodeStore.instance.addCode(code, shouldSync: false);
+      }
+      unawaited(AuthenticatorService.instance.sync());
+      importSuccessDialog(context, codes.length);
+    }
+  }
+}
+
+List<Code> parseGoogleAuth(String qrCodeData) {
+  try {
+    List<Code> codes = <Code>[];
+    final String payload = qrCodeData.substring(kGoogleAuthExportPrefix.length);
+    final Uint8List base64Decoded = base64Decode(Uri.decodeComponent(payload));
+    final MigrationPayload mPayload =
+        MigrationPayload.fromBuffer(base64Decoded);
+    for (var otpParameter in mPayload.otpParameters) {
+      // Build the OTP URL
+      String otpUrl;
+      String issuer = otpParameter.issuer;
+      String account = otpParameter.name;
+      var counter = otpParameter.counter;
+      // Create a list of bytes from the list of integers.
+      Uint8List bytes = Uint8List.fromList(otpParameter.secret);
+
+      // Encode the bytes to base 32.
+      String base32String = base32.encode(bytes);
+      String secret = base32String;
+      // identify digit count
+      int digits = 6;
+      int timer = 30; // default timer, no field in Google Auth
+      Algorithm algorithm = Algorithm.sha1;
+      switch (otpParameter.algorithm) {
+        case MigrationPayload_Algorithm.ALGORITHM_MD5:
+          throw Exception('GoogleAuthImport: MD5 is not supported');
+        case MigrationPayload_Algorithm.ALGORITHM_SHA1:
+          algorithm = Algorithm.sha1;
+          break;
+        case MigrationPayload_Algorithm.ALGORITHM_SHA256:
+          algorithm = Algorithm.sha256;
+          break;
+        case MigrationPayload_Algorithm.ALGORITHM_SHA512:
+          algorithm = Algorithm.sha512;
+          break;
+        case MigrationPayload_Algorithm.ALGORITHM_UNSPECIFIED:
+          algorithm = Algorithm.sha1;
+          break;
+      }
+      switch (otpParameter.digits) {
+        case MigrationPayload_DigitCount.DIGIT_COUNT_EIGHT:
+          digits = 8;
+          break;
+        case MigrationPayload_DigitCount.DIGIT_COUNT_SIX:
+          digits = 6;
+          break;
+        case MigrationPayload_DigitCount.DIGIT_COUNT_UNSPECIFIED:
+          digits = 6;
+      }
+
+      if (otpParameter.type == MigrationPayload_OtpType.OTP_TYPE_TOTP ||
+          otpParameter.type == MigrationPayload_OtpType.OTP_TYPE_UNSPECIFIED) {
+        otpUrl =
+            'otpauth://totp/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&period=$timer';
+      } else if (otpParameter.type == MigrationPayload_OtpType.OTP_TYPE_HOTP) {
+        otpUrl =
+            'otpauth://hotp/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
+      } else {
+        throw Exception('Invalid OTP type');
+      }
+      codes.add(Code.fromRawData(otpUrl));
+    }
+    return codes;
+  } catch (e, s) {
+    Logger("GoogleAuthImport")
+        .severe("Error while parsing Google Auth QR code", e, s);
+    throw Exception('Failed to parse Google Auth QR code \n ${e.toString()}');
+  }
+}

lib/ui/settings/data/import/import_service.dart

@@ -0,0 +1,36 @@
+import 'package:ente_auth/ui/settings/data/import/aegis_import.dart';
+import 'package:ente_auth/ui/settings/data/import/encrypted_ente_import.dart';
+import 'package:ente_auth/ui/settings/data/import/google_auth_import.dart';
+import 'package:ente_auth/ui/settings/data/import/plain_text_import.dart';
+import 'package:ente_auth/ui/settings/data/import/raivo_plain_text_import.dart';
+import 'package:ente_auth/ui/settings/data/import_page.dart';
+import 'package:flutter/cupertino.dart';
+
+class ImportService {
+  static final ImportService _instance = ImportService._internal();
+
+  factory ImportService() => _instance;
+
+  ImportService._internal();
+
+  Future<void> initiateImport(BuildContext context, ImportType type) async {
+    switch (type) {
+      case ImportType.plainText:
+        showImportInstructionDialog(context);
+        break;
+      case ImportType.encrypted:
+        showEncryptedImportInstruction(context);
+        break;
+      case ImportType.ravio:
+        showRaivoImportInstruction(context);
+        break;
+      case ImportType.googleAuthenticator:
+        showGoogleAuthInstruction(context);
+        // showToast(context, 'coming soon');
+        break;
+      case ImportType.aegis:
+        showAegisImportInstruction(context);
+        break;
+    }
+  }
+}

lib/ui/settings/data/import/import_success.dart

@@ -0,0 +1,26 @@
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:flutter/cupertino.dart';
+
+Future<void> importSuccessDialog(BuildContext context, int count) async {
+  final DialogWidget dialog = choiceDialog(
+    title: context.l10n.importSuccessTitle,
+    body: context.l10n.importSuccessDesc(count),
+    firstButtonLabel: context.l10n.ok,
+    firstButtonOnTap: () async {
+      Navigator.of(context).pop();
+      if(Navigator.of(context).canPop()) {
+        Navigator.of(context).pop();
+      }
+    },
+    firstButtonType: ButtonType.primary,
+  );
+  await showConfettiDialog(
+    context: context,
+    dialogBuilder: (BuildContext context) {
+      return dialog;
+    },
+  );
+}

lib/ui/settings/data/import/plain_text_import.dart

@@ -0,0 +1,136 @@
+import 'dart:async';
+import 'dart:io';
+import 'dart:ui';
+
+import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+
+class PlainTextImport extends StatelessWidget {
+  const PlainTextImport({super.key});
+
+  @override
+  Widget build(BuildContext context) {
+    final l10n = context.l10n;
+    return Column(
+      children: [
+        Text(
+          l10n.importInstruction,
+        ),
+        const SizedBox(
+          height: 20,
+        ),
+        Container(
+          color: Theme.of(context).colorScheme.gNavBackgroundColor,
+          child: Padding(
+            padding: const EdgeInsets.all(8),
+            child: Text(
+              "otpauth://totp/provider.com:you@email.com?secret=YOUR_SECRET",
+              style: TextStyle(
+                fontFeatures: const [FontFeature.tabularFigures()],
+                fontFamily: Platform.isIOS ? "Courier" : "monospace",
+                fontSize: 13,
+              ),
+            ),
+          ),
+        ),
+        const SizedBox(
+          height: 20,
+        ),
+        Text(l10n.importCodeDelimiterInfo),
+      ],
+    );
+  }
+
+}
+
+
+Future<void> showImportInstructionDialog(BuildContext context) async {
+  final l10n = context.l10n;
+  final AlertDialog alert = AlertDialog(
+    shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
+    title: Text(
+      l10n.importCodes,
+      style: Theme.of(context).textTheme.headline6,
+    ),
+    content: const SingleChildScrollView(
+      child: PlainTextImport(),
+    ),
+    actions: [
+      TextButton(
+        child: Text(
+          l10n.cancel,
+          style: const TextStyle(
+            color: Colors.red,
+          ),
+        ),
+        onPressed: () {
+          Navigator.of(context, rootNavigator: true).pop('dialog');
+        },
+      ),
+      TextButton(
+        child: Text(l10n.selectFile),
+        onPressed: () {
+          Navigator.of(context, rootNavigator: true).pop('dialog');
+          _pickImportFile(context);
+        },
+      ),
+    ],
+  );
+
+  return showDialog(
+    context: context,
+    builder: (BuildContext context) {
+      return alert;
+    },
+    barrierColor: Colors.black12,
+  );
+}
+
+
+Future<void> _pickImportFile(BuildContext context) async {
+  final l10n = context.l10n;
+  FilePickerResult? result = await FilePicker.platform.pickFiles();
+  if (result == null) {
+    return;
+  }
+  final progressDialog = createProgressDialog(context, l10n.pleaseWait);
+  await progressDialog.show();
+  try {
+    File file = File(result.files.single.path!);
+    final codes = await file.readAsString();
+    List<String> splitCodes = codes.split(",");
+    if (splitCodes.length == 1) {
+      splitCodes = codes.split("\n");
+    }
+    final parsedCodes = [];
+    for (final code in splitCodes) {
+      try {
+        parsedCodes.add(Code.fromRawData(code));
+      } catch (e) {
+        Logger('PlainText').severe("Could not parse code", e);
+      }
+    }
+    for (final code in parsedCodes) {
+      await CodeStore.instance.addCode(code, shouldSync: false);
+    }
+    unawaited(AuthenticatorService.instance.sync());
+    await progressDialog.hide();
+    await importSuccessDialog(context, parsedCodes.length);
+  } catch (e) {
+    await progressDialog.hide();
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}

lib/ui/settings/data/import/raivo_plain_text_import.dart

@@ -0,0 +1,117 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:io';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+
+Future<void> showRaivoImportInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("Raivo OTP"),
+    body: l10n.importRaivoGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.importSelectJsonFile,
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _pickRaivoJsonFile(context);
+    } else {}
+  }
+}
+
+Future<void> _pickRaivoJsonFile(BuildContext context) async {
+  final l10n = context.l10n;
+  FilePickerResult? result = await FilePicker.platform.pickFiles();
+  if (result == null) {
+    return;
+  }
+  final progressDialog = createProgressDialog(context, l10n.pleaseWait);
+  await progressDialog.show();
+  try {
+    String path = result.files.single.path!;
+    int? count = await _processRaivoExportFile(context, path);
+    await progressDialog.hide();
+    if(count != null) {
+      await importSuccessDialog(context, count);
+    }
+  } catch (e) {
+    await progressDialog.hide();
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}
+
+Future<int?> _processRaivoExportFile(BuildContext context,String path) async {
+  File file = File(path);
+  if(path.endsWith('.zip')) {
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      "We don't support zip files yet. Please unzip the file and try again.",
+    );
+    return null;
+  }
+  final jsonString = await file.readAsString();
+  List<dynamic> jsonArray = jsonDecode(jsonString);
+  final parsedCodes = [];
+  for (var item in jsonArray) {
+    var kind = item['kind'];
+    var algorithm = item['algorithm'];
+    var timer = item['timer'];
+    var digits = item['digits'];
+    var issuer = item['issuer'];
+    var secret = item['secret'];
+    var account = item['account'];
+    var counter = item['counter'];
+
+    // Build the OTP URL
+    String otpUrl;
+
+    if (kind.toLowerCase() == 'totp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&period=$timer';
+    } else if (kind.toLowerCase() == 'hotp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
+    } else {
+      throw Exception('Invalid OTP type');
+    }
+    parsedCodes.add(Code.fromRawData(otpUrl));
+  }
+
+  for (final code in parsedCodes) {
+    await CodeStore.instance.addCode(code, shouldSync: false);
+  }
+  unawaited(AuthenticatorService.instance.sync());
+  int count = parsedCodes.length;
+  return count;
+}

lib/ui/settings/data/import_page.dart

@@ -0,0 +1,119 @@
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/theme/ente_theme.dart';
+import 'package:ente_auth/ui/components/buttons/icon_button_widget.dart';
+import 'package:ente_auth/ui/components/captioned_text_widget.dart';
+import 'package:ente_auth/ui/components/divider_widget.dart';
+import 'package:ente_auth/ui/components/menu_item_widget.dart';
+import 'package:ente_auth/ui/components/title_bar_title_widget.dart';
+import 'package:ente_auth/ui/components/title_bar_widget.dart';
+import 'package:ente_auth/ui/settings/data/import/import_service.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+
+enum ImportType {
+  plainText,
+  encrypted,
+  ravio,
+  googleAuthenticator,
+  aegis,
+}
+
+class ImportCodePage extends StatelessWidget {
+  late List<ImportType> importOptions = [
+    ImportType.plainText,
+    ImportType.encrypted,
+    ImportType.ravio,
+    ImportType.aegis,
+    ImportType.googleAuthenticator,
+  ];
+
+  ImportCodePage({super.key});
+
+  String getTitle(BuildContext context, ImportType type) {
+    switch (type) {
+      case ImportType.plainText:
+        return context.l10n.importTypePlainText;
+      case ImportType.encrypted:
+        return context.l10n.importTypeEnteEncrypted;
+      case ImportType.ravio:
+        return 'Raivo OTP';
+      case ImportType.googleAuthenticator:
+        return 'Google Authenticator';
+      case ImportType.aegis:
+        return 'Aegis Authenticator';
+    }
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    return Material(
+      color: Colors.transparent,
+      child: Scaffold(
+        body: CustomScrollView(
+          primary: false,
+          slivers: <Widget>[
+            TitleBarWidget(
+              flexibleSpaceTitle: TitleBarTitleWidget(
+                title: context.l10n.importCodes,
+              ),
+              flexibleSpaceCaption: "Import source",
+              actionIcons: [
+                IconButtonWidget(
+                  icon: Icons.close_outlined,
+                  iconButtonType: IconButtonType.secondary,
+                  onTap: () {
+                    Navigator.pop(context);
+                    if(Navigator.canPop(context)) {
+                      Navigator.pop(context);
+                    }
+                  },
+                ),
+              ],
+            ),
+            SliverList(
+              delegate: SliverChildBuilderDelegate(
+                (delegateBuildContext, index) {
+                  final type = importOptions[index];
+                  return Padding(
+                    padding: const EdgeInsets.symmetric(horizontal: 16.0),
+                    child: Column(
+                      children: [
+                        if (index == 0)
+                          const SizedBox(
+                            height: 24,
+                          ),
+                        MenuItemWidget(
+                          captionedTextWidget: CaptionedTextWidget(
+                            title: getTitle(context, type),
+                          ),
+                          alignCaptionedTextToLeft: true,
+                          menuItemColor: getEnteColorScheme(context).fillFaint,
+                          pressedColor: getEnteColorScheme(context).fillFaint,
+                          trailingIcon: Icons.chevron_right_outlined,
+                          isBottomBorderRadiusRemoved:
+                              index != importOptions.length - 1,
+                          isTopBorderRadiusRemoved: index != 0,
+                          onTap: () async {
+                            ImportService().initiateImport(context, type);
+                            // routeToPage(context, ImportCodePage());
+                            // _showImportInstructionDialog(context);
+                          },
+                        ),
+                        if (index != importOptions.length - 1)
+                          DividerWidget(
+                            dividerType: DividerType.menu,
+                            bgColor: getEnteColorScheme(context).fillFaint,
+                          ),
+                      ],
+                    ),
+                  );
+                },
+                childCount: importOptions.length,
+              ),
+            ),
+          ],
+        ),
+      ),
+    );
+  }
+}

lib/ui/settings/data_section_widget.dart

@@ -1,267 +0,0 @@
-import 'dart:async';
-import 'dart:io';
-import 'dart:ui';
-
-import 'package:ente_auth/core/configuration.dart';
-import 'package:ente_auth/ente_theme_data.dart';
-import 'package:ente_auth/l10n/l10n.dart';
-import 'package:ente_auth/models/code.dart';
-import 'package:ente_auth/services/authenticator_service.dart';
-import 'package:ente_auth/services/local_authentication_service.dart';
-import 'package:ente_auth/store/code_store.dart';
-import 'package:ente_auth/theme/ente_theme.dart';
-import 'package:ente_auth/ui/components/captioned_text_widget.dart';
-import 'package:ente_auth/ui/components/dialog_widget.dart';
-import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
-import 'package:ente_auth/ui/components/menu_item_widget.dart';
-import 'package:ente_auth/ui/components/models/button_type.dart';
-import 'package:ente_auth/ui/settings/common_settings.dart';
-import 'package:ente_auth/utils/dialog_util.dart';
-import 'package:file_picker/file_picker.dart';
-import 'package:flutter/material.dart';
-import 'package:logging/logging.dart';
-import 'package:share_plus/share_plus.dart';
-
-class DataSectionWidget extends StatelessWidget {
-  final _logger = Logger("AccountSectionWidget");
-
-  final _codeFile = File(
-    Configuration.instance.getTempDirectory() + "ente-authenticator-codes.txt",
-  );
-
-  DataSectionWidget({Key? key}) : super(key: key);
-
-  @override
-  Widget build(BuildContext context) {
-    final l10n = context.l10n;
-    return ExpandableMenuItemWidget(
-      title: l10n.data,
-      selectionOptionsWidget: _getSectionOptions(context),
-      leadingIcon: Icons.key_outlined,
-    );
-  }
-
-  Column _getSectionOptions(BuildContext context) {
-    final l10n = context.l10n;
-    List<Widget> children = [];
-    children.addAll([
-      sectionOptionSpacing,
-      MenuItemWidget(
-        captionedTextWidget: CaptionedTextWidget(
-          title: l10n.importCodes,
-        ),
-        pressedColor: getEnteColorScheme(context).fillFaint,
-        trailingIcon: Icons.chevron_right_outlined,
-        trailingIconIsMuted: true,
-        onTap: () async {
-          _showImportInstructionDialog(context);
-        },
-      ),
-      sectionOptionSpacing,
-      MenuItemWidget(
-        captionedTextWidget: CaptionedTextWidget(
-          title: l10n.exportCodes,
-        ),
-        pressedColor: getEnteColorScheme(context).fillFaint,
-        trailingIcon: Icons.chevron_right_outlined,
-        trailingIconIsMuted: true,
-        onTap: () async {
-          _showExportWarningDialog(context);
-        },
-      ),
-      sectionOptionSpacing,
-    ]);
-    return Column(
-      children: children,
-    );
-  }
-
-  Future<void> _showImportInstructionDialog(BuildContext context) async {
-    final l10n = context.l10n;
-    final AlertDialog alert = AlertDialog(
-      shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
-      title: Text(
-        l10n.importCodes,
-        style: Theme.of(context).textTheme.headline6,
-      ),
-      content: SingleChildScrollView(
-        child: Column(
-          children: [
-            Text(
-              l10n.importInstruction,
-            ),
-            const SizedBox(
-              height: 20,
-            ),
-            Container(
-              color: Theme.of(context).colorScheme.gNavBackgroundColor,
-              child: Padding(
-                padding: const EdgeInsets.all(8),
-                child: Text(
-                  "otpauth://totp/provider.com:you@email.com?secret=YOUR_SECRET",
-                  style: TextStyle(
-                    fontFeatures: const [FontFeature.tabularFigures()],
-                    fontFamily: Platform.isIOS ? "Courier" : "monospace",
-                    fontSize: 13,
-                  ),
-                ),
-              ),
-            ),
-            const SizedBox(
-              height: 20,
-            ),
-            Text(l10n.importCodeDelimiterInfo),
-          ],
-        ),
-      ),
-      actions: [
-        TextButton(
-          child: Text(
-            l10n.cancel,
-            style: const TextStyle(
-              color: Colors.red,
-            ),
-          ),
-          onPressed: () {
-            Navigator.of(context, rootNavigator: true).pop('dialog');
-          },
-        ),
-        TextButton(
-          child: Text(l10n.selectFile),
-          onPressed: () {
-            Navigator.of(context, rootNavigator: true).pop('dialog');
-            _pickImportFile(context);
-          },
-        ),
-      ],
-    );
-
-    return showDialog(
-      context: context,
-      builder: (BuildContext context) {
-        return alert;
-      },
-      barrierColor: Colors.black12,
-    );
-  }
-
-  Future<void> _showExportWarningDialog(BuildContext context) async {
-    final AlertDialog alert = AlertDialog(
-      shape: RoundedRectangleBorder(borderRadius: BorderRadius.circular(10)),
-      title: Text(
-        context.l10n.warning,
-        style: Theme.of(context).textTheme.headline6,
-      ),
-      content: Text(
-        context.l10n.exportWarningDesc,
-      ),
-      actions: [
-        TextButton(
-          child: Text(
-            context.l10n.iUnderStand,
-            style: const TextStyle(
-              color: Colors.red,
-            ),
-          ),
-          onPressed: () {
-            Navigator.of(context, rootNavigator: true).pop('dialog');
-            _exportCodes(context);
-          },
-        ),
-        TextButton(
-          child: Text(
-            context.l10n.cancel,
-          ),
-          onPressed: () {
-            Navigator.of(context, rootNavigator: true).pop('dialog');
-          },
-        ),
-      ],
-    );
-
-    return showDialog(
-      context: context,
-      builder: (BuildContext context) {
-        return alert;
-      },
-      barrierColor: Colors.black12,
-    );
-  }
-
-  Future<void> _exportCodes(BuildContext context) async {
-    final hasAuthenticated = await LocalAuthenticationService.instance
-        .requestLocalAuthentication(context, context.l10n.authToExportCodes);
-    if (!hasAuthenticated) {
-      return;
-    }
-    if (_codeFile.existsSync()) {
-      await _codeFile.delete();
-    }
-    final codes = await CodeStore.instance.getAllCodes();
-    String data = "";
-    for (final code in codes) {
-      data += code.rawData + "\n";
-    }
-    _codeFile.writeAsStringSync(data);
-    await Share.shareFiles([_codeFile.path]);
-    Future.delayed(const Duration(seconds: 15), () async {
-      if (_codeFile.existsSync()) {
-        _codeFile.deleteSync();
-      }
-    });
-  }
-
-  Future<void> _pickImportFile(BuildContext context) async {
-    final l10n = context.l10n;
-    FilePickerResult? result = await FilePicker.platform.pickFiles();
-    if (result == null) {
-      return;
-    }
-    final dialog = createProgressDialog(context, l10n.pleaseWait);
-    await dialog.show();
-    try {
-      File file = File(result.files.single.path!);
-      final codes = await file.readAsString();
-      List<String> splitCodes = codes.split(",");
-      if (splitCodes.length == 1) {
-        splitCodes = codes.split("\n");
-      }
-      final parsedCodes = [];
-      for (final code in splitCodes) {
-        try {
-          parsedCodes.add(Code.fromRawData(code));
-        } catch (e) {
-          _logger.severe("Could not parse code", e);
-        }
-      }
-      for (final code in parsedCodes) {
-        await CodeStore.instance.addCode(code, shouldSync: false);
-      }
-      unawaited(AuthenticatorService.instance.sync());
-
-      final DialogWidget dialog = choiceDialog(
-        title: context.l10n.importSuccessTitle,
-        body: context.l10n.importSuccessDesc(parsedCodes.length),
-        // body: "You have imported " + parsedCodes.length.toString() + " codes!",
-        firstButtonLabel: l10n.ok,
-        firstButtonOnTap: () async {
-          Navigator.of(context, rootNavigator: true).pop('dialog');
-        },
-        firstButtonType: ButtonType.primary,
-      );
-      await showConfettiDialog(
-        context: context,
-        dialogBuilder: (BuildContext context) {
-          return dialog;
-        },
-      );
-    } catch (e) {
-      await dialog.hide();
-      await showErrorDialog(
-        context,
-        context.l10n.sorry,
-        context.l10n.importFailureDesc,
-      );
-    }
-  }
-}

lib/ui/settings/faq.dart

@@ -0,0 +1,124 @@
+import 'dart:convert';
+
+import 'package:ente_auth/ente_theme_data.dart';
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/ui/common/loading_widget.dart';
+import 'package:expansion_tile_card/expansion_tile_card.dart';
+import 'package:flutter/material.dart';
+
+class FAQQuestionsWidget extends StatelessWidget {
+  const FAQQuestionsWidget({
+    Key? key,
+  }) : super(key: key);
+
+  @override
+  Widget build(BuildContext context) {
+    return FutureBuilder<List<FaqItem>>(
+      future: Future.value(_getFAQs(context)),
+      builder: (BuildContext context, AsyncSnapshot snapshot) {
+        if (snapshot.hasData) {
+          final faqs = <Widget>[];
+          faqs.add(
+             Padding(
+              padding: const EdgeInsets.all(24),
+              child: Text(
+                context.l10n.faq,
+                style: const TextStyle(
+                  fontSize: 18,
+                  fontWeight: FontWeight.bold,
+                ),
+              ),
+            ),
+          );
+          for (final faq in snapshot.data) {
+            faqs.add(FaqWidget(faq: faq));
+          }
+          faqs.add(
+            const Padding(
+              padding: EdgeInsets.all(16),
+            ),
+          );
+          return SingleChildScrollView(
+            child: Column(
+              children: faqs,
+            ),
+          );
+        } else {
+          return const EnteLoadingWidget();
+        }
+      },
+    );
+  }
+
+  List<FaqItem> _getFAQs(BuildContext context) {
+    final l01n = context.l10n;
+    List<FaqItem> faqs = [];
+    faqs.add(FaqItem(q: l01n.faq_q_1, a: l01n.faq_a_1));
+    faqs.add(FaqItem(q: l01n.faq_q_2, a: l01n.faq_a_2));
+    faqs.add(FaqItem(q: l01n.faq_q_3, a: l01n.faq_a_3));
+    faqs.add(FaqItem(q: l01n.faq_q_4, a: l01n.faq_a_4));
+    faqs.add(FaqItem(q: l01n.faq_q_5, a: l01n.faq_a_5));
+    return faqs;
+  }
+}
+
+class FaqWidget extends StatelessWidget {
+  const FaqWidget({
+    Key? key,
+    required this.faq,
+  }) : super(key: key);
+
+  final FaqItem? faq;
+
+  @override
+  Widget build(BuildContext context) {
+    return Padding(
+      padding: const EdgeInsets.all(2),
+      child: ExpansionTileCard(
+        elevation: 0,
+        title: Text(faq!.q),
+        expandedTextColor: Theme.of(context).colorScheme.alternativeColor,
+        baseColor: Theme.of(context).cardColor,
+        children: [
+          Align(
+            alignment: Alignment.centerLeft,
+            child: Padding(
+              padding: const EdgeInsets.only(
+                left: 16,
+                right: 16,
+                bottom: 12,
+              ),
+              child: Text(
+                faq!.a,
+                style: const TextStyle(
+                  height: 1.5,
+                ),
+              ),
+            ),
+          )
+        ],
+      ),
+    );
+  }
+}
+
+class FaqItem {
+  final String q;
+  final String a;
+
+  FaqItem({
+    required this.q,
+    required this.a,
+  });
+
+  factory FaqItem.fromMap(Map<String, dynamic> map) {
+    return FaqItem(
+      q: map['q'] ?? 'q',
+      a: map['a'] ?? 'a',
+    );
+  }
+
+  factory FaqItem.fromJson(String source) =>
+      FaqItem.fromMap(json.decode(source));
+
+}

lib/ui/settings/security_section_widget.dart

@@ -1,14 +1,26 @@
+import 'dart:async';
+import 'dart:typed_data';
+
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/user_details.dart';
 import 'package:ente_auth/services/local_authentication_service.dart';
+import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
+import 'package:ente_auth/ui/account/recovery_key_page.dart';
+import 'package:ente_auth/ui/account/request_pwd_verification_page.dart';
 import 'package:ente_auth/ui/account/sessions_page.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
 import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
 import 'package:ente_auth/ui/components/menu_item_widget.dart';
 import 'package:ente_auth/ui/components/toggle_switch_widget.dart';
 import 'package:ente_auth/ui/settings/common_settings.dart';
+import 'package:ente_auth/utils/crypto_util.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:ente_auth/utils/navigation_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
 import 'package:flutter/material.dart';
+import 'package:flutter_sodium/flutter_sodium.dart';
 
 class SecuritySectionWidget extends StatefulWidget {
   const SecuritySectionWidget({Key? key}) : super(key: key);
@@ -41,9 +53,49 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
   }
 
   Widget _getSectionOptions(BuildContext context) {
+    final bool? canDisableMFA = UserService.instance.canDisableEmailMFA();
+    if (canDisableMFA == null) {
+      // We don't know if the user can disable MFA yet, so we fetch the info
+      UserService.instance.getUserDetailsV2().ignore();
+    }
     final l10n = context.l10n;
     final List<Widget> children = [];
     children.addAll([
+      sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: l10n.recoveryKey,
+        ),
+        pressedColor: getEnteColorScheme(context).fillFaint,
+        trailingIcon: Icons.chevron_right_outlined,
+        trailingIconIsMuted: true,
+        onTap: () async {
+          final hasAuthenticated = await LocalAuthenticationService.instance
+              .requestLocalAuthentication(
+            context,
+            l10n.authToViewYourRecoveryKey,
+          );
+          if (hasAuthenticated) {
+            String recoveryKey;
+            try {
+              recoveryKey =
+                  Sodium.bin2hex(Configuration.instance.getRecoveryKey());
+            } catch (e) {
+              showGenericErrorDialog(context: context);
+              return;
+            }
+            routeToPage(
+              context,
+              RecoveryKeyPage(
+                recoveryKey,
+                l10n.ok,
+                showAppBar: true,
+                onDone: () {},
+              ),
+            );
+          }
+        },
+      ),
       MenuItemWidget(
         captionedTextWidget: CaptionedTextWidget(
           title: l10n.lockscreen,
@@ -65,6 +117,29 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
         ),
       ),
       sectionOptionSpacing,
+      MenuItemWidget(
+        captionedTextWidget: CaptionedTextWidget(
+          title: l10n.emailVerificationToggle,
+        ),
+        trailingWidget: ToggleSwitchWidget(
+          value: () => UserService.instance.hasEmailMFAEnabled(),
+          onChanged: () async {
+            final hasAuthenticated = await LocalAuthenticationService.instance
+                .requestLocalAuthentication(
+              context,
+              l10n.authToChangeEmailVerificationSetting,
+            );
+            final isEmailMFAEnabled = UserService.instance.hasEmailMFAEnabled();
+            if (hasAuthenticated) {
+              await updateEmailMFA(!isEmailMFAEnabled);
+              if (mounted) {
+                setState(() {});
+              }
+            }
+          },
+        ),
+      ),
+      sectionOptionSpacing,
       MenuItemWidget(
         captionedTextWidget: CaptionedTextWidget(
           title: context.l10n.viewActiveSessions,
@@ -95,4 +170,19 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
       children: children,
     );
   }
+
+  Future<void> updateEmailMFA(bool isEnabled) async {
+    try {
+      final UserDetails details = await UserService.instance.getUserDetailsV2(memoryCount: false);
+      if(details.profileData?.canDisableEmailMFA == false) {
+        await routeToPage(context, RequestPasswordVerificationPage(onPasswordVerified: (Uint8List keyEncryptionKey) async {
+          final Uint8List loginKey = await CryptoUtil.deriveLoginKey(keyEncryptionKey);
+          await UserService.instance.registerOrUpdateSrp(loginKey);
+        },),);
+      }
+      await UserService.instance.updateEmailMFA(isEnabled);
+    } catch (e) {
+      showToast(context, context.l10n.somethingWentWrongMessage);
+    }
+  }
 }

lib/ui/settings/social_section_widget.dart

@@ -1,4 +1,7 @@
+import 'dart:io';
+
 import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/services/update_service.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/components/captioned_text_widget.dart';
 import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
@@ -21,8 +24,26 @@ class SocialSectionWidget extends StatelessWidget {
   }
 
   Widget _getSectionOptions(BuildContext context) {
+    final l10n = context.l10n;
+    final result = UpdateService.instance.getRateDetails();
+    final String ratePlace = result.item1;
+    final String rateUrl = result.item2;
+
     final List<Widget> options = [
       sectionOptionSpacing,
+      SocialsMenuItemWidget(l10n.rateUsOnStore(ratePlace), rateUrl),
+      sectionOptionSpacing,
+      SocialsMenuItemWidget(
+        l10n.blog,
+        "https://ente.io/blog",
+        launchInExternalApp: !Platform.isAndroid,
+      ),
+      sectionOptionSpacing,
+      SocialsMenuItemWidget(
+        l10n.merchandise,
+        "https://shop.ente.io",
+        launchInExternalApp: !Platform.isAndroid,
+      ),
       const SocialsMenuItemWidget("Mastodon", "https://mstdn.social/@ente/"),
       sectionOptionSpacing,
       const SocialsMenuItemWidget("Twitter", "https://twitter.com/enteio"),
@@ -40,9 +61,15 @@ class SocialSectionWidget extends StatelessWidget {
 
 class SocialsMenuItemWidget extends StatelessWidget {
   final String text;
-  final String urlSring;
-  const SocialsMenuItemWidget(this.text, this.urlSring, {Key? key})
-      : super(key: key);
+  final String url;
+  final bool launchInExternalApp;
+
+  const SocialsMenuItemWidget(
+      this.text,
+      this.url, {
+        Key? key,
+        this.launchInExternalApp = true,
+      }) : super(key: key);
 
   @override
   Widget build(BuildContext context) {
@@ -54,7 +81,12 @@ class SocialsMenuItemWidget extends StatelessWidget {
       trailingIcon: Icons.chevron_right_outlined,
       trailingIconIsMuted: true,
       onTap: () async {
-        launchUrlString(urlSring);
+        launchUrlString(
+          url,
+          mode: launchInExternalApp
+              ? LaunchMode.externalApplication
+              : LaunchMode.platformDefault,
+        );
       },
     );
   }

lib/ui/settings/support_dev_widget.dart

@@ -23,7 +23,7 @@ class SupportDevWidget extends StatelessWidget {
       builder: (context, snapshot) {
         if (snapshot.hasData) {
           final subscription = snapshot.data;
-          if (subscription != null && subscription.productID != "free") {
+          if (subscription != null && subscription.productID == "free") {
             return GestureDetector(
               onTap: () {
                 launchUrl(Uri.parse("https://ente.io"));

lib/ui/settings/support_section_widget.dart

@@ -7,8 +7,10 @@ import 'package:ente_auth/ui/components/expandable_menu_item_widget.dart';
 import 'package:ente_auth/ui/components/menu_item_widget.dart';
 import 'package:ente_auth/ui/components/toggle_switch_widget.dart';
 import 'package:ente_auth/ui/settings/common_settings.dart';
+import 'package:ente_auth/ui/settings/faq.dart';
 import 'package:ente_auth/utils/email_util.dart';
 import 'package:flutter/material.dart';
+import 'package:url_launcher/url_launcher_string.dart';
 
 class SupportSectionWidget extends StatefulWidget {
   const SupportSectionWidget({Key? key}) : super(key: key);
@@ -33,6 +35,41 @@ class _SupportSectionWidgetState extends State<SupportSectionWidget> {
     return Column(
       children: [
         sectionOptionSpacing,
+
+        MenuItemWidget(
+          captionedTextWidget: CaptionedTextWidget(
+            title: l10n.faq,
+          ),
+          pressedColor: getEnteColorScheme(context).fillFaint,
+          trailingIcon: Icons.chevron_right_outlined,
+          trailingIconIsMuted: true,
+          onTap: () async {
+            showModalBottomSheet<void>(
+              backgroundColor: Theme.of(context).colorScheme.background,
+              barrierColor: Colors.black87,
+              context: context,
+              builder: (context) {
+                return const FAQQuestionsWidget();
+              },
+            );
+          },
+        ),
+        sectionOptionSpacing,
+        MenuItemWidget(
+          captionedTextWidget: CaptionedTextWidget(
+            title: l10n.suggestFeatures,
+          ),
+          pressedColor: getEnteColorScheme(context).fillFaint,
+          trailingIcon: Icons.chevron_right_outlined,
+          trailingIconIsMuted: true,
+          onTap: () async {
+            launchUrlString(
+              githubIssuesUrl,
+              mode: LaunchMode.externalApplication,
+            );
+          },
+        ),
+        sectionOptionSpacing,
         MenuItemWidget(
           captionedTextWidget: CaptionedTextWidget(
             title: l10n.email,

lib/ui/settings_page.dart

@@ -1,12 +1,12 @@
 import 'dart:io';
 
+import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/theme/colors.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/settings/about_section_widget.dart';
 import 'package:ente_auth/ui/settings/account_section_widget.dart';
 import 'package:ente_auth/ui/settings/app_version_widget.dart';
-import 'package:ente_auth/ui/settings/danger_section_widget.dart';
-import 'package:ente_auth/ui/settings/data_section_widget.dart';
+import 'package:ente_auth/ui/settings/data/data_section_widget.dart';
 import 'package:ente_auth/ui/settings/security_section_widget.dart';
 import 'package:ente_auth/ui/settings/social_section_widget.dart';
 import 'package:ente_auth/ui/settings/support_dev_widget.dart';
@@ -20,8 +20,10 @@ class SettingsPage extends StatelessWidget {
   final ValueNotifier<String?> emailNotifier;
   const SettingsPage({Key? key, required this.emailNotifier}) : super(key: key);
 
+
   @override
   Widget build(BuildContext context) {
+    UserService.instance.getUserDetailsV2().ignore();
     final enteColorScheme = getEnteColorScheme(context);
     return Scaffold(
       body: Container(
@@ -79,8 +81,6 @@ class SettingsPage extends StatelessWidget {
       const SocialSectionWidget(),
       sectionSpacing,
       const AboutSectionWidget(),
-      sectionSpacing,
-      const DangerSectionWidget(),
       const AppVersionWidget(),
       const SupportDevWidget(),
       const Padding(

lib/ui/utils/icon_utils.dart

@@ -0,0 +1,70 @@
+import 'dart:convert';
+
+import 'package:flutter/material.dart';
+import 'package:flutter/services.dart';
+import 'package:flutter/widgets.dart';
+import 'package:flutter_svg/svg.dart';
+
+class IconUtils {
+  IconUtils._privateConstructor();
+
+  static final IconUtils instance = IconUtils._privateConstructor();
+
+  // Map of icon-title to the color code in HEX
+  final Map<String, String> _simpleIcons = {};
+  final Map<String, String> _customIcons = {};
+
+  Future<void> init() async {
+    await _loadJson();
+  }
+
+  Widget getIcon(String provider) {
+    final title = _getProviderTitle(provider);
+    if (_customIcons.containsKey(title)) {
+      return _getSVGIcon(
+        "assets/custom-icons/icons/$title.svg",
+        title,
+        _customIcons[title]!,
+      );
+    } else if (_simpleIcons.containsKey(title)) {
+      return _getSVGIcon(
+        "assets/simple-icons/icons/$title.svg",
+        title,
+        _simpleIcons[title]!,
+      );
+    } else {
+      return const SizedBox.shrink();
+    }
+  }
+
+  Widget _getSVGIcon(String path, String title, String color) {
+    return SvgPicture.asset(
+      path,
+      width: 24,
+      semanticsLabel: title,
+      colorFilter: ColorFilter.mode(
+        Color(int.parse("0xFF" + color)),
+        BlendMode.srcIn,
+      ),
+    );
+  }
+
+  Future<void> _loadJson() async {
+    final simpleIconData = await rootBundle
+        .loadString('assets/simple-icons/_data/simple-icons.json');
+    final simpleIcons = json.decode(simpleIconData);
+    for (final icon in simpleIcons["icons"]) {
+      _simpleIcons[icon["title"].toString().toLowerCase()] = icon["hex"];
+    }
+    final customIconData = await rootBundle
+        .loadString('assets/custom-icons/_data/custom-icons.json');
+    final customIcons = json.decode(customIconData);
+    for (final icon in customIcons["icons"]) {
+      _customIcons[icon["title"].toString().toLowerCase()] = icon["hex"];
+    }
+  }
+
+  String _getProviderTitle(String provider) {
+    return provider.split(".")[0].toLowerCase();
+  }
+}

lib/utils/crypto_util.dart

@@ -1,7 +1,9 @@
+import 'dart:convert';
 import 'dart:io' as io;
 import 'dart:typed_data';
 
 import 'package:computer/computer.dart';
+import 'package:ente_auth/core/errors.dart';
 import 'package:ente_auth/models/derived_key_result.dart';
 import 'package:ente_auth/models/encryption_result.dart';
 import 'package:ente_auth/utils/device_info.dart';
@@ -11,6 +13,10 @@ import 'package:logging/logging.dart';
 const int encryptionChunkSize = 4 * 1024 * 1024;
 final int decryptionChunkSize =
     encryptionChunkSize + Sodium.cryptoSecretstreamXchacha20poly1305Abytes;
+const int hashChunkSize = 4 * 1024 * 1024;
+const int loginSubKeyLen = 32;
+const int loginSubKeyId = 1;
+const String loginSubKeyContext = "loginctx";
 
 Uint8List cryptoSecretboxEasy(Map<String, dynamic> args) {
   return Sodium.cryptoSecretboxEasy(args["source"], args["nonce"], args["key"]);
@@ -31,35 +37,47 @@ Uint8List cryptoPwHash(Map<String, dynamic> args) {
     args["salt"],
     args["opsLimit"],
     args["memLimit"],
-    Sodium.cryptoPwhashAlgDefault,
+    Sodium.cryptoPwhashAlgArgon2id13,
   );
 }
 
-Uint8List cryptoGenericHash(Map<String, dynamic> args) {
+Uint8List cryptoKdfDeriveFromKey(
+    Map<String, dynamic> args,
+    ) {
+  return Sodium.cryptoKdfDeriveFromKey(
+    args["subkeyLen"],
+    args["subkeyId"],
+    args["context"],
+    args["key"],
+  );
+}
+
+// Returns the hash for a given file, chunking it in batches of hashChunkSize
+Future<Uint8List> cryptoGenericHash(Map<String, dynamic> args) async {
   final sourceFile = io.File(args["sourceFilePath"]);
-  final sourceFileLength = sourceFile.lengthSync();
+  final sourceFileLength = await sourceFile.length();
   final inputFile = sourceFile.openSync(mode: io.FileMode.read);
   final state =
-      Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
+  Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
   var bytesRead = 0;
   bool isDone = false;
   while (!isDone) {
-    var chunkSize = encryptionChunkSize;
+    var chunkSize = hashChunkSize;
     if (bytesRead + chunkSize >= sourceFileLength) {
       chunkSize = sourceFileLength - bytesRead;
       isDone = true;
     }
-    final buffer = inputFile.readSync(chunkSize);
+    final buffer = await inputFile.read(chunkSize);
     bytesRead += chunkSize;
     Sodium.cryptoGenerichashUpdate(state, buffer);
   }
-  inputFile.closeSync();
+  await inputFile.close();
   return Sodium.cryptoGenerichashFinal(state, Sodium.cryptoGenerichashBytesMax);
 }
 
 EncryptionResult chachaEncryptData(Map<String, dynamic> args) {
   final initPushResult =
-      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
+  Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
   final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
     initPushResult.state,
     args["source"],
@@ -72,6 +90,7 @@ EncryptionResult chachaEncryptData(Map<String, dynamic> args) {
   );
 }
 
+// Encrypts a given file, in chunks of encryptionChunkSize
 Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
   final encryptionStartTime = DateTime.now().millisecondsSinceEpoch;
   final logger = Logger("ChaChaEncrypt");
@@ -83,7 +102,7 @@ Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
   final inputFile = sourceFile.openSync(mode: io.FileMode.read);
   final key = args["key"] ?? Sodium.cryptoSecretstreamXchacha20poly1305Keygen();
   final initPushResult =
-      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
+  Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
   var bytesRead = 0;
   var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
   while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
@@ -92,7 +111,7 @@ Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
       chunkSize = sourceFileLength - bytesRead;
       tag = Sodium.cryptoSecretstreamXchacha20poly1305TagFinal;
     }
-    final buffer = inputFile.readSync(chunkSize);
+    final buffer = await inputFile.read(chunkSize);
     bytesRead += chunkSize;
     final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
       initPushResult.state,
@@ -102,7 +121,7 @@ Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
     );
     await destinationFile.writeAsBytes(encryptedData, mode: io.FileMode.append);
   }
-  inputFile.closeSync();
+  await inputFile.close();
 
   logger.info(
     "Encryption time: " +
@@ -134,10 +153,10 @@ Future<void> chachaDecryptFile(Map<String, dynamic> args) async {
     if (bytesRead + chunkSize >= sourceFileLength) {
       chunkSize = sourceFileLength - bytesRead;
     }
-    final buffer = inputFile.readSync(chunkSize);
+    final buffer = await inputFile.read(chunkSize);
     bytesRead += chunkSize;
     final pullResult =
-        Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
+    Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
     await destinationFile.writeAsBytes(pullResult.m, mode: io.FileMode.append);
     tag = pullResult.tag;
   }
@@ -164,13 +183,43 @@ Uint8List chachaDecryptData(Map<String, dynamic> args) {
 }
 
 class CryptoUtil {
-  static final Computer _computer = Computer();
+  // Note: workers are turned on during app startup.
+  static final Computer _computer = Computer.shared();
 
   static init() {
-    _computer.turnOn(workersCount: 4);
-    // Sodium.init();
+    Sodium.init();
   }
 
+  static Uint8List base642bin(String b64, {
+    String? ignore,
+    int variant = Sodium.base64VariantOriginal,
+  }) {
+    return Sodium.base642bin(b64, ignore: ignore, variant: variant);
+  }
+
+  static String bin2base64(Uint8List bin, {
+    bool urlSafe = false,
+  }) {
+    return Sodium.bin2base64(
+      bin,
+      variant:
+      urlSafe ? Sodium.base64VariantUrlsafe : Sodium.base64VariantOriginal,
+    );
+  }
+
+  static String bin2hex(Uint8List bin) {
+    return Sodium.bin2hex(bin);
+  }
+
+  static Uint8List hex2bin(String hex) {
+    return Sodium.hex2bin(hex);
+  }
+
+  // Encrypts the given source, with the given key and a randomly generated
+  // nonce, using XSalsa20 (w Poly1305 MAC).
+  // This function runs on the same thread as the caller, so should be used only
+  // for small amounts of data where thread switching can result in a degraded
+  // user experience
   static EncryptionResult encryptSync(Uint8List source, Uint8List key) {
     final nonce = Sodium.randombytesBuf(Sodium.cryptoSecretboxNoncebytes);
 
@@ -186,24 +235,30 @@ class CryptoUtil {
     );
   }
 
-  static Future<Uint8List> decrypt(
-    Uint8List cipher,
-    Uint8List key,
-    Uint8List nonce,
-  ) async {
+  // Decrypts the given cipher, with the given key and nonce using XSalsa20
+  // (w Poly1305 MAC).
+  static Future<Uint8List> decrypt(Uint8List cipher,
+      Uint8List key,
+      Uint8List nonce,) async {
     final args = <String, dynamic>{};
     args["cipher"] = cipher;
     args["nonce"] = nonce;
     args["key"] = key;
-    return _computer.compute(cryptoSecretboxOpenEasy, param: args);
+    return _computer.compute(
+      cryptoSecretboxOpenEasy,
+      param: args,
+      taskName: "decrypt",
+    );
   }
 
-  static Uint8List decryptSync(
-    Uint8List cipher,
-    Uint8List? key,
-    Uint8List nonce,
-  ) {
-    assert(key != null, "key can not be null");
+  // Decrypts the given cipher, with the given key and nonce using XSalsa20
+  // (w Poly1305 MAC).
+  // This function runs on the same thread as the caller, so should be used only
+  // for small amounts of data where thread switching can result in a degraded
+  // user experience
+  static Uint8List decryptSync(Uint8List cipher,
+      Uint8List key,
+      Uint8List nonce,) {
     final args = <String, dynamic>{};
     args["cipher"] = cipher;
     args["nonce"] = nonce;
@@ -211,94 +266,130 @@ class CryptoUtil {
     return cryptoSecretboxOpenEasy(args);
   }
 
-  static Future<EncryptionResult> encryptChaCha(
-    Uint8List source,
-    Uint8List key,
-  ) async {
+  // Encrypts the given source, with the given key and a randomly generated
+  // nonce, using XChaCha20 (w Poly1305 MAC).
+  // This function runs on the isolate pool held by `_computer`.
+  // TODO: Remove "ChaCha", an implementation detail from the function name
+  static Future<EncryptionResult> encryptChaCha(Uint8List source,
+      Uint8List key,) async {
     final args = <String, dynamic>{};
     args["source"] = source;
     args["key"] = key;
-    return _computer.compute(chachaEncryptData, param: args);
+    return _computer.compute(
+      chachaEncryptData,
+      param: args,
+      taskName: "encryptChaCha",
+    );
   }
 
-  static Future<Uint8List> decryptChaCha(
-    Uint8List source,
-    Uint8List key,
-    Uint8List header,
-  ) async {
+  // Decrypts the given source, with the given key and header using XChaCha20
+  // (w Poly1305 MAC).
+  // TODO: Remove "ChaCha", an implementation detail from the function name
+  static Future<Uint8List> decryptChaCha(Uint8List source,
+      Uint8List key,
+      Uint8List header,) async {
     final args = <String, dynamic>{};
     args["source"] = source;
     args["key"] = key;
     args["header"] = header;
-    return _computer.compute(chachaDecryptData, param: args);
+    return _computer.compute(
+      chachaDecryptData,
+      param: args,
+      taskName: "decryptChaCha",
+    );
   }
 
+  // Encrypts the file at sourceFilePath, with the key (if provided) and a
+  // randomly generated nonce using XChaCha20 (w Poly1305 MAC), and writes it
+  // to the destinationFilePath.
+  // If a key is not provided, one is generated and returned.
   static Future<EncryptionResult> encryptFile(
-    String sourceFilePath,
-    String destinationFilePath, {
-    Uint8List? key,
-  }) {
+      String sourceFilePath,
+      String destinationFilePath, {
+        Uint8List? key,
+      }) {
     final args = <String, dynamic>{};
     args["sourceFilePath"] = sourceFilePath;
     args["destinationFilePath"] = destinationFilePath;
     args["key"] = key;
-    return _computer.compute(chachaEncryptFile, param: args);
+    return _computer.compute(
+      chachaEncryptFile,
+      param: args,
+      taskName: "encryptFile",
+    );
   }
 
+  // Decrypts the file at sourceFilePath, with the given key and header using
+  // XChaCha20 (w Poly1305 MAC), and writes it to the destinationFilePath.
   static Future<void> decryptFile(
-    String sourceFilePath,
-    String destinationFilePath,
-    Uint8List header,
-    Uint8List key,
-  ) {
+      String sourceFilePath,
+      String destinationFilePath,
+      Uint8List header,
+      Uint8List key,) {
     final args = <String, dynamic>{};
     args["sourceFilePath"] = sourceFilePath;
     args["destinationFilePath"] = destinationFilePath;
     args["header"] = header;
     args["key"] = key;
-    return _computer.compute(chachaDecryptFile, param: args);
+    return _computer.compute(
+      chachaDecryptFile,
+      param: args,
+      taskName: "decryptFile",
+    );
   }
 
+  // Generates and returns a 256-bit key.
   static Uint8List generateKey() {
     return Sodium.cryptoSecretboxKeygen();
   }
 
+  // Generates and returns a random byte buffer of length
+  // crypto_pwhash_SALTBYTES (16)
   static Uint8List getSaltToDeriveKey() {
     return Sodium.randombytesBuf(Sodium.cryptoPwhashSaltbytes);
   }
 
+  // Generates and returns a secret key and the corresponding public key.
   static Future<KeyPair> generateKeyPair() async {
     return Sodium.cryptoBoxKeypair();
   }
 
+  // Decrypts the input using the given publicKey-secretKey pair
   static Uint8List openSealSync(
-    Uint8List input,
-    Uint8List publicKey,
-    Uint8List secretKey,
-  ) {
+      Uint8List input,
+      Uint8List publicKey,
+      Uint8List secretKey,
+      ) {
     return Sodium.cryptoBoxSealOpen(input, publicKey, secretKey);
   }
 
+  // Encrypts the input using the given publicKey
   static Uint8List sealSync(Uint8List input, Uint8List publicKey) {
     return Sodium.cryptoBoxSeal(input, publicKey);
   }
 
+  // Derives a key for a given password and salt using Argon2id, v1.3.
+  // The function first attempts to derive a key with both memLimit and opsLimit
+  // set to their Sensitive variants.
+  // If this fails, say on a device with insufficient RAM, we retry by halving
+  // the memLimit and doubling the opsLimit, while ensuring that we stay within
+  // the min and max limits for both parameters.
+  // At all points, we ensure that the product of these two variables (the area
+  // under the graph that determines the amount of work required) is a constant.
   static Future<DerivedKeyResult> deriveSensitiveKey(
-    Uint8List password,
-    Uint8List salt,
-  ) async {
+      Uint8List password,
+      Uint8List salt,
+      ) async {
     final logger = Logger("pwhash");
-    // Default with 1 GB mem and 4 ops limit
     int memLimit = Sodium.cryptoPwhashMemlimitSensitive;
     int opsLimit = Sodium.cryptoPwhashOpslimitSensitive;
-
     if (await isLowSpecDevice()) {
       logger.info("low spec device detected");
       // When sensitive memLimit (1 GB) is used, on low spec device the OS might
-      // kill the app with OOM. To avoid that, start with 256 MB and 
+      // kill the app with OOM. To avoid that, start with 256 MB and
       // corresponding ops limit (16).
       // This ensures that the product of these two variables
-      // (the area under the graph that determines the amount of work required) 
+      // (the area under the graph that determines the amount of work required)
       // stays the same
       // SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE: 1073741824
       // SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE: 268435456
@@ -315,11 +406,8 @@ class CryptoUtil {
         key = await deriveKey(password, salt, memLimit, opsLimit);
         return DerivedKeyResult(key, memLimit, opsLimit);
       } catch (e, s) {
-        logger.severe(
-          "failed to derive memLimit: $memLimit and opsLimit: $opsLimit",
-          e,
-          s,
-        );
+        logger.warning(
+          "failed to deriveKey mem: $memLimit, ops: $opsLimit", e, s,);
       }
       memLimit = (memLimit / 2).round();
       opsLimit = opsLimit * 2;
@@ -327,29 +415,76 @@ class CryptoUtil {
     throw UnsupportedError("Cannot perform this operation on this device");
   }
 
-  static Future<Uint8List> deriveKey(
-    Uint8List password,
-    Uint8List salt,
-    int memLimit,
-    int opsLimit,
-  ) {
-    return _computer.compute(
-      cryptoPwHash,
-      param: {
-        "password": password,
-        "salt": salt,
-        "memLimit": memLimit,
-        "opsLimit": opsLimit,
-      },
-    );
+  // Derives a key for the given password and salt, using Argon2id, v1.3
+  // with memory and ops limit hardcoded to their Interactive variants
+  // NOTE: This is only used while setting passwords for shared links, as an
+  // extra layer of authentication (atop the access token and collection key).
+  // More details @ https://ente.io/blog/building-shareable-links/
+  static Future<DerivedKeyResult> deriveInteractiveKey(
+      Uint8List password,
+      Uint8List salt,
+      ) async {
+    final int memLimit = Sodium.cryptoPwhashMemlimitInteractive;
+    final int opsLimit = Sodium.cryptoPwhashOpslimitInteractive;
+    final key = await deriveKey(password, salt, memLimit, opsLimit);
+    return DerivedKeyResult(key, memLimit, opsLimit);
   }
 
+  // Derives a key for a given password, salt, memLimit and opsLimit using
+  // Argon2id, v1.3.
+  static Future<Uint8List> deriveKey(
+      Uint8List password,
+      Uint8List salt,
+      int memLimit,
+      int opsLimit,
+      ) {
+    try {
+      return _computer.compute(
+        cryptoPwHash,
+        param: {
+          "password": password,
+          "salt": salt,
+          "memLimit": memLimit,
+          "opsLimit": opsLimit,
+        },
+        taskName: "deriveKey",
+      );
+    } catch(e,s) {
+      final String errMessage = 'failed to deriveKey memLimit: $memLimit and '
+          'opsLimit: $opsLimit';
+      Logger("CryptoUtilDeriveKey").warning(errMessage, e, s);
+      throw KeyDerivationError();
+    }
+  }
+
+  // derives a Login key as subKey from the given key by applying KDF
+  // (Key Derivation Function) with the `loginSubKeyId` and
+  // `loginSubKeyLen` and `loginSubKeyContext` as context
+  static Future<Uint8List> deriveLoginKey(
+      Uint8List key,
+      ) async {
+    final Uint8List derivedKey = await  _computer.compute(
+      cryptoKdfDeriveFromKey,
+      param: {
+        "key": key,
+        "subkeyId": loginSubKeyId,
+        "subkeyLen": loginSubKeyLen,
+        "context": utf8.encode(loginSubKeyContext),
+      },
+      taskName: "deriveLoginKey",
+    );
+    // return the first 16 bytes of the derived key
+    return derivedKey.sublist(0, 16);
+  }
+
+  // Computes and returns the hash of the source file
   static Future<Uint8List> getHash(io.File source) {
     return _computer.compute(
       cryptoGenericHash,
       param: {
         "sourceFilePath": source.path,
       },
+      taskName: "fileHash",
     );
   }
 }

lib/utils/dialog_util.dart

@@ -310,26 +310,29 @@ Future<dynamic> showTextInputDialog(
     builder: (context) {
       final bottomInset = MediaQuery.of(context).viewInsets.bottom;
       final isKeyboardUp = bottomInset > 100;
-      return Center(
-        child: Padding(
-          padding: EdgeInsets.only(bottom: isKeyboardUp ? bottomInset : 0),
-          child: TextInputDialog(
-            title: title,
-            message: message,
-            label: label,
-            body: body,
-            icon: icon,
-            submitButtonLabel: submitButtonLabel,
-            onSubmit: onSubmit,
-            hintText: hintText,
-            prefixIcon: prefixIcon,
-            initialValue: initialValue,
-            alignMessage: alignMessage,
-            maxLength: maxLength,
-            showOnlyLoadingState: showOnlyLoadingState,
-            textCapitalization: textCapitalization,
-            alwaysShowSuccessState: alwaysShowSuccessState,
-            isPasswordInput: isPasswordInput,
+      return Material(
+        color: Colors.transparent,
+        child: Center(
+          child: Padding(
+            padding: EdgeInsets.only(bottom: isKeyboardUp ? bottomInset : 0),
+            child: TextInputDialog(
+              title: title,
+              message: message,
+              label: label,
+              body: body,
+              icon: icon,
+              submitButtonLabel: submitButtonLabel,
+              onSubmit: onSubmit,
+              hintText: hintText,
+              prefixIcon: prefixIcon,
+              initialValue: initialValue,
+              alignMessage: alignMessage,
+              maxLength: maxLength,
+              showOnlyLoadingState: showOnlyLoadingState,
+              textCapitalization: textCapitalization,
+              alwaysShowSuccessState: alwaysShowSuccessState,
+              isPasswordInput: isPasswordInput,
+            ),
           ),
         ),
       );

lib/utils/totp_util.dart

@@ -1,7 +1,11 @@
 import 'package:ente_auth/models/code.dart';
+import 'package:flutter/foundation.dart';
 import 'package:otp/otp.dart' as otp;
 
-String getTotp(Code code) {
+String getOTP(Code code) {
+  if(code.type == Type.hotp) {
+    return _getHOTPCode(code);
+  }
   return otp.OTP.generateTOTPCodeString(
     getSanitizedSecret(code.secret),
     DateTime.now().millisecondsSinceEpoch,
@@ -12,6 +16,16 @@ String getTotp(Code code) {
   );
 }
 
+String _getHOTPCode(Code code) {
+  return otp.OTP.generateHOTPCodeString(
+    getSanitizedSecret(code.secret),
+    code.counter,
+    length: code.digits,
+    algorithm: _getAlgorithm(code),
+    isGoogle: true,
+  );
+}
+
 String getNextTotp(Code code) {
   return otp.OTP.generateTOTPCodeString(
     getSanitizedSecret(code.secret),
@@ -37,3 +51,13 @@ otp.Algorithm _getAlgorithm(Code code) {
 String getSanitizedSecret(String secret) {
   return secret.toUpperCase().trim().replaceAll(' ', '');
 }
+
+String safeDecode(String value) {
+  try {
+    return Uri.decodeComponent(value);
+  } catch (e) {
+    // note: don't log the value, it might contain sensitive information
+    debugPrint("Failed to decode $e");
+    return value;
+  }
+}

macos/Podfile

@@ -1,4 +1,4 @@
-platform :osx, '10.11'
+platform :osx, '10.14'
 
 # CocoaPods analytics sends network stats synchronously affecting flutter build latency.
 ENV['COCOAPODS_DISABLE_STATS'] = 'true'

macos/Podfile.lock

@@ -2,7 +2,11 @@ PODS:
   - connectivity_macos (0.0.1):
     - FlutterMacOS
     - Reachability
-  - flutter_secure_storage_macos (3.3.1):
+  - device_info_plus (0.0.1):
+    - FlutterMacOS
+  - flutter_local_notifications (0.0.1):
+    - FlutterMacOS
+  - flutter_secure_storage_macos (6.1.1):
     - FlutterMacOS
   - FlutterMacOS (1.0.0)
   - FMDB (2.7.5):
@@ -10,12 +14,19 @@ PODS:
   - FMDB/standard (2.7.5)
   - package_info_plus_macos (0.0.1):
     - FlutterMacOS
-  - path_provider_macos (0.0.1):
+  - path_provider_foundation (0.0.1):
+    - Flutter
     - FlutterMacOS
   - Reachability (3.2)
+  - Sentry/HybridSDK (7.31.5)
+  - sentry_flutter (0.0.1):
+    - Flutter
+    - FlutterMacOS
+    - Sentry/HybridSDK (= 7.31.5)
   - share_plus_macos (0.0.1):
     - FlutterMacOS
-  - shared_preferences_macos (0.0.1):
+  - shared_preferences_foundation (0.0.1):
+    - Flutter
     - FlutterMacOS
   - sqflite (0.0.2):
     - FlutterMacOS
@@ -25,12 +36,15 @@ PODS:
 
 DEPENDENCIES:
   - connectivity_macos (from `Flutter/ephemeral/.symlinks/plugins/connectivity_macos/macos`)
+  - device_info_plus (from `Flutter/ephemeral/.symlinks/plugins/device_info_plus/macos`)
+  - flutter_local_notifications (from `Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos`)
   - flutter_secure_storage_macos (from `Flutter/ephemeral/.symlinks/plugins/flutter_secure_storage_macos/macos`)
   - FlutterMacOS (from `Flutter/ephemeral`)
   - package_info_plus_macos (from `Flutter/ephemeral/.symlinks/plugins/package_info_plus_macos/macos`)
-  - path_provider_macos (from `Flutter/ephemeral/.symlinks/plugins/path_provider_macos/macos`)
+  - path_provider_foundation (from `Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/macos`)
+  - sentry_flutter (from `Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos`)
   - share_plus_macos (from `Flutter/ephemeral/.symlinks/plugins/share_plus_macos/macos`)
-  - shared_preferences_macos (from `Flutter/ephemeral/.symlinks/plugins/shared_preferences_macos/macos`)
+  - shared_preferences_foundation (from `Flutter/ephemeral/.symlinks/plugins/shared_preferences_foundation/macos`)
   - sqflite (from `Flutter/ephemeral/.symlinks/plugins/sqflite/macos`)
   - url_launcher_macos (from `Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos`)
 
@@ -38,22 +52,29 @@ SPEC REPOS:
   trunk:
     - FMDB
     - Reachability
+    - Sentry
 
 EXTERNAL SOURCES:
   connectivity_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/connectivity_macos/macos
+  device_info_plus:
+    :path: Flutter/ephemeral/.symlinks/plugins/device_info_plus/macos
+  flutter_local_notifications:
+    :path: Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos
   flutter_secure_storage_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/flutter_secure_storage_macos/macos
   FlutterMacOS:
     :path: Flutter/ephemeral
   package_info_plus_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/package_info_plus_macos/macos
-  path_provider_macos:
-    :path: Flutter/ephemeral/.symlinks/plugins/path_provider_macos/macos
+  path_provider_foundation:
+    :path: Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/macos
+  sentry_flutter:
+    :path: Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos
   share_plus_macos:
     :path: Flutter/ephemeral/.symlinks/plugins/share_plus_macos/macos
-  shared_preferences_macos:
-    :path: Flutter/ephemeral/.symlinks/plugins/shared_preferences_macos/macos
+  shared_preferences_foundation:
+    :path: Flutter/ephemeral/.symlinks/plugins/shared_preferences_foundation/macos
   sqflite:
     :path: Flutter/ephemeral/.symlinks/plugins/sqflite/macos
   url_launcher_macos:
@@ -61,17 +82,21 @@ EXTERNAL SOURCES:
 
 SPEC CHECKSUMS:
   connectivity_macos: 5dae6ee11d320fac7c05f0d08bd08fc32b5514d9
-  flutter_secure_storage_macos: 6ceee8fbc7f484553ad17f79361b556259df89aa
-  FlutterMacOS: ae6af50a8ea7d6103d888583d46bd8328a7e9811
+  device_info_plus: 5401765fde0b8d062a2f8eb65510fb17e77cf07f
+  flutter_local_notifications: 3805ca215b2fb7f397d78b66db91f6a747af52e4
+  flutter_secure_storage_macos: d56e2d218c1130b262bef8b4a7d64f88d7f9c9ea
+  FlutterMacOS: 8f6f14fa908a6fb3fba0cd85dbd81ec4b251fb24
   FMDB: 2ce00b547f966261cd18927a3ddb07cb6f3db82a
   package_info_plus_macos: f010621b07802a241d96d01876d6705f15e77c1c
-  path_provider_macos: 3c0c3b4b0d4a76d2bf989a913c2de869c5641a19
+  path_provider_foundation: 37748e03f12783f9de2cb2c4eadfaa25fe6d4852
   Reachability: 33e18b67625424e47b6cde6d202dce689ad7af96
+  Sentry: 4c9babff9034785067c896fd580b1f7de44da020
+  sentry_flutter: b10ae7a5ddcbc7f04648eeb2672b5747230172f1
   share_plus_macos: 853ee48e7dce06b633998ca0735d482dd671ade4
-  shared_preferences_macos: a64dc611287ed6cbe28fd1297898db1336975727
+  shared_preferences_foundation: 297b3ebca31b34ec92be11acd7fb0ba932c822ca
   sqflite: a5789cceda41d54d23f31d6de539d65bb14100ea
-  url_launcher_macos: 597e05b8e514239626bcf4a850fcf9ef5c856ec3
+  url_launcher_macos: c04e4fa86382d4f94f6b38f14625708be3ae52e2
 
-PODFILE CHECKSUM: 6eac6b3292e5142cfc23bdeb71848a40ec51c14c
+PODFILE CHECKSUM: 353c8bcc5d5b0994e508d035b5431cfe18c1dea7
 
-COCOAPODS: 1.11.3
+COCOAPODS: 1.12.1

macos/Runner.xcodeproj/project.pbxproj

@@ -3,7 +3,7 @@
 	archiveVersion = 1;
 	classes = {
 	};
-	objectVersion = 51;
+	objectVersion = 54;
 	objects = {
 
 /* Begin PBXAggregateTarget section */
@@ -256,6 +256,7 @@
 /* Begin PBXShellScriptBuildPhase section */
 		3399D490228B24CF009A79C7 /* ShellScript */ = {
 			isa = PBXShellScriptBuildPhase;
+			alwaysOutOfDate = 1;
 			buildActionMask = 2147483647;
 			files = (
 			);
@@ -404,7 +405,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				MACOSX_DEPLOYMENT_TARGET = 10.11;
+				MACOSX_DEPLOYMENT_TARGET = 10.14;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = macosx;
 				SWIFT_COMPILATION_MODE = wholemodule;
@@ -483,7 +484,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				MACOSX_DEPLOYMENT_TARGET = 10.11;
+				MACOSX_DEPLOYMENT_TARGET = 10.14;
 				MTL_ENABLE_DEBUG_INFO = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = macosx;
@@ -530,7 +531,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				MACOSX_DEPLOYMENT_TARGET = 10.11;
+				MACOSX_DEPLOYMENT_TARGET = 10.14;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = macosx;
 				SWIFT_COMPILATION_MODE = wholemodule;

migration-guides/authy.md

@@ -3,7 +3,7 @@ A guide written by Green, an ente.io lover
 
 ---
 
-Migrating from Authy can be tiring, as there is you cannot export your 2FA codes through the app, meaning that you would have to reconfigure 2FA for all of your accounts for your new 2FA authenticator. But do not fear, as there is a much simpler way to migrate from Authy to ente Authenticator.
+Migrating from Authy can be tiring, as you cannot export your 2FA codes through the app, meaning that you would have to reconfigure 2FA for all of your accounts for your new 2FA authenticator. But do not fear, as there is a much simpler way to migrate from Authy to ente!
 
 A user on GitHub has written a guide to export our data from Authy (morpheus on Discord found this and showed it to us), so we are going to be using that for the migration.
 
@@ -54,3 +54,5 @@ Now that we have the TXT file, let's import it. This should be the easiest part
 4. Select the TXT file that was made earlier.
 
 And that's it! You have now successfully migrated from Authy to ente Authenticator.
+
+Just one more thing: Now that your secrets are safely stored, I recommend you delete the unencrypted JSON and TXT files that were made during the migration process for security.

migration-guides/encrypted_export.md

@@ -0,0 +1,52 @@
+# Auth Encrypted Export format
+
+## Overview
+
+When we export the auth codes, the data is encrypted using a key derived from the user's password. 
+This document describes the JSON structure used to organize exported data, including versioning and key derivation parameters.
+
+## Export JSON Sample
+
+```json
+{
+  "version": 1,
+  "kdfParams": {
+    "memLimit": 4096,
+    "opsLimit": 3,
+    "salt": "example_salt"
+  },
+  "encryptedData": "encrypted_data_here",
+  "encryptionNonce": "nonce_here"
+}
+```
+
+The main object used to represent the export data. It contains the following key-value pairs:
+
+- `version`: The version of the export format.
+- `kdfParams`:  Key derivation function parameters.
+- `encryptedData"`:  The encrypted authentication data.
+- `encryptionNonce`: The nonce used for encryption.
+
+### Version 
+
+Export version is used to identify the format of the export data. 
+#### Ver: 1
+* KDF Algorithm: `ARGON2ID`
+* Decrypted data format: `otpauth://totp/...`, separated by a new line.
+* Encryption Algo: `XChaCha20-Poly1305`
+
+#### Key Derivation Function  Params (KDF)
+
+This section contains the parameters that were using during KDF operation:
+
+- `memLimit`: Memory limit for the algorithm.
+- `opsLimit`: Operations limit for the algorithm.
+- `salt`:  The salt used in the derivation process.
+
+#### Encrypted Data
+As mentioned above, the auth data is encrypted using a key that's derived by using user provided password & kdf params.
+For encryption, we are using `XChaCha20-Poly1305` algorithm. 
+
+## How to use the export data
+* **ente Authenticator app**: You can directly import the codes in the ente Authenticator app. 
+    >Settings -> Data -> Import Codes -> ente Encrypted export. 

protos/googleauth.proto

@@ -0,0 +1,40 @@
+syntax = "proto3";
+package googleauth;
+
+message MigrationPayload {
+  enum Algorithm {
+    ALGORITHM_UNSPECIFIED = 0;
+    ALGORITHM_SHA1 = 1;
+    ALGORITHM_SHA256 = 2;
+    ALGORITHM_SHA512 = 3;
+    ALGORITHM_MD5 = 4;
+  }
+
+  enum DigitCount {
+    DIGIT_COUNT_UNSPECIFIED = 0;
+    DIGIT_COUNT_SIX = 1;
+    DIGIT_COUNT_EIGHT = 2;
+  }
+
+  enum OtpType {
+    OTP_TYPE_UNSPECIFIED = 0;
+    OTP_TYPE_HOTP = 1;
+    OTP_TYPE_TOTP = 2;
+  }
+
+  message OtpParameters {
+    bytes secret = 1;
+    string name = 2;
+    string issuer = 3;
+    Algorithm algorithm = 4;
+    DigitCount digits = 5;
+    OtpType type = 6;
+    int64 counter = 7;
+  }
+
+  repeated OtpParameters otp_parameters = 1;
+  int32 version = 2;
+  int32 batch_size = 3;
+  int32 batch_index = 4;
+  int32 batch_id = 5;
+}

pubspec.lock

@@ -5,42 +5,42 @@ packages:
     dependency: transitive
     description:
       name: _fe_analyzer_shared
-      sha256: "4897882604d919befd350648c7f91926a9d5de99e67b455bf0917cc2362f4bb8"
+      sha256: ae92f5d747aee634b87f89d9946000c2de774be1d6ac3e58268224348cd0101a
       url: "https://pub.dev"
     source: hosted
-    version: "47.0.0"
+    version: "61.0.0"
   adaptive_theme:
     dependency: "direct main"
     description:
       name: adaptive_theme
-      sha256: "84af26cfc68220df3cd35d9d94cb8953e7182ef560e13d8efb87f32bf1e588fc"
+      sha256: "3568bb526d4823c7bb35f9ce3604af15e04cc0e9cc4f257da3604fe6b48d74ae"
       url: "https://pub.dev"
     source: hosted
-    version: "3.1.1"
+    version: "3.2.1"
   analyzer:
     dependency: transitive
     description:
       name: analyzer
-      sha256: "690e335554a8385bc9d787117d9eb52c0c03ee207a607e593de3c9d71b1cfe80"
+      sha256: ea3d8652bda62982addfd92fdc2d0214e5f82e43325104990d4f4c4a2a313562
       url: "https://pub.dev"
     source: hosted
-    version: "4.7.0"
+    version: "5.13.0"
   archive:
-    dependency: transitive
+    dependency: "direct main"
     description:
       name: archive
-      sha256: d6347d54a2d8028e0437e3c099f66fdb8ae02c4720c1e7534c9f24c10351f85d
+      sha256: "0c8368c9b3f0abbc193b9d6133649a614204b528982bebc7026372d61677ce3a"
       url: "https://pub.dev"
     source: hosted
-    version: "3.3.6"
+    version: "3.3.7"
   args:
     dependency: transitive
     description:
       name: args
-      sha256: "139d809800a412ebb26a3892da228b2d0ba36f0ef5d9a82166e5e52ec8d61611"
+      sha256: eef6c46b622e0494a36c5a12d10d77fb4e855501a91c1b9ef9339326e58f0596
       url: "https://pub.dev"
     source: hosted
-    version: "2.3.2"
+    version: "2.4.2"
   async:
     dependency: transitive
     description:
@@ -50,7 +50,7 @@ packages:
     source: hosted
     version: "2.10.0"
   base32:
-    dependency: transitive
+    dependency: "direct main"
     description:
       name: base32
       sha256: ddad4ebfedf93d4500818ed8e61443b734ffe7cf8a45c668c9b34ef6adde02e2
@@ -69,18 +69,18 @@ packages:
     dependency: "direct main"
     description:
       name: bloc
-      sha256: bd4f8027bfa60d96c8046dec5ce74c463b2c918dce1b0d36593575995344534a
+      sha256: "3820f15f502372d979121de1f6b97bfcf1630ebff8fe1d52fb2b0bfa49be5b49"
       url: "https://pub.dev"
     source: hosted
-    version: "8.1.0"
+    version: "8.1.2"
   bloc_test:
     dependency: "direct dev"
     description:
       name: bloc_test
-      sha256: "622b97678bf8c06a94f4c26a89ee9ebf7319bf775383dee2233e86e1f94ee28d"
+      sha256: "43d5b2f3d09ba768d6b611151bdf20ca141ffb46e795eb9550a58c9c2f4eae3f"
       url: "https://pub.dev"
     source: hosted
-    version: "9.1.0"
+    version: "9.1.3"
   boolean_selector:
     dependency: transitive
     description:
@@ -117,10 +117,10 @@ packages:
     dependency: transitive
     description:
       name: build_resolvers
-      sha256: "687cf90a3951affac1bd5f9ecb5e3e90b60487f3d9cdc359bb310f8876bb02a6"
+      sha256: "6c4dd11d05d056e76320b828a1db0fc01ccd376922526f8e9d6c796a5adbac20"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.10"
+    version: "2.2.1"
   build_runner:
     dependency: "direct dev"
     description:
@@ -133,10 +133,10 @@ packages:
     dependency: transitive
     description:
       name: build_runner_core
-      sha256: "14febe0f5bac5ae474117a36099b4de6f1dbc52df6c5e55534b3da9591bf4292"
+      sha256: "0671ad4162ed510b70d0eb4ad6354c249f8429cab4ae7a4cec86bbc2886eb76e"
       url: "https://pub.dev"
     source: hosted
-    version: "7.2.7"
+    version: "7.2.7+1"
   built_collection:
     dependency: transitive
     description:
@@ -149,10 +149,10 @@ packages:
     dependency: transitive
     description:
       name: built_value
-      sha256: "169565c8ad06adb760c3645bf71f00bff161b00002cace266cad42c5d22a7725"
+      sha256: "598a2a682e2a7a90f08ba39c0aaa9374c5112340f0a2e275f61b59389543d166"
       url: "https://pub.dev"
     source: hosted
-    version: "8.4.3"
+    version: "8.6.1"
   characters:
     dependency: transitive
     description:
@@ -165,10 +165,10 @@ packages:
     dependency: transitive
     description:
       name: checked_yaml
-      sha256: "3d1505d91afa809d177efd4eed5bb0eb65805097a1463abdd2add076effae311"
+      sha256: feb6bed21949061731a7a75fc5d2aa727cf160b91af9a3e464c5e3a32e28b5ff
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.2"
+    version: "2.0.3"
   clipboard:
     dependency: "direct main"
     description:
@@ -189,10 +189,10 @@ packages:
     dependency: transitive
     description:
       name: code_builder
-      sha256: "0d43dd1288fd145de1ecc9a3948ad4a6d5a82f0a14c4fdd0892260787d975cbe"
+      sha256: "4ad01d6e56db961d29661561effde45e519939fdaeb46c351275b182eac70189"
       url: "https://pub.dev"
     source: hosted
-    version: "4.4.0"
+    version: "4.5.0"
   collection:
     dependency: "direct main"
     description:
@@ -204,11 +204,12 @@ packages:
   computer:
     dependency: "direct main"
     description:
-      name: computer
-      sha256: "3df9f1ef497aaf69e066b00f4441726eb28037dc33e97b5d56393967f92c5fe8"
-      url: "https://pub.dev"
-    source: hosted
-    version: "2.0.0"
+      path: "."
+      ref: HEAD
+      resolved-ref: "82e365fed8a1a76f6eea0220de98389eed7b0445"
+      url: "https://github.com/ente-io/computer.git"
+    source: git
+    version: "3.2.1"
   confetti:
     dependency: "direct main"
     description:
@@ -261,10 +262,10 @@ packages:
     dependency: transitive
     description:
       name: coverage
-      sha256: "961c4aebd27917269b1896382c7cb1b1ba81629ba669ba09c27a7e5710ec9040"
+      sha256: "2fb815080e44a09b85e0f2ca8a820b15053982b2e714b59267719e8a9ff17097"
       url: "https://pub.dev"
     source: hosted
-    version: "1.6.2"
+    version: "1.6.3"
   cross_file:
     dependency: transitive
     description:
@@ -277,18 +278,18 @@ packages:
     dependency: transitive
     description:
       name: crypto
-      sha256: aa274aa7774f8964e4f4f38cc994db7b6158dd36e9187aaceaddc994b35c6c67
+      sha256: ff625774173754681d66daaf4a448684fb04b78f902da9cb3d308c19cc5e8bab
       url: "https://pub.dev"
     source: hosted
-    version: "3.0.2"
+    version: "3.0.3"
   csslib:
     dependency: transitive
     description:
       name: csslib
-      sha256: b36c7f7e24c0bdf1bf9a3da461c837d1de64b9f8beb190c9011d8c72a3dfd745
+      sha256: "706b5707578e0c1b4b7550f64078f0a0f19dec3f50a178ffae7006b0a9ca58fb"
       url: "https://pub.dev"
     source: hosted
-    version: "0.17.2"
+    version: "1.0.0"
   cupertino_icons:
     dependency: "direct main"
     description:
@@ -301,10 +302,10 @@ packages:
     dependency: transitive
     description:
       name: dart_style
-      sha256: "7a03456c3490394c8e7665890333e91ae8a49be43542b616e414449ac358acd4"
+      sha256: "1efa911ca7086affd35f463ca2fc1799584fb6aa89883cf0af8e3664d6a02d55"
       url: "https://pub.dev"
     source: hosted
-    version: "2.2.4"
+    version: "2.3.2"
   dbus:
     dependency: transitive
     description:
@@ -317,10 +318,10 @@ packages:
     dependency: "direct main"
     description:
       name: device_info_plus
-      sha256: "7ff671ed0a6356fa8f2e1ae7d3558d3fb7b6a41e24455e4f8df75b811fb8e4ab"
+      sha256: f52ab3b76b36ede4d135aab80194df8925b553686f0fa12226b4e2d658e45903
       url: "https://pub.dev"
     source: hosted
-    version: "8.0.0"
+    version: "8.2.2"
   device_info_plus_platform_interface:
     dependency: transitive
     description:
@@ -397,10 +398,10 @@ packages:
     dependency: transitive
     description:
       name: ffi
-      sha256: a38574032c5f1dd06c4aee541789906c12ccaab8ba01446e800d9c5b79c4a978
+      sha256: ed5337a5660c506388a9f012be0288fb38b49020ce2b45fe1f8b8323fe429f99
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.1"
+    version: "2.0.2"
   file:
     dependency: transitive
     description:
@@ -413,18 +414,18 @@ packages:
     dependency: "direct main"
     description:
       name: file_picker
-      sha256: d090ae03df98b0247b82e5928f44d1b959867049d18d73635e2e0bc3f49542b9
+      sha256: b85eb92b175767fdaa0c543bf3b0d1f610fe966412ea72845fe5ba7801e763ff
       url: "https://pub.dev"
     source: hosted
-    version: "5.2.5"
+    version: "5.2.10"
   fixnum:
     dependency: transitive
     description:
       name: fixnum
-      sha256: "04be3e934c52e082558cc9ee21f42f5c1cd7a1262f4c63cd0357c08d5bba81ec"
+      sha256: "25517a4deb0c03aa0f32fd12db525856438902d9c16536311e76cdc57b31d7d1"
       url: "https://pub.dev"
     source: hosted
-    version: "1.0.1"
+    version: "1.1.0"
   fk_user_agent:
     dependency: "direct main"
     description:
@@ -442,10 +443,10 @@ packages:
     dependency: "direct main"
     description:
       name: flutter_bloc
-      sha256: "890c51c8007f0182360e523518a0c732efb89876cb4669307af7efada5b55557"
+      sha256: e74efb89ee6945bcbce74a5b3a5a3376b088e5f21f55c263fc38cbdc6237faae
       url: "https://pub.dev"
     source: hosted
-    version: "8.1.1"
+    version: "8.1.3"
   flutter_email_sender:
     dependency: "direct main"
     description:
@@ -511,10 +512,10 @@ packages:
     dependency: transitive
     description:
       name: flutter_plugin_android_lifecycle
-      sha256: "60fc7b78455b94e6de2333d2f95196d32cf5c22f4b0b0520a628804cb463503b"
+      sha256: "950e77c2bbe1692bc0874fc7fb491b96a4dc340457f4ea1641443d0a6c1ea360"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.7"
+    version: "2.0.15"
   flutter_secure_storage:
     dependency: "direct main"
     description:
@@ -588,6 +589,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "6.2.0"
+  flutter_svg:
+    dependency: "direct main"
+    description:
+      name: flutter_svg
+      sha256: f991fdb1533c3caeee0cdc14b04f50f0c3916f0dbcbc05237ccbe4e3c6b93f3f
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.0.5"
   flutter_test:
     dependency: "direct dev"
     description: flutter
@@ -602,10 +611,10 @@ packages:
     dependency: "direct main"
     description:
       name: fluttertoast
-      sha256: "7cc92eabe01e3f1babe1571c5560b135dfc762a34e41e9056881e2196b178ec1"
+      sha256: "474f7d506230897a3cd28c965ec21c5328ae5605fc9c400cd330e9e9d6ac175c"
       url: "https://pub.dev"
     source: hosted
-    version: "8.1.2"
+    version: "8.2.2"
   frontend_server_client:
     dependency: transitive
     description:
@@ -618,10 +627,10 @@ packages:
     dependency: transitive
     description:
       name: glob
-      sha256: "4515b5b6ddb505ebdd242a5f2cc5d22d3d6a80013789debfbda7777f47ea308c"
+      sha256: "0e7014b3b7d4dac1ca4d6114f82bf1782ee86745b9b42a92c9289c23d8a0ab63"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.1"
+    version: "2.1.2"
   google_nav_bar:
     dependency: "direct main"
     description:
@@ -634,10 +643,10 @@ packages:
     dependency: transitive
     description:
       name: graphs
-      sha256: f9e130f3259f52d26f0cfc0e964513796dafed572fa52e45d2f8d6ca14db39b2
+      sha256: aedc5a15e78fc65a6e23bcd927f24c64dd995062bcd1ca6eda65a3cff92a4d19
       url: "https://pub.dev"
     source: hosted
-    version: "2.2.0"
+    version: "2.3.1"
   hex:
     dependency: transitive
     description:
@@ -650,18 +659,18 @@ packages:
     dependency: transitive
     description:
       name: html
-      sha256: d9793e10dbe0e6c364f4c59bf3e01fb33a9b2a674bc7a1081693dba0614b6269
+      sha256: "3a7812d5bcd2894edf53dfaf8cd640876cf6cef50a8f238745c8b8120ea74d3a"
       url: "https://pub.dev"
     source: hosted
-    version: "0.15.1"
+    version: "0.15.4"
   http:
     dependency: "direct main"
     description:
       name: http
-      sha256: "6aa2946395183537c8b880962d935877325d6a09a2867c3970c05c0fed6ac482"
+      sha256: "5895291c13fa8a3bd82e76d5627f69e0d85ca6a30dcac95c4ea19a5d555879c2"
       url: "https://pub.dev"
     source: hosted
-    version: "0.13.5"
+    version: "0.13.6"
   http_multi_server:
     dependency: transitive
     description:
@@ -714,18 +723,18 @@ packages:
     dependency: "direct main"
     description:
       name: json_annotation
-      sha256: "3520fa844009431b5d4491a5a778603520cdc399ab3406332dcc50f93547258c"
+      sha256: b10a7b2ff83d83c777edba3c6a0f97045ddadd56c944e1a23a3fdf43a1bf4467
       url: "https://pub.dev"
     source: hosted
-    version: "4.7.0"
+    version: "4.8.1"
   json_serializable:
     dependency: "direct dev"
     description:
       name: json_serializable
-      sha256: f3c2c18a7889580f71926f30c1937727c8c7d4f3a435f8f5e8b0ddd25253ef5d
+      sha256: "43793352f90efa5d8b251893a63d767b2f7c833120e3cc02adad55eefec04dc7"
       url: "https://pub.dev"
     source: hosted
-    version: "6.5.4"
+    version: "6.6.2"
   lints:
     dependency: "direct dev"
     description:
@@ -778,10 +787,10 @@ packages:
     dependency: "direct main"
     description:
       name: logging
-      sha256: "04094f2eb032cbb06c6f6e8d3607edcfcb0455e2bb6cbc010cb01171dcb64e6d"
+      sha256: "623a88c9594aa774443aa3eb2d41807a48486b5613e67599fb4c41c0ad47c340"
       url: "https://pub.dev"
     source: hosted
-    version: "1.1.1"
+    version: "1.2.0"
   matcher:
     dependency: transitive
     description:
@@ -850,10 +859,10 @@ packages:
     dependency: transitive
     description:
       name: node_preamble
-      sha256: "8ebdbaa3b96d5285d068f80772390d27c21e1fa10fb2df6627b1b9415043608d"
+      sha256: "6e7eac89047ab8a8d26cf16127b5ed26de65209847630400f9aefd7cd5c730db"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.1"
+    version: "2.0.2"
   open_filex:
     dependency: "direct main"
     description:
@@ -866,10 +875,10 @@ packages:
     dependency: "direct main"
     description:
       name: otp
-      sha256: "337fddb07d10df56dc57f3f8a3e1a7e7abe7463cd85e4efc567c4d2bc94d4ed6"
+      sha256: fcb7f21e30c4cd80a0a982c27a9b75151cc1fe3d8f7ee680673c090171b1ad55
       url: "https://pub.dev"
     source: hosted
-    version: "3.1.3"
+    version: "3.1.4"
   package_config:
     dependency: transitive
     description:
@@ -962,50 +971,50 @@ packages:
     dependency: "direct main"
     description:
       name: path_provider
-      sha256: dcea5feb97d8abf90cab9e9030b497fb7c3cbf26b7a1fe9e3ef7dcb0a1ddec95
+      sha256: "3087813781ab814e4157b172f1a11c46be20179fcc9bea043e0fba36bc0acaa2"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.12"
+    version: "2.0.15"
   path_provider_android:
     dependency: transitive
     description:
       name: path_provider_android
-      sha256: a776c088d671b27f6e3aa8881d64b87b3e80201c64e8869b811325de7a76c15e
+      sha256: "2cec049d282c7f13c594b4a73976b0b4f2d7a1838a6dd5aaf7bd9719196bee86"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.22"
+    version: "2.0.27"
   path_provider_foundation:
     dependency: transitive
     description:
       name: path_provider_foundation
-      sha256: "62a68e7e1c6c459f9289859e2fae58290c981ce21d1697faf54910fe1faa4c74"
+      sha256: "916731ccbdce44d545414dd9961f26ba5fbaa74bcbb55237d8e65a623a8c7297"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.1"
+    version: "2.2.4"
   path_provider_linux:
     dependency: transitive
     description:
       name: path_provider_linux
-      sha256: ab0987bf95bc591da42dffb38c77398fc43309f0b9b894dcc5d6f40c4b26c379
+      sha256: ffbb8cc9ed2c9ec0e4b7a541e56fd79b138e8f47d2fb86815f15358a349b3b57
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.7"
+    version: "2.1.11"
   path_provider_platform_interface:
     dependency: transitive
     description:
       name: path_provider_platform_interface
-      sha256: f0abc8ebd7253741f05488b4813d936b4d07c6bae3e86148a09e342ee4b08e76
+      sha256: "57585299a729335f1298b43245842678cb9f43a6310351b18fb577d6e33165ec"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.5"
+    version: "2.0.6"
   path_provider_windows:
     dependency: transitive
     description:
       name: path_provider_windows
-      sha256: bcabbe399d4042b8ee687e17548d5d3f527255253b4a639f5f8d2094a9c2b45c
+      sha256: "1cb68ba4cd3a795033de62ba1b7b4564dace301f952de6bfb3cd91b202b6ee96"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.3"
+    version: "2.1.7"
   petitparser:
     dependency: transitive
     description:
@@ -1034,18 +1043,18 @@ packages:
     dependency: transitive
     description:
       name: plugin_platform_interface
-      sha256: dbf0f707c78beedc9200146ad3cb0ab4d5da13c246336987be6940f026500d3a
+      sha256: "6a2128648c854906c53fa8e33986fc0247a1116122f9534dd20e3ab9e16a32bc"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.3"
+    version: "2.1.4"
   pointycastle:
-    dependency: transitive
+    dependency: "direct main"
     description:
       name: pointycastle
-      sha256: db7306cf0249f838d1a24af52b5a5887c5bf7f31d8bb4e827d071dc0939ad346
+      sha256: "7c1e5f0d23c9016c5bbd8b1473d0d3fb3fc851b876046039509e18e0c7485f2c"
       url: "https://pub.dev"
     source: hosted
-    version: "3.6.2"
+    version: "3.7.3"
   pool:
     dependency: transitive
     description:
@@ -1062,6 +1071,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "4.2.4"
+  protobuf:
+    dependency: "direct main"
+    description:
+      name: protobuf
+      sha256: "4034a02b7e231e7e60bff30a8ac13a7347abfdac0798595fae0b90a3f0afe759"
+      url: "https://pub.dev"
+    source: hosted
+    version: "3.0.0"
   provider:
     dependency: transitive
     description:
@@ -1074,18 +1091,26 @@ packages:
     dependency: transitive
     description:
       name: pub_semver
-      sha256: "307de764d305289ff24ad257ad5c5793ce56d04947599ad68b3baa124105fc17"
+      sha256: "40d3ab1bbd474c4c2328c91e3a7df8c6dd629b79ece4c4bd04bee496a224fb0c"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.3"
+    version: "2.1.4"
   pubspec_parse:
     dependency: transitive
     description:
       name: pubspec_parse
-      sha256: "75f6614d6dde2dc68948dffbaa4fe5dae32cd700eb9fb763fe11dfb45a3c4d0a"
+      sha256: c63b2876e58e194e4b0828fcb080ad0e06d051cb607a6be51a9e084f47cb9367
       url: "https://pub.dev"
     source: hosted
-    version: "1.2.1"
+    version: "1.2.3"
+  qr:
+    dependency: transitive
+    description:
+      name: qr
+      sha256: "5c4208b4dc0d55c3184d10d83ee0ded6212dc2b5e2ba17c5a0c0aab279128d21"
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.1.0"
   qr_code_scanner:
     dependency: "direct main"
     description:
@@ -1094,22 +1119,30 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.0.1"
+  qr_flutter:
+    dependency: "direct main"
+    description:
+      name: qr_flutter
+      sha256: c5c121c54cb6dd837b9b9d57eb7bc7ec6df4aee741032060c8833a678c80b87e
+      url: "https://pub.dev"
+    source: hosted
+    version: "4.0.0"
   sentry:
     dependency: "direct main"
     description:
       name: sentry
-      sha256: c64db3444237ff747c5a68f5214897bcb078de248785d0d816e3c55ab94dd71d
+      sha256: a1529c545fcbc899e5dcc7c94ff1c6ad0c334dfc99a3cda366b1da98af7c5678
       url: "https://pub.dev"
     source: hosted
-    version: "6.19.0"
+    version: "6.22.0"
   sentry_flutter:
     dependency: "direct main"
     description:
       name: sentry_flutter
-      sha256: a76cf5180d571535fb8fc3bf10358ab385d78134fcf652d0e03ba7741525ab09
+      sha256: cab07e99a8f27af94f399cabceaff6968011660505b30a0e2286728a81bc476c
       url: "https://pub.dev"
     source: hosted
-    version: "6.19.0"
+    version: "6.22.0"
   share_plus:
     dependency: "direct main"
     description:
@@ -1138,10 +1171,10 @@ packages:
     dependency: transitive
     description:
       name: share_plus_platform_interface
-      sha256: "82ddd4ab9260c295e6e39612d4ff00390b9a7a21f1bb1da771e2f232d80ab8a1"
+      sha256: "0c6e61471bd71b04a138b8b588fa388e66d8b005e6f2deda63371c5c505a0981"
       url: "https://pub.dev"
     source: hosted
-    version: "3.2.0"
+    version: "3.2.1"
   share_plus_web:
     dependency: transitive
     description:
@@ -1162,90 +1195,90 @@ packages:
     dependency: "direct main"
     description:
       name: shared_preferences
-      sha256: "5949029e70abe87f75cfe59d17bf5c397619c4b74a099b10116baeb34786fad9"
+      sha256: "0344316c947ffeb3a529eac929e1978fcd37c26be4e8468628bac399365a3ca1"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.17"
+    version: "2.2.0"
   shared_preferences_android:
     dependency: transitive
     description:
       name: shared_preferences_android
-      sha256: "955e9736a12ba776bdd261cf030232b30eadfcd9c79b32a3250dd4a494e8c8f7"
+      sha256: fe8401ec5b6dcd739a0fe9588802069e608c3fdbfd3c3c93e546cf2f90438076
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.15"
+    version: "2.2.0"
   shared_preferences_foundation:
     dependency: transitive
     description:
       name: shared_preferences_foundation
-      sha256: "2b55c18636a4edc529fa5cd44c03d3f3100c00513f518c5127c951978efcccd0"
+      sha256: f39696b83e844923b642ce9dd4bd31736c17e697f6731a5adf445b1274cf3cd4
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.3"
+    version: "2.3.2"
   shared_preferences_linux:
     dependency: transitive
     description:
       name: shared_preferences_linux
-      sha256: f8ea038aa6da37090093974ebdcf4397010605fd2ff65c37a66f9d28394cb874
+      sha256: "71d6806d1449b0a9d4e85e0c7a917771e672a3d5dc61149cc9fac871115018e1"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.3"
+    version: "2.3.0"
   shared_preferences_platform_interface:
     dependency: transitive
     description:
       name: shared_preferences_platform_interface
-      sha256: da9431745ede5ece47bc26d5d73a9d3c6936ef6945c101a5aca46f62e52c1cf3
+      sha256: "23b052f17a25b90ff2b61aad4cc962154da76fb62848a9ce088efe30d7c50ab1"
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.0"
+    version: "2.3.0"
   shared_preferences_web:
     dependency: transitive
     description:
       name: shared_preferences_web
-      sha256: a4b5bc37fe1b368bbc81f953197d55e12f49d0296e7e412dfe2d2d77d6929958
+      sha256: "7347b194fb0bbeb4058e6a4e87ee70350b6b2b90f8ac5f8bd5b3a01548f6d33a"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.4"
+    version: "2.2.0"
   shared_preferences_windows:
     dependency: transitive
     description:
       name: shared_preferences_windows
-      sha256: "5eaf05ae77658d3521d0e993ede1af962d4b326cd2153d312df716dc250f00c9"
+      sha256: f95e6a43162bce43c9c3405f3eb6f39e5b5d11f65fab19196cf8225e2777624d
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.3"
+    version: "2.3.0"
   shelf:
     dependency: transitive
     description:
       name: shelf
-      sha256: c24a96135a2ccd62c64b69315a14adc5c3419df63b4d7c05832a346fdb73682c
+      sha256: ad29c505aee705f41a4d8963641f91ac4cee3c8fad5947e033390a7bd8180fa4
       url: "https://pub.dev"
     source: hosted
-    version: "1.4.0"
+    version: "1.4.1"
   shelf_packages_handler:
     dependency: transitive
     description:
       name: shelf_packages_handler
-      sha256: aef74dc9195746a384843102142ab65b6a4735bb3beea791e63527b88cc83306
+      sha256: "89f967eca29607c933ba9571d838be31d67f53f6e4ee15147d5dc2934fee1b1e"
       url: "https://pub.dev"
     source: hosted
-    version: "3.0.1"
+    version: "3.0.2"
   shelf_static:
     dependency: transitive
     description:
       name: shelf_static
-      sha256: e792b76b96a36d4a41b819da593aff4bdd413576b3ba6150df5d8d9996d2e74c
+      sha256: a41d3f53c4adf0f57480578c1d61d90342cd617de7fc8077b1304643c2d85c1e
       url: "https://pub.dev"
     source: hosted
-    version: "1.1.1"
+    version: "1.1.2"
   shelf_web_socket:
     dependency: transitive
     description:
       name: shelf_web_socket
-      sha256: a988c0e8d8ffbdb8a28aa7ec8e449c260f3deb808781fe1284d22c5bba7156e8
+      sha256: "9ca081be41c60190ebcb4766b2486a7d50261db7bd0f5d9615f2d653637a84c1"
       url: "https://pub.dev"
     source: hosted
-    version: "1.0.3"
+    version: "1.0.4"
   sky_engine:
     dependency: transitive
     description: flutter
@@ -1255,18 +1288,18 @@ packages:
     dependency: transitive
     description:
       name: source_gen
-      sha256: "2d79738b6bbf38a43920e2b8d189e9a3ce6cc201f4b8fc76be5e4fe377b1c38d"
+      sha256: "373f96cf5a8744bc9816c1ff41cf5391bbdbe3d7a96fe98c622b6738a8a7bd33"
       url: "https://pub.dev"
     source: hosted
-    version: "1.2.6"
+    version: "1.3.2"
   source_helper:
     dependency: transitive
     description:
       name: source_helper
-      sha256: "3b67aade1d52416149c633ba1bb36df44d97c6b51830c2198e934e3fca87ca1f"
+      sha256: "6adebc0006c37dd63fe05bca0a929b99f06402fc95aa35bf36d67f5c06de01fd"
       url: "https://pub.dev"
     source: hosted
-    version: "1.3.3"
+    version: "1.3.4"
   source_map_stack_trace:
     dependency: transitive
     description:
@@ -1279,10 +1312,10 @@ packages:
     dependency: transitive
     description:
       name: source_maps
-      sha256: "490098075234dcedb83c5d949b4c93dad5e6b7702748de000be2b57b8e6b2427"
+      sha256: "708b3f6b97248e5781f493b765c3337db11c5d2c81c3094f10904bfa8004c703"
       url: "https://pub.dev"
     source: hosted
-    version: "0.10.11"
+    version: "0.10.12"
   source_span:
     dependency: transitive
     description:
@@ -1295,18 +1328,18 @@ packages:
     dependency: "direct main"
     description:
       name: sqflite
-      sha256: "78324387dc81df14f78df06019175a86a2ee0437624166c382e145d0a7fd9a4f"
+      sha256: b4d6710e1200e96845747e37338ea8a819a12b51689a3bcf31eff0003b37a0b9
       url: "https://pub.dev"
     source: hosted
-    version: "2.2.4+1"
+    version: "2.2.8+4"
   sqflite_common:
     dependency: transitive
     description:
       name: sqflite_common
-      sha256: bfd6973aaeeb93475bc0d875ac9aefddf7965ef22ce09790eb963992ffc5183f
+      sha256: "8f7603f3f8f126740bc55c4ca2d1027aab4b74a1267a3e31ce51fe40e3b65b8f"
       url: "https://pub.dev"
     source: hosted
-    version: "2.4.2+2"
+    version: "2.4.5+1"
   stack_trace:
     dependency: transitive
     description:
@@ -1359,10 +1392,10 @@ packages:
     dependency: transitive
     description:
       name: synchronized
-      sha256: "33b31b6beb98100bf9add464a36a8dd03eb10c7a8cf15aeec535e9b054aaf04b"
+      sha256: "5fcbd27688af6082f5abd611af56ee575342c30e87541d0245f7ff99faa02c60"
       url: "https://pub.dev"
     source: hosted
-    version: "3.0.1"
+    version: "3.1.0"
   term_glyph:
     dependency: transitive
     description:
@@ -1399,10 +1432,10 @@ packages:
     dependency: transitive
     description:
       name: timezone
-      sha256: "24c8fcdd49a805d95777a39064862133ff816ebfffe0ceff110fb5960e557964"
+      sha256: "1cfd8ddc2d1cfd836bc93e67b9be88c3adaeca6f40a00ca999104c30693cdca0"
       url: "https://pub.dev"
     source: hosted
-    version: "0.9.1"
+    version: "0.9.2"
   timing:
     dependency: transitive
     description:
@@ -1411,14 +1444,22 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.0.1"
+  tuple:
+    dependency: "direct main"
+    description:
+      name: tuple
+      sha256: a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.0.2"
   typed_data:
     dependency: transitive
     description:
       name: typed_data
-      sha256: "26f87ade979c47a150c9eaab93ccd2bebe70a27dc0b4b29517f2904f04eb11a5"
+      sha256: facc8d6582f16042dd49f2463ff1bd6e2c9ef9f3d5da3d9b087e244a7b564b3c
       url: "https://pub.dev"
     source: hosted
-    version: "1.3.1"
+    version: "1.3.2"
   uni_links:
     dependency: "direct main"
     description:
@@ -1447,74 +1488,74 @@ packages:
     dependency: transitive
     description:
       name: universal_io
-      sha256: "79f78ddad839ee3aae3ec7c01eb4575faf0d5c860f8e5223bc9f9c17f7f03cef"
+      sha256: "06866290206d196064fd61df4c7aea1ffe9a4e7c4ccaa8fcded42dd41948005d"
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.4"
+    version: "2.2.0"
   url_launcher:
     dependency: "direct main"
     description:
       name: url_launcher
-      sha256: "698fa0b4392effdc73e9e184403b627362eb5fbf904483ac9defbb1c2191d809"
+      sha256: eb1e00ab44303d50dd487aab67ebc575456c146c6af44422f9c13889984c00f3
       url: "https://pub.dev"
     source: hosted
-    version: "6.1.8"
+    version: "6.1.11"
   url_launcher_android:
     dependency: transitive
     description:
       name: url_launcher_android
-      sha256: "3e2f6dfd2c7d9cd123296cab8ef66cfc2c1a13f5845f42c7a0f365690a8a7dd1"
+      sha256: "15f5acbf0dce90146a0f5a2c4a002b1814a6303c4c5c075aa2623b2d16156f03"
       url: "https://pub.dev"
     source: hosted
-    version: "6.0.23"
+    version: "6.0.36"
   url_launcher_ios:
     dependency: transitive
     description:
       name: url_launcher_ios
-      sha256: bb328b24d3bccc20bdf1024a0990ac4f869d57663660de9c936fb8c043edefe3
+      sha256: "9af7ea73259886b92199f9e42c116072f05ff9bea2dcb339ab935dfc957392c2"
       url: "https://pub.dev"
     source: hosted
-    version: "6.0.18"
+    version: "6.1.4"
   url_launcher_linux:
     dependency: transitive
     description:
       name: url_launcher_linux
-      sha256: "318c42cba924e18180c029be69caf0a1a710191b9ec49bb42b5998fdcccee3cc"
+      sha256: "207f4ddda99b95b4d4868320a352d374b0b7e05eefad95a4a26f57da413443f5"
       url: "https://pub.dev"
     source: hosted
-    version: "3.0.2"
+    version: "3.0.5"
   url_launcher_macos:
     dependency: transitive
     description:
       name: url_launcher_macos
-      sha256: "41988b55570df53b3dd2a7fc90c76756a963de6a8c5f8e113330cb35992e2094"
+      sha256: "1c4fdc0bfea61a70792ce97157e5cc17260f61abbe4f39354513f39ec6fd73b1"
       url: "https://pub.dev"
     source: hosted
-    version: "3.0.2"
+    version: "3.0.6"
   url_launcher_platform_interface:
     dependency: transitive
     description:
       name: url_launcher_platform_interface
-      sha256: "4eae912628763eb48fc214522e58e942fd16ce195407dbf45638239523c759a6"
+      sha256: bfdfa402f1f3298637d71ca8ecfe840b4696698213d5346e9d12d4ab647ee2ea
       url: "https://pub.dev"
     source: hosted
-    version: "2.1.1"
+    version: "2.1.3"
   url_launcher_web:
     dependency: transitive
     description:
       name: url_launcher_web
-      sha256: "44d79408ce9f07052095ef1f9a693c258d6373dc3944249374e30eff7219ccb0"
+      sha256: cc26720eefe98c1b71d85f9dc7ef0cada5132617046369d9dc296b3ecaa5cbb4
       url: "https://pub.dev"
     source: hosted
-    version: "2.0.14"
+    version: "2.0.18"
   url_launcher_windows:
     dependency: transitive
     description:
       name: url_launcher_windows
-      sha256: b6217370f8eb1fd85c8890c539f5a639a01ab209a36db82c921ebeacefc7a615
+      sha256: "7967065dd2b5fccc18c653b97958fdf839c5478c28e767c61ee879f4e7882422"
       url: "https://pub.dev"
     source: hosted
-    version: "3.0.3"
+    version: "3.0.7"
   uuid:
     dependency: "direct main"
     description:
@@ -1523,6 +1564,30 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.0.7"
+  vector_graphics:
+    dependency: transitive
+    description:
+      name: vector_graphics
+      sha256: ea8d3fc7b2e0f35de38a7465063ecfcf03d8217f7962aa2a6717132cb5d43a79
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.1.5"
+  vector_graphics_codec:
+    dependency: transitive
+    description:
+      name: vector_graphics_codec
+      sha256: a5eaa5d19e123ad4f61c3718ca1ed921c4e6254238d9145f82aa214955d9aced
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.1.5"
+  vector_graphics_compiler:
+    dependency: transitive
+    description:
+      name: vector_graphics_compiler
+      sha256: "15edc42f7eaa478ce854eaf1fbb9062a899c0e4e56e775dd73b7f4709c97c4ca"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.1.5"
   vector_math:
     dependency: transitive
     description:
@@ -1551,10 +1616,10 @@ packages:
     dependency: transitive
     description:
       name: web_socket_channel
-      sha256: ca49c0bc209c687b887f30527fb6a9d80040b072cc2990f34b9bec3e7663101b
+      sha256: d88238e5eac9a42bb43ca4e721edba3c08c6354d4a53063afaa568516217621b
       url: "https://pub.dev"
     source: hosted
-    version: "2.3.0"
+    version: "2.4.0"
   webkit_inspection_protocol:
     dependency: transitive
     description:
@@ -1567,10 +1632,10 @@ packages:
     dependency: transitive
     description:
       name: win32
-      sha256: c9ebe7ee4ab0c2194e65d3a07d8c54c5d00bb001b76081c4a04cdb8448b59e46
+      sha256: a6f0236dbda0f63aa9a25ad1ff9a9d8a4eaaa5012da0dc59d21afdb1dc361ca4
       url: "https://pub.dev"
     source: hosted
-    version: "3.1.3"
+    version: "3.1.4"
   xdg_directories:
     dependency: transitive
     description:
@@ -1583,10 +1648,10 @@ packages:
     dependency: transitive
     description:
       name: xml
-      sha256: ac0e3f4bf00ba2708c33fbabbbe766300e509f8c82dbd4ab6525039813f7e2fb
+      sha256: "979ee37d622dec6365e2efa4d906c37470995871fe9ae080d967e192d88286b5"
       url: "https://pub.dev"
     source: hosted
-    version: "6.1.0"
+    version: "6.2.2"
   xmlstream:
     dependency: transitive
     description:
@@ -1599,10 +1664,10 @@ packages:
     dependency: transitive
     description:
       name: yaml
-      sha256: "23812a9b125b48d4007117254bca50abb6c712352927eece9e155207b1db2370"
+      sha256: "75769501ea3489fca56601ff33454fe45507ea3bfb014161abc3b43ae25989d5"
       url: "https://pub.dev"
     source: hosted
-    version: "3.1.1"
+    version: "3.1.2"
 sdks:
-  dart: ">=2.18.0 <3.0.0"
+  dart: ">=2.19.0 <3.0.0"
   flutter: ">=3.7.0"

pubspec.yaml

@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 1.0.41+41
+version: 1.0.55+55
 publish_to: none
 
 environment:
@@ -8,11 +8,14 @@ environment:
 
 dependencies:
   adaptive_theme: ^3.1.0 # done
+  archive: ^3.3.7
+  base32: ^2.1.3
   bip39: ^1.0.6 #done
   bloc: ^8.0.3 #done
   clipboard: ^0.1.3
   collection: # dart
-  computer: ^2.0.0
+  computer:
+    git: "https://github.com/ente-io/computer.git"
   confetti: ^0.7.0
   connectivity: ^3.0.3
   cupertino_icons: ^1.0.0
@@ -41,6 +44,7 @@ dependencies:
     git:
       url: https://github.com/ente-io/flutter_sodium.git
   flutter_speed_dial: ^6.2.0
+  flutter_svg: ^2.0.5
   fluttertoast: ^8.1.1
   google_nav_bar: ^5.0.5 #supported
   http: ^0.13.4
@@ -56,7 +60,10 @@ dependencies:
   password_strength: ^0.2.0
   path_provider: ^2.0.11
   pinput: ^1.2.2
+  pointycastle: ^3.7.3
+  protobuf: ^3.0.0
   qr_code_scanner: ^1.0.1
+  qr_flutter: 4.0.0
   sentry: ^6.12.1
   sentry_flutter: ^6.12.1
   share_plus: ^4.4.0
@@ -64,6 +71,7 @@ dependencies:
   sqflite: ^2.1.0
   step_progress_indicator: ^1.0.2
   styled_text: ^7.0.0
+  tuple: ^2.0.0
   uni_links: ^0.5.1
   url_launcher: ^6.1.5
   uuid: ^3.0.4
@@ -85,6 +93,10 @@ flutter:
   # https://docs:flutter:dev/development/ui/assets-and-images:
   assets:
     - assets/
+    - assets/simple-icons/icons/
+    - assets/simple-icons/_data/
+    - assets/custom-icons/icons/
+    - assets/custom-icons/_data/
 
   fonts:
     - family: Inter

test/app/view/app_test.dart

@@ -1,13 +0,0 @@
-import "dart:ui";
-
-import "package:ente_auth/app/app.dart";
-import "package:flutter_test/flutter_test.dart";
-
-void main() {
-  group("App", () {
-    testWidgets("renders CounterPage", (tester) async {
-      await tester.pumpWidget(const App(locale: Locale("en")));
-      // expect(find.byType(CounterPage), findsOneWidget);
-    });
-  });
-}

test/models/code_test.dart

@@ -19,6 +19,16 @@ void main() {
     expect(code.account, "testdata@ente.io", reason: "accountMismatch");
     expect(code.secret, "ASKZNWOU6SVYAMVS");
   });
+
+  test("validateCount", () {
+    final code = Code.fromRawData(
+      "otpauth://hotp/testdata@ente.io?secret=ASKZNWOU6SVYAMVS&issuer=GitHub&counter=15",
+    );
+    expect(code.issuer, "GitHub", reason: "issuerMismatch");
+    expect(code.account, "testdata@ente.io", reason: "accountMismatch");
+    expect(code.secret, "ASKZNWOU6SVYAMVS");
+    expect(code.counter, 15);
+  });
 //
 
   test("parseWithFunnyAccountName", () {
@@ -29,4 +39,16 @@ void main() {
     expect(code.account, "Acc !@#444", reason: "accountMismatch");
     expect(code.secret, "NI4CTTFEV4G2JFE6");
   });
+
+  test("parseAndUpdateInChinese", () {
+    const String rubberDuckQr =
+        'otpauth://totp/%E6%A9%A1%E7%9A%AE%E9%B8%AD?secret=2CWDCK4EOIN5DJDRMYUMYBBO4MKSR5AX&issuer=ente.io';
+    final code = Code.fromRawData(rubberDuckQr);
+    expect(code.account, '橡皮鸭');
+    final String updatedRawCode =
+        code.copyWith(account: '伍迪', issuer: '鸭子').rawData;
+    final updateCode = Code.fromRawData(updatedRawCode);
+    expect(updateCode.account, '伍迪', reason: 'updated accountMismatch');
+    expect(updateCode.issuer, '鸭子', reason: 'updated issuerMismatch');
+  });
 }

test/widget_test.dart

@@ -1,28 +0,0 @@
-// This is a basic Flutter widget test.
-//
-// To perform an interaction with a widget in your test, use the WidgetTester
-// utility in the flutter_test package. For example, you can send tap and scroll
-// gestures. You can also use WidgetTester to find child widgets in the widget
-// tree, read text, and verify that the values of widget properties are correct.
-
-import "package:ente_auth/app/view/app.dart";
-import "package:flutter_test/flutter_test.dart";
-
-void main() {
-  testWidgets("Counter increments smoke test", (WidgetTester tester) async {
-    // Build our app and trigger a frame.
-    await tester.pumpWidget(const App());
-
-    // Verify that our counter starts at 0.
-    expect(find.text("Get Started"), findsOneWidget);
-    expect(find.text("1"), findsNothing);
-
-    // // Tap the "+" icon and trigger a frame.
-    // await tester.tap(find.byIcon(Icons.add));
-    // await tester.pump();
-    //
-    // // Verify that our counter has incremented.
-    // expect(find.text("0"), findsNothing);
-    // expect(find.text("1"), findsOneWidget);
-  });
-}