Bump version 2.0.22+222

Related to #331

assets/custom-icons/_data/custom-icons.json

@@ -95,6 +95,12 @@
       "title": "La Poste",
 	    "slug": "laposte"
     },
+    {
+      "title": "Mastodon",
+      "altNames": ["mstdn", "fediscience", "mathstodon", "fosstodon"],
+      "slug": "mastodon",
+      "hex": "6364FF"
+    },
     {
       "title": "Microsoft"
     },
@@ -127,6 +133,10 @@
       "title": "Peerberry",
       "hex": "03E5A5"
     },
+    {
+      "title": "Pingvin Share",
+      "hex": "485099"
+    },
     {
       "title": "Plutus",
       "hex": "DEC685"
@@ -227,7 +237,7 @@
     {
       "title": "Skiff",
       "hex": "EF5A3C"
-    }
+    },
     {
       "title": "zzz_dev_test_icon"
     }

assets/custom-icons/icons/mastodon.svg

@@ -0,0 +1 @@
+<svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Mastodon</title><path d="M23.268 5.313c-.35-2.578-2.617-4.61-5.304-5.004C17.51.242 15.792 0 11.813 0h-.03c-3.98 0-4.835.242-5.288.309C3.882.692 1.496 2.518.917 5.127.64 6.412.61 7.837.661 9.143c.074 1.874.088 3.745.26 5.611.118 1.24.325 2.47.62 3.68.55 2.237 2.777 4.098 4.96 4.857 2.336.792 4.849.923 7.256.38.265-.061.527-.132.786-.213.585-.184 1.27-.39 1.774-.753a.057.057 0 0 0 .023-.043v-1.809a.052.052 0 0 0-.02-.041.053.053 0 0 0-.046-.01 20.282 20.282 0 0 1-4.709.545c-2.73 0-3.463-1.284-3.674-1.818a5.593 5.593 0 0 1-.319-1.433.053.053 0 0 1 .066-.054c1.517.363 3.072.546 4.632.546.376 0 .75 0 1.125-.01 1.57-.044 3.224-.124 4.768-.422.038-.008.077-.015.11-.024 2.435-.464 4.753-1.92 4.989-5.604.008-.145.03-1.52.03-1.67.002-.512.167-3.63-.024-5.545zm-3.748 9.195h-2.561V8.29c0-1.309-.55-1.976-1.67-1.976-1.23 0-1.846.79-1.846 2.35v3.403h-2.546V8.663c0-1.56-.617-2.35-1.848-2.35-1.112 0-1.668.668-1.67 1.977v6.218H4.822V8.102c0-1.31.337-2.35 1.011-3.12.696-.77 1.608-1.164 2.74-1.164 1.311 0 2.302.5 2.962 1.498l.638 1.06.638-1.06c.66-.999 1.65-1.498 2.96-1.498 1.13 0 2.043.395 2.74 1.164.675.77 1.012 1.81 1.012 3.12z"/></svg>

assets/custom-icons/icons/pingvinshare.svg

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 943.11 911.62"><script xmlns=""/>
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        fill: #37474f;
+      }
+
+      .cls-3 {
+        fill: #46509e;
+      }
+    </style>
+  </defs>
+  <ellipse class="cls-3" cx="471.56" cy="454.28" rx="471.56" ry="454.28"/>
+  <g>
+    <g>
+      <ellipse class="cls-2" cx="471.56" cy="390.28" rx="233.66" ry="207"/>
+      <path class="cls-2" d="m705.22,848.95c-36.69,21.14-123.09,64.33-240.64,62.57-109.54-1.63-190.04-41.45-226.68-62.57v-454.19h467.33v454.19Z"/>
+    </g>
+    <path class="cls-1" d="m658.81,397.7v475.8c-36.98,15.7-98.93,36.54-177.98,38.04-88.67,1.69-157.75-21.73-196.2-38.04v-475.8c0-95.55,83.77-173.02,187.09-173.02s187.09,77.47,187.09,173.02Z"/>
+    <polygon class="cls-3" points="565.02 431.68 471.56 514.49 378.09 431.68 565.02 431.68"/>
+    <ellipse class="cls-2" cx="378.09" cy="369.58" rx="23.37" ry="20.7"/>
+    <ellipse class="cls-2" cx="565.02" cy="369.58" rx="23.37" ry="20.7"/>
+    <path class="cls-2" d="m658.49,400.63c0-40.04-36.59-72.45-81.78-72.45s-81.78,32.41-81.78,72.45c0,11.14,2.81,21.65,7.9,31.05h-62.54c5.1-9.4,7.9-19.91,7.9-31.05,0-40.04-36.59-72.45-81.78-72.45s-81.78,32.41-81.78,72.45l-46.73-10.35c0-114.32,104.63-207,233.66-207s233.66,92.69,233.66,207l-46.73,10.35Z"/>
+  </g>
+</svg>

lib/core/errors.dart

@@ -41,6 +41,8 @@ class InvalidStateError extends AssertionError {
 
 class KeyDerivationError extends Error {}
 
+class LoginKeyDerivationError extends Error {}
+
 class SrpSetupNotCompleteError extends Error {}
 
 class AuthenticatorKeyNotFound extends Error {}

lib/l10n/arb/app_en.arb

@@ -1,5 +1,6 @@
 {
   "account": "Account",
+  "unlock": "Unlock",
   "recoveryKey": "Recovery key",
   "counterAppBarTitle": "Counter",
   "@counterAppBarTitle": {
@@ -85,6 +86,7 @@
   "importSelectJsonFile": "Select JSON file",
   "importEnteEncGuide": "Select the encrypted JSON file exported from ente",
   "importRaivoGuide": "Use the \"Export OTPs to Zip archive\" option in Raivo's Settings.\n\nExtract the zip file and import the JSON file.",
+  "importBitwardenGuide": "Use the \"Export vault\" option within Bitwarden Tools and import the unencrypted JSON file.",
   "importAegisGuide": "Use the \"Export the vault\" option in Aegis's Settings.\n\nIf your vault is encrypted, you will need to enter vault password to decrypt the vault.",
   "exportCodes": "Export codes",
   "importLabel": "Import",
@@ -97,6 +99,8 @@
   "authToViewYourRecoveryKey": "Please authenticate to view your recovery key",
   "authToChangeYourEmail": "Please authenticate to change your email",
   "authToChangeYourPassword": "Please authenticate to change your password",
+  "authToViewSecrets": "Please authenticate to view your secrets",
+  "authToInitiateSignIn": "Please authenticate to initiate sign in for backup.",
   "ok": "Ok",
   "cancel": "Cancel",
   "yes": "Yes",
@@ -126,6 +130,7 @@
   "faq_q_5": "How can I enable FaceID lock in ente Auth",
   "faq_a_5": "You can enable FaceID lock under Settings → Security → Lockscreen.",
   "somethingWentWrongMessage": "Something went wrong, please try again",
+
   "leaveFamily": "Leave family",
   "leaveFamilyMessage": "Are you sure that you want to leave the family plan?",
   "inFamilyPlanMessage": "You are on a family plan!",
@@ -329,6 +334,7 @@
   "offlineModeWarning": "You have chosen to proceed without backups. Please take manual backups to make sure your codes are safe.",
   "showLargeIcons": "Show large icons",
   "shouldHideCode": "Hide codes",
+  "doubleTapToViewHiddenCode" : "You can double tap on an entry to view code",
   "focusOnSearchBar": "Focus search on app start",
   "confirmUpdatingkey": "Are you sure you want to update the secret key?",
   "minimizeAppOnCopy":  "Minimize app on copy",
@@ -336,5 +342,59 @@
   "deleteCodeAuthMessage": "Authenticate to delete code",
   "showQRAuthMessage": "Authenticate to show QR code",
   "confirmAccountDeleteTitle": "Confirm account deletion",
-  "confirmAccountDeleteMessage": "This account is linked to other ente apps, if you use any.\n\nYour uploaded data, across all ente apps, will be scheduled for deletion, and your account will be permanently deleted."
+  "confirmAccountDeleteMessage": "This account is linked to other ente apps, if you use any.\n\nYour uploaded data, across all ente apps, will be scheduled for deletion, and your account will be permanently deleted.",
+  "androidBiometricHint": "Verify identity",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "Not recognized. Try again.",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Success",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "Cancel",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "Authentication required",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "Biometric required",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "Device credentials required",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsSetupDescription": "Device credentials required",
+  "@androidDeviceCredentialsSetupDescription": {
+    "description": "Message advising the user to go to the settings and configure device credentials on their device. It shows in a dialog on Android side."
+  },
+  "goToSettings": "Go to settings",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "Biometric authentication is not set up on your device. Go to 'Settings > Security' to add biometric authentication.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Biometric authentication is disabled. Please lock and unlock your screen to enable it.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Biometric authentication is not set up on your device. Please either enable Touch ID or Face ID on your phone.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "OK",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "noInternetConnection": "No internet connection",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Please check your internet connection and try again."
 }

lib/l10n/arb/app_es.arb

@@ -334,5 +334,7 @@
   "minimizeAppOnCopy": "Minimizar aplicación al copiar",
   "editCodeAuthMessage": "Autenticar para editar código",
   "deleteCodeAuthMessage": "Autenticar para borrar código",
-  "showQRAuthMessage": "Autenticar para mostrar código QR"
+  "showQRAuthMessage": "Autenticar para mostrar código QR",
+  "confirmAccountDeleteTitle": "Confirmar eliminación de la cuenta",
+  "confirmAccountDeleteMessage": "Esta cuenta está vinculada a otras aplicaciones de ente, si utiliza alguna.\n\nSe programará la eliminación de los datos que cargue en todas las aplicaciones de ente y su cuenta se eliminará permanentemente."
 }

lib/l10n/arb/app_fr.arb

@@ -334,5 +334,7 @@
   "minimizeAppOnCopy": "Réduire l'application après la copie",
   "editCodeAuthMessage": "Authentification requise pour modifier le code",
   "deleteCodeAuthMessage": "Authentification requise pour supprimer le code",
-  "showQRAuthMessage": "Authentification requise pour afficher le code QR"
+  "showQRAuthMessage": "Authentification requise pour afficher le code QR",
+  "confirmAccountDeleteTitle": "Confirmer la suppression du compte",
+  "confirmAccountDeleteMessage": "Ce compte peut être lié à d'autres applications ente.\n\nVos données seront bientôt effacées de toutes les applications et votre compte sera définitivement supprimé."
 }

lib/l10n/arb/app_ja.arb

@@ -1,32 +1,37 @@
 {
   "account": "アカウント",
   "recoveryKey": "回復キー",
-  "counterAppBarTitle": "カウンタ",
+  "counterAppBarTitle": "カウンター",
   "@counterAppBarTitle": {
     "description": "Text shown in the AppBar of the Counter Page"
   },
-  "onBoardingBody": "2要素認証コードの保護",
+  "onBoardingBody": "2要素認証コードを安全にバックアップ",
   "onBoardingGetStarted": "さあ、はじめよう",
   "setupFirstAccount": "最初のアカウントを設定しましょう",
-  "importScanQrCode": "QRコードをスキャン",
-  "importEnterSetupKey": "セットアップキーを入力",
+  "importScanQrCode": "QR コードを読み取り",
+  "qrCode": "QR コード",
+  "importEnterSetupKey": "手動で入力",
   "importAccountPageTitle": "アカウントの詳細を入力",
+  "secretCanNotBeEmpty": "秘密鍵は空欄にできません",
+  "bothIssuerAndAccountCanNotBeEmpty": "発行者とアカウントの両方を空欄にはできません",
+  "incorrectDetails": "不正な詳細",
+  "pleaseVerifyDetails": "詳細を確認し、もう一度お試しください",
   "codeIssuerHint": "発行者",
-  "codeSecretKeyHint": "シークレットキー",
+  "codeSecretKeyHint": "秘密鍵",
   "codeAccountHint": "アカウント (you@domain.com)",
-  "accountKeyType": "キーの種類",
-  "sessionExpired": "セッションの有効期間超過",
+  "accountKeyType": "鍵の種類",
+  "sessionExpired": "セッションが失効しました",
   "@sessionExpired": {
     "description": "Title of the dialog when the users current session is invalid/expired"
   },
   "pleaseLoginAgain": "再度ログインしてください",
   "loggingOut": "ログアウト中...",
   "timeBasedKeyType": "時間ベース (TOTP)",
-  "counterBasedKeyType": "カウンタベース (HOTP)",
+  "counterBasedKeyType": "カウンターベース (HOTP)",
   "saveAction": "保存",
   "nextTotpTitle": "次へ",
-  "deleteCodeTitle": "コードを削除しますか?",
-  "deleteCodeMessage": "このコードを削除してもよろしいですか? このアクションは元に戻せません。",
+  "deleteCodeTitle": "コードを削除しますか？",
+  "deleteCodeMessage": "本当にこのコードを削除してもよろしいですか？この決定は元に戻せません。",
   "viewLogsAction": "ログの表示",
   "sendLogsDescription": "問題のデバッグに役立つログが送信されます。機密情報が記録されないように予防措置を講じていますが、共有する前にこれらのログを確認することをお勧めします。",
   "preparingLogsTitle": "ログを準備中...",
@@ -40,7 +45,7 @@
     }
   },
   "copyEmailAction": "メールをコピー",
-  "exportLogsAction": "ログのエクスポート",
+  "exportLogsAction": "ログをエクスポート",
   "reportABug": "バグを報告",
   "crashAndErrorReporting": "クラッシュとエラーの報告",
   "reportBug": "バグを報告",
@@ -53,25 +58,41 @@
     }
   },
   "contactSupport": "サポートに問い合わせ",
+  "rateUsOnStore": "{storeName} で評価",
+  "blog": "ブログ",
+  "merchandise": "グッズ",
   "verifyPassword": "パスワードを確認",
   "pleaseWait": "お待ちください...",
-  "generatingEncryptionKeysTitle": "暗号化キーを生成中...",
-  "recreatePassword": "パスワードを再設定",
-  "recreatePasswordMessage": "現在のデバイスは、パスワードを確認するのに十分ではありません。全てのデバイスで利用できるように再生成する必要があります。\n\nリカバリーキーを使用してログインし、パスワードを再生成してください (ご希望の場合は再度同じパスワードを使用できます)",
+  "generatingEncryptionKeysTitle": "暗号化鍵を生成中...",
+  "recreatePassword": "パスワードを再作成",
+  "recreatePasswordMessage": "現在のデバイスは、パスワードを確認するのに十分ではありません。全てのデバイスで利用できるように再生成する必要があります。\n\n回復キーを使用してログインし、パスワードを再生成してください (ご希望の場合は再度同じパスワードを使用できます)",
   "useRecoveryKey": "回復キーを使用",
   "incorrectPasswordTitle": "パスワードが正しくありません",
-  "welcomeBack": "おかえりなさい!",
+  "welcomeBack": "おかえりなさい！",
   "madeWithLoveAtPrefix": "made with ❤️ at ",
   "supportDevs": "プロジェクト支援のために <bold-green>ente</bold-green> に登録",
-  "supportDiscount": "クーポンコード \"AUTH\" を使用すると、初年度が10%オフになります。",
+  "supportDiscount": "クーポンコード \"AUTH\" の使用で初年度が 10% オフに",
   "changeEmail": "メールアドレスを変更",
   "changePassword": "パスワードを変更",
   "data": "データ",
   "importCodes": "コードをインポート",
+  "importTypePlainText": "プレーンテキスト",
+  "importTypeEnteEncrypted": "ente 暗号化エクスポート",
+  "passwordForDecryptingExport": "復号化用パスワード",
+  "passwordEmptyError": "パスワードは空欄にできません",
+  "importFromApp": "{appName} からコードをインポート",
+  "importGoogleAuthGuide": "Google Authenticator の \"アカウントを転送\" オプションを使用してあなたのアカウントを QR コードにエクスポートしてください。その後、他のデバイスで QR コードを読み取ってください。\n\nヒント: ノートパソコンのウェブカメラを使用して QR コードを撮影することができます。",
+  "importSelectJsonFile": "JSON ファイルを選択",
+  "importEnteEncGuide": "ente からエクスポートされた暗号化 JSON ファイルを選択",
+  "importRaivoGuide": "Raivo の設定の \"OTP を zip アーカイブにエクスポート\" を使用してください。\n\nzip ファイルを解凍し JSON ファイルをインポートしてください。",
+  "importAegisGuide": "Aegis の設定の \"保管庫をエクスポート\" を使用してください。\n\n保管庫が暗号化されている場合、保管庫を復号するためにパスワードの入力が必要になります。",
   "exportCodes": "コードをエクスポート",
-  "importInstruction": "以下のフォーマットで、コードのリストを含むファイルを選択してください",
+  "importLabel": "インポート",
+  "importInstruction": "以下の形式のコードのリストを含むファイルを選択してください",
   "importCodeDelimiterInfo": "コードはカンマまたは改行で区切ることができます",
   "selectFile": "ファイルを選択",
+  "emailVerificationToggle": "メール認証",
+  "authToChangeEmailVerificationSetting": "メール認証を変更するためには認証が必要です",
   "authToViewYourRecoveryKey": "回復キーを表示するためには認証が必要です",
   "authToChangeYourEmail": "メールアドレスを変更するためには認証が必要です",
   "authToChangeYourPassword": "パスワードを変更するためには認証が必要です",
@@ -79,8 +100,9 @@
   "cancel": "キャンセル",
   "yes": "はい",
   "no": "いいえ",
-  "email": "Eメール",
+  "email": "E メール",
   "support": "サポート",
+  "general": "一般",
   "settings": "設定",
   "copied": "コピーしました",
   "pleaseTryAgain": "再度お試しください",
@@ -90,6 +112,12 @@
   "enterYourPasswordHint": "パスワードを入力してください",
   "forgotPassword": "パスワードを忘れた場合",
   "oops": "おっと",
+  "suggestFeatures": "機能を提案",
+  "faq": "FAQ",
+  "faq_q_1": "ente Auth はどのくらい安全ですか？",
+  "faq_a_1": "ente でバックアップされたすべてのコードはエンドツーエンドで暗号化されて保管されます。これはあなただけがコードにアクセスできることを意味します。私たちのアプリはオープンソースであり、私たちの暗号は外部有識者によって検証済みです。",
+  "faq_q_2": "パソコンから私のコードにアクセスできますか？",
+  "faq_a_2": "auth.ente.io で Web からコードにアクセス可能です。",
   "somethingWentWrongMessage": "問題が発生しました、再試行してください",
   "leaveFamily": "ファミリーから退会",
   "leaveFamilyMessage": "本当にファミリープランを退会しますか?",

lib/l10n/arb/app_ka.arb

@@ -0,0 +1,92 @@
+{
+  "account": "ანგარიში",
+  "unlock": "განბლოკვა",
+  "recoveryKey": "აღდგენის კოდი",
+  "counterAppBarTitle": "მრიცხველზე დაფუძნებული",
+  "@counterAppBarTitle": {
+    "description": "Text shown in the AppBar of the Counter Page"
+  },
+  "onBoardingBody": "შექმენით თქვენი ორმხრივი აუთენთიფიკაციის კოდების სარეზერვო ასლი უსაფრთხოდ",
+  "onBoardingGetStarted": "დაწყება",
+  "setupFirstAccount": "დააყენეთ თქვენი პირველი ანგარიში",
+  "importScanQrCode": "QR კოდის დასკანერება",
+  "qrCode": "QR კოდი",
+  "importEnterSetupKey": "შეიყვანეთ დაყენების კოდი",
+  "importAccountPageTitle": "შეიყვანეთ ანგარიშის დეტალები",
+  "secretCanNotBeEmpty": "გასაღების ველი არ შეიძლება ცარიელი იყოს",
+  "bothIssuerAndAccountCanNotBeEmpty": "ანგარიშის მომწოდებლისა და ანგარიშის ველი არ შეიძლება ცარიელი იყოს",
+  "incorrectDetails": "არასწორი მონაცემები",
+  "pleaseVerifyDetails": "გთხოვთ, გადაამოწმოთ დეტალები და სცადოთ ხელახლა",
+  "codeIssuerHint": "მომწოდებელი",
+  "codeSecretKeyHint": "გასაღები",
+  "codeAccountHint": "ანგარიში (you@domain.com)",
+  "accountKeyType": "გასაღების ტიპი",
+  "sessionExpired": "სესიის დრო ამოიწურა",
+  "@sessionExpired": {
+    "description": "Title of the dialog when the users current session is invalid/expired"
+  },
+  "pleaseLoginAgain": "გთხოვთ, გაიაროთ ავტორიზაცია ხელახლა",
+  "loggingOut": "მიმდინარეობს გამოსვლა...",
+  "timeBasedKeyType": "დროზე დაფუძნებული (TOTP)",
+  "counterBasedKeyType": "მრიცხველზე დაფუძნებული (HOTP)",
+  "saveAction": "შენახვა",
+  "nextTotpTitle": "შემდეგი",
+  "deleteCodeTitle": "გსურთ კოდის წაშლა?",
+  "deleteCodeMessage": "დარწმუნებული ხართ რომ გსურთ ამ კოდის წაშლა? ამ მოქმედების გაუქმება შეუძლებელია.",
+  "viewLogsAction": "აღრიცხვის ფაილების ნახვა",
+  "sendLogsDescription": "თქვენი პრობლემის აღმოსაფხვრელად, ეს ქმედება გააგზავნის აღრიცხვის ფაილებს. მიუხედავად იმისა, რომ ჩვენ ვიღებთ უსაფრთხოების ზომებს, რათა სენსიტიური ინფორმაცია არ მოხვდეს აღრიცხვის ფაილებში, გაგზავნამდე, გირჩევთ, გადახედოთ აღრიცხვის ფაილებს.",
+  "preparingLogsTitle": "მიმდინარეობს აღრიცხვის ფაილების მზადება...",
+  "emailLogsTitle": "აღრიცხვის ფაილების ელექტრონული ფოსტით გაგზავნა",
+  "emailLogsMessage": "გთხოვთ, გამოაგზავნოთ აღრიცხვის ფაილები {email}-ზე",
+  "@emailLogsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "copyEmailAction": "ელექტრონული ფოსტის დაკოპირება",
+  "exportLogsAction": "აღრიცხვის ფაილების ექსპორტირება",
+  "reportABug": "პრობლემის შესახებ შეტყობინება",
+  "crashAndErrorReporting": "აპლიკაციის ხარვეზის & პრობლემის შეტყობინება",
+  "reportBug": "პრობლემის შეტყობინება",
+  "emailUsMessage": "გთხოვთ, მოგვწეროთ ელექტრონულ ფოსტაზე {email}",
+  "@emailUsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "contactSupport": "მხარდაჭერის გუნდთან დაკავშირება",
+  "rateUsOnStore": "შეგვაფასეთ {storeName}-ზე",
+  "blog": "ბლოგი",
+  "merchandise": "მერჩანტი",
+  "verifyPassword": "პაროლის დასტური",
+  "pleaseWait": "გთხოვთ, დაელოდოთ...",
+  "generatingEncryptionKeysTitle": "მიმდინარეობს დაშიფრვის გასაღებების გენერირება...",
+  "recreatePassword": "პაროლის ხელახლა შექმნა",
+  "incorrectPasswordTitle": "არასწორი პაროლი",
+  "welcomeBack": "კეთილი იყოს თქვენი დაბრუნება!",
+  "madeWithLoveAtPrefix": "შეიქმნა ❤️ ",
+  "changeEmail": "ელექტრონული ფოსტის შეცვლა",
+  "changePassword": "პაროლის შეცვლა",
+  "data": "მონაცემები",
+  "importCodes": "კოდების იმპორტირება",
+  "importTypePlainText": "სტანდარტული ტექსტი",
+  "importTypeEnteEncrypted": "ente დაშიფრული ექსპორტი",
+  "passwordForDecryptingExport": "ექსპორტის გაშიფრვის პაროლი",
+  "passwordEmptyError": "პაროლის ველი არ შეიძლება იყოს ცარიელი",
+  "emailVerificationToggle": "ელექტრონული ფოსტის ვერიფიკაცია",
+  "cancel": "გაუქმება",
+  "yes": "დიახ",
+  "no": "არა",
+  "email": "ელექტრონული ფოსტა",
+  "support": "მხარდაჭერა",
+  "general": "ზოგადი",
+  "settings": "პარამეტრები",
+  "copied": "დაკოპირებულია",
+  "pleaseTryAgain": "გთხოვთ, სცადოთ ხელახლა",
+  "existingUser": "არსებული მომხმარებელი",
+  "delete": "წაშლა"
+}

lib/l10n/arb/app_nl.arb

@@ -92,6 +92,7 @@
   "importCodeDelimiterInfo": "De codes mogen gescheiden worden door een komma of een nieuwe regel",
   "selectFile": "Bestand selecteren",
   "emailVerificationToggle": "E-mailverificatie",
+  "emailVerificationEnableWarning": "Als u de 2FA van uw e-mail bij ons opslaat, kan de verificatie van die e-mail resulteren in een riskante impasse. Als u bent uitgesloten van een van beide diensten, kunt u zich mogelijk niet meer aanmelden bij de andere.",
   "authToChangeEmailVerificationSetting": "Gelieve te verifiëren om de e-mailverificatie te wijzigen",
   "authToViewYourRecoveryKey": "Graag verifiëren om uw herstelsleutel te bekijken",
   "authToChangeYourEmail": "Graag verifiëren om je e-mailadres te wijzigen",
@@ -327,8 +328,13 @@
   "sigInBackupReminder": "Exporteer de codes zodat je een back-up hebt waarvandaan je kan herstellen.",
   "offlineModeWarning": "Je hebt ervoor gekozen om verder te gaan zonder back-ups. Neem handmatige back-ups om ervoor te zorgen dat jouw codes veilig zijn.",
   "showLargeIcons": "Grote iconen",
+  "shouldHideCode": "Verberg codes",
   "focusOnSearchBar": "Focus zoekveld na starten app",
+  "confirmUpdatingkey": "Weet u zeker dat u de geheime sleutel wilt bijwerken?",
+  "minimizeAppOnCopy": "Na kopiëren app minimaliseren",
   "editCodeAuthMessage": "Authenticeren om code te bewerken",
   "deleteCodeAuthMessage": "Authenticeren om code te verwijderen",
-  "showQRAuthMessage": "Authenticeren om QR-code te tonen"
+  "showQRAuthMessage": "Authenticeren om QR-code te tonen",
+  "confirmAccountDeleteTitle": "Account verwijderen bevestigen",
+  "confirmAccountDeleteMessage": "Dit account is gekoppeld aan andere ente apps, als je er gebruik van maakt.\n\nJe geüploade gegevens worden in alle ente apps gepland voor verwijdering, en je account wordt permanent verwijderd voor alle ente diensten."
 }

lib/l10n/arb/app_pl.arb

@@ -334,5 +334,7 @@
   "minimizeAppOnCopy": "Minimalizuj aplikację przy kopiowaniu",
   "editCodeAuthMessage": "Uwierzytelnij, aby edytować kod",
   "deleteCodeAuthMessage": "Uwierzytelnij, aby usunąć kod",
-  "showQRAuthMessage": "Uwierzytelnij, aby pokazać kod QR"
+  "showQRAuthMessage": "Uwierzytelnij, aby pokazać kod QR",
+  "confirmAccountDeleteTitle": "Potwierdź usunięcie konta",
+  "confirmAccountDeleteMessage": "To konto jest połączone z innymi aplikacjami ente, jeśli ich używasz.\n\nTwoje przesłane dane, we wszystkich aplikacjach ente, zostaną zaplanowane do usunięcia, a Twoje konto zostanie trwale usunięte."
 }

lib/l10n/arb/app_ru.arb

@@ -1,5 +1,6 @@
 {
   "account": "Аккаунт",
+  "unlock": "Разблокировать",
   "recoveryKey": "Ключ восстановления",
   "counterAppBarTitle": "Счетчик",
   "@counterAppBarTitle": {
@@ -85,6 +86,7 @@
   "importSelectJsonFile": "Выбрать JSON-файл",
   "importEnteEncGuide": "Выберите зашифрованный JSON-файл, экспортированный из ente",
   "importRaivoGuide": "Используйте опцию «Export OTPs to Zip archive» в настройках Raivo.\n\nРаспакуйте zip-архив и импортируйте JSON-файл.",
+  "importBitwardenGuide": "Используйте опцию \"Экспортировать хранилище\" в Bitwarden Tools и импортируйте незашифрованный JSON файл.",
   "importAegisGuide": "Используйте опцию «Экспортировать хранилище» в настройках Aegis.\n\nЕсли ваше хранилище зашифровано, то для его расшифровки потребуется ввести пароль хранилища.",
   "exportCodes": "Экспортировать коды",
   "importLabel": "Импорт",
@@ -92,16 +94,19 @@
   "importCodeDelimiterInfo": "Коды могут быть разделены запятой или новой строкой",
   "selectFile": "Выбрать файл",
   "emailVerificationToggle": "Подтверждение электронной почты",
+  "emailVerificationEnableWarning": "Если вы храните у нас двухфакторную аутентификацию в своей электронной почте, включение проверки электронной почты может привести к тупиковой ситуации. Если у вас заблокирован доступ к одной службе, возможно, вы не сможете войти в другую.",
   "authToChangeEmailVerificationSetting": "Авторизуйтесь, чтобы изменить подтверждение электронной почты",
   "authToViewYourRecoveryKey": "Пожалуйста, авторизуйтесь для просмотра вашего ключа восстановления",
   "authToChangeYourEmail": "Пожалуйста, авторизуйтесь, чтобы изменить адрес электронной почты",
   "authToChangeYourPassword": "Пожалуйста, авторизуйтесь, чтобы изменить пароль",
+  "authToViewSecrets": "Пожалуйста, авторизуйтесь для просмотра ваших секретов",
   "ok": "Ок",
   "cancel": "Отменить",
   "yes": "Да",
   "no": "Нет",
   "email": "Электронная почта",
   "support": "Поддержка",
+  "general": "Общие",
   "settings": "Настройки",
   "copied": "Скопировано",
   "pleaseTryAgain": "Пожалуйста, попробуйте ещё раз",
@@ -181,6 +186,7 @@
   "enterDetailsManually": "Ввести детали вручную",
   "edit": "Редактировать",
   "copiedToClipboard": "Скопировано",
+  "copiedNextToClipboard": "Следующий код скопирован в буфер обмена",
   "error": "Ошибка",
   "recoveryKeyCopiedToClipboard": "Ключ восстановления скопирован в буфер обмена",
   "recoveryKeyOnForgotPassword": "Если вы забыли свой пароль, то восстановить данные можно только с помощью этого ключа.",
@@ -251,6 +257,10 @@
   "privacy": "Конфиденциальность",
   "terms": "Условия использования",
   "checkForUpdates": "Проверить наличие обновлений",
+  "downloadUpdate": "Скачать",
+  "criticalUpdateAvailable": "Доступно критическое обновление",
+  "updateAvailable": "Доступно обновление",
+  "update": "Обновить",
   "checking": "Проверка...",
   "youAreOnTheLatestVersion": "Вы используете последнюю версию",
   "warning": "Предупреждение",
@@ -315,7 +325,71 @@
   "plainText": "Обычный текст",
   "passwordToEncryptExport": "Пароль для шифрования экспорта",
   "export": "Экспорт",
+  "useOffline": "Использовать без резервных копий",
+  "signInToBackup": "Войдите в систему, чтобы создать резервную копию своих кодов",
+  "singIn": "Войти",
+  "sigInBackupReminder": "Экспортируйте свои коды, чтобы убедиться, что у вас есть резервная копия, из которой можно восстановить.",
+  "offlineModeWarning": "Вы решили продолжить без резервных копий. Пожалуйста, создайте резервные копии вручную, чтобы убедиться, что ваши коды в безопасности.",
+  "showLargeIcons": "Показать большие значки",
+  "shouldHideCode": "Скрыть коды",
+  "focusOnSearchBar": "Фокусировать поиск при запуске приложения",
+  "confirmUpdatingkey": "Вы уверены, что хотите обновить секретный ключ?",
+  "minimizeAppOnCopy": "Свернуть приложение при копировании",
   "editCodeAuthMessage": "Аутентификация для редактирования кода",
   "deleteCodeAuthMessage": "Аутентификация для удаления кода",
-  "showQRAuthMessage": "Аутентификация для отображения QR-кода"
+  "showQRAuthMessage": "Аутентификация для отображения QR-кода",
+  "confirmAccountDeleteTitle": "Подтвердить удаление аккаунта",
+  "confirmAccountDeleteMessage": "Эта учетная запись связана с другими приложениями ente, если вы ими пользуетесь.\n\nЗагруженные вами данные во всех приложениях ente будут запланированы к удалению, а ваша учетная запись будет удалена без возможности восстановления.",
+  "androidBiometricHint": "Подтвердите личность",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "Не распознано. Попробуйте еще раз.",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Успех",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "Отменить",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "Требуется аутентификация",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "Требуется биометрия",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "Требуются учетные данные устройства",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsSetupDescription": "Требуются учетные данные устройства",
+  "@androidDeviceCredentialsSetupDescription": {
+    "description": "Message advising the user to go to the settings and configure device credentials on their device. It shows in a dialog on Android side."
+  },
+  "goToSettings": "Перейдите к настройкам",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "Биометрическая аутентификация не настроена на вашем устройстве. Перейдите в \"Настройки > Безопасность\", чтобы добавить биометрическую аутентификацию.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Биометрическая аутентификация отключена. Пожалуйста, заблокируйте и разблокируйте экран, чтобы включить ее.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Биометрическая аутентификация не настроена на вашем устройстве. Пожалуйста, включите Touch ID или Face ID на вашем телефоне.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "ОК",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  }
 }

lib/l10n/arb/app_zh.arb

@@ -1,5 +1,6 @@
 {
   "account": "账户",
+  "unlock": "解锁",
   "recoveryKey": "恢复密钥",
   "counterAppBarTitle": "计数器",
   "@counterAppBarTitle": {
@@ -85,6 +86,7 @@
   "importSelectJsonFile": "选择 JSON 文件",
   "importEnteEncGuide": "选择从ente导出的加密JSON文件",
   "importRaivoGuide": "使用 Raivo 设置中的“将 OTP 导出到 Zip 存档”选项。\n\n解压 zip 文件并导入 JSON 文件。",
+  "importBitwardenGuide": "使用 Bitwarden 工具中的“导出保管库”选项并导入未加密的 JSON 文件。",
   "importAegisGuide": "在Aegis的设置中使用\"导出密码库\"选项。\n\n如果您的密码库已加密，您需要输入密码才能解密密码库。",
   "exportCodes": "导出代码",
   "importLabel": "导入",
@@ -97,6 +99,7 @@
   "authToViewYourRecoveryKey": "请验证以查看您的恢复密钥",
   "authToChangeYourEmail": "请验证以更改您的电子邮件",
   "authToChangeYourPassword": "请验证以更改密码",
+  "authToViewSecrets": "请进行身份验证以查看您的秘密",
   "ok": "好的",
   "cancel": "取消",
   "yes": "是",
@@ -336,5 +339,59 @@
   "deleteCodeAuthMessage": "删除代码需要身份验证",
   "showQRAuthMessage": "显示QR码需要身份验证",
   "confirmAccountDeleteTitle": "确认删除账户",
-  "confirmAccountDeleteMessage": "该账户已链接到其他ente旗下的应用程序（如果您使用任何相关的应用程序）。\n\n您在所有ente旗下应用程序中上传的数据都将被安排删除，并且您的账户将被永久删除。"
+  "confirmAccountDeleteMessage": "该账户已链接到其他ente旗下的应用程序（如果您使用任何相关的应用程序）。\n\n您在所有ente旗下应用程序中上传的数据都将被安排删除，并且您的账户将被永久删除。",
+  "androidBiometricHint": "验证身份",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "未能识别。再试一次。",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "成功",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "取消",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "需要进行身份验证",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "需要进行生物识别认证",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "需要设备凭据",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsSetupDescription": "需要设备凭据",
+  "@androidDeviceCredentialsSetupDescription": {
+    "description": "Message advising the user to go to the settings and configure device credentials on their device. It shows in a dialog on Android side."
+  },
+  "goToSettings": "前往设置",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "您的设备上未设置生物识别身份验证。转到“设置 > 安全”以添加生物识别身份验证。",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "生物识别身份验证已禁用。请锁定再解锁您的屏幕以启用它。",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "您的设备上未设置生物识别身份验证。请在您的手机上启用 触控 ID 或 面容 ID。",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "好的",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "noInternetConnection": "无互联网连接",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "请检查您的互联网连接，然后重试。"
 }

lib/services/local_authentication_service.dart

@@ -1,5 +1,3 @@
-
-
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/ui/tools/app_lock.dart';
 import 'package:ente_auth/utils/auth_util.dart';
@@ -19,7 +17,7 @@ class LocalAuthenticationService {
   ) async {
     if (await _isLocalAuthSupportedOnDevice()) {
       AppLock.of(context)!.setEnabled(false);
-      final result = await requestAuthentication(infoMessage);
+      final result = await requestAuthentication(context, infoMessage);
       AppLock.of(context)!.setEnabled(
         Configuration.instance.shouldShowLockScreen(),
       );
@@ -43,6 +41,7 @@ class LocalAuthenticationService {
     if (await LocalAuthentication().isDeviceSupported()) {
       AppLock.of(context)!.disable();
       final result = await requestAuthentication(
+        context,
         infoMessage,
       );
       if (result) {

lib/services/update_service.dart

@@ -1,5 +1,3 @@
-
-
 import 'dart:io';
 
 import 'package:ente_auth/core/constants.dart';
@@ -94,7 +92,7 @@ class UpdateService {
     // Note: in auth, currently we don't have a way to identify if the
     // app was installed from play store, f-droid or github based on pkg name
     if (Platform.isAndroid) {
-      if(flavor == "playstore") {
+      if (flavor == "playstore") {
         return const Tuple2(
           "Play Store",
           "market://details??id=io.ente.auth",
@@ -120,8 +118,7 @@ class UpdateService {
       // Fall back if we fail to open play-store market app on android
       if (Platform.isAndroid && url.startsWith("market://")) {
         launchUrlString(
-          "https://play.google.com/store/apps/details?id=io"
-              ".ente.auth",
+          "https://play.google.com/store/apps/details?id=io.ente.auth",
           mode: LaunchMode.externalApplication,
         ).ignore();
       }
@@ -129,7 +126,8 @@ class UpdateService {
   }
 
   bool isIndependent() {
-    return flavor == "independent" || _packageInfo.packageName.endsWith("independent");
+    return flavor == "independent" ||
+        _packageInfo.packageName.endsWith("independent");
   }
 }
 

lib/services/user_service.dart

@@ -24,13 +24,12 @@ import 'package:ente_auth/ui/account/ott_verification_page.dart';
 import 'package:ente_auth/ui/account/password_entry_page.dart';
 import 'package:ente_auth/ui/account/password_reentry_page.dart';
 import 'package:ente_auth/ui/account/recovery_page.dart';
-import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/common/progress_dialog.dart';
 import 'package:ente_auth/ui/home_page.dart';
 import 'package:ente_auth/ui/two_factor_authentication_page.dart';
 import 'package:ente_auth/ui/two_factor_recovery_page.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
-import 'package:ente_auth/utils/email_util.dart';
 import 'package:ente_auth/utils/toast_util.dart';
 import "package:flutter/foundation.dart";
 import 'package:flutter/material.dart';
@@ -48,7 +47,7 @@ class UserService {
   static const keyUserDetails = "user_details";
   static const kCanDisableEmailMFA = "can_disable_email_mfa";
   static const kIsEmailMFAEnabled = "is_email_mfa_enabled";
-  final  SRP6GroupParameters kDefaultSrpGroup = SRP6StandardGroups.rfc5054_4096;
+  final SRP6GroupParameters kDefaultSrpGroup = SRP6StandardGroups.rfc5054_4096;
   final _dio = Network.instance.getDio();
   final _enteDio = Network.instance.enteDio;
   final _logger = Logger((UserService).toString());
@@ -68,12 +67,12 @@ class UserService {
   }
 
   Future<void> sendOtt(
-      BuildContext context,
-      String email, {
-        bool isChangeEmail = false,
-        bool isCreateAccountScreen = false,
-        bool isResetPasswordScreen = false,
-      }) async {
+    BuildContext context,
+    String email, {
+    bool isChangeEmail = false,
+    bool isCreateAccountScreen = false,
+    bool isResetPasswordScreen = false,
+  }) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -122,17 +121,16 @@ class UserService {
   }
 
   Future<void> sendFeedback(
-      BuildContext context,
-      String feedback, {
-        String type = "SubCancellation",
-      }) async {
+    BuildContext context,
+    String feedback, {
+    String type = "SubCancellation",
+  }) async {
     await _dio.post(
       _config.getHttpEndpoint() + "/anonymous/feedback",
       data: {"feedback": feedback, "type": "type"},
     );
   }
 
-
   Future<UserDetails> getUserDetailsV2({
     bool memoryCount = false,
     bool shouldCache = true,
@@ -146,9 +144,11 @@ class UserService {
       );
       final userDetails = UserDetails.fromMap(response.data);
       if (shouldCache) {
-        if(userDetails.profileData != null) {
-          _preferences.setBool(kIsEmailMFAEnabled, userDetails.profileData!.isEmailMFAEnabled);
-          _preferences.setBool(kCanDisableEmailMFA, userDetails.profileData!.canDisableEmailMFA);
+        if (userDetails.profileData != null) {
+          _preferences.setBool(
+              kIsEmailMFAEnabled, userDetails.profileData!.isEmailMFAEnabled);
+          _preferences.setBool(
+              kCanDisableEmailMFA, userDetails.profileData!.canDisableEmailMFA);
         }
         // handle email change from different client
         if (userDetails.email != _config.getEmail()) {
@@ -156,7 +156,7 @@ class UserService {
         }
       }
       return userDetails;
-    } catch(e) {
+    } catch (e) {
       _logger.warning("Failed to fetch", e);
       rethrow;
     }
@@ -210,15 +210,15 @@ class UserService {
       //to close and only then to show the error dialog.
       Future.delayed(
         const Duration(milliseconds: 150),
-            () => showGenericErrorDialog(context: context),
+        () => showGenericErrorDialog(context: context),
       );
       rethrow;
     }
   }
 
   Future<DeleteChallengeResponse?> getDeleteChallenge(
-      BuildContext context,
-      ) async {
+    BuildContext context,
+  ) async {
     try {
       final response = await _enteDio.get("/users/delete-challenge");
       if (response.statusCode == 200) {
@@ -237,8 +237,9 @@ class UserService {
   }
 
   Future<void> deleteAccount(
-      BuildContext context,
-      String challengeResponse,) async {
+    BuildContext context,
+    String challengeResponse,
+  ) async {
     try {
       final response = await _enteDio.delete(
         "/users/delete",
@@ -258,9 +259,11 @@ class UserService {
     }
   }
 
-  Future<void> verifyEmail(BuildContext context, String ott, {bool
-  isResettingPasswordScreen = false,})
-  async {
+  Future<void> verifyEmail(
+    BuildContext context,
+    String ott, {
+    bool isResettingPasswordScreen = false,
+  }) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -280,14 +283,15 @@ class UserService {
         } else {
           await _saveConfiguration(response);
           if (Configuration.instance.getEncryptedToken() != null) {
-            if(isResettingPasswordScreen) {
+            if (isResettingPasswordScreen) {
               page = const RecoveryPage();
             } else {
               page = const PasswordReentryPage();
             }
-
           } else {
-            page = const PasswordEntryPage(mode: PasswordEntryMode.set,);
+            page = const PasswordEntryPage(
+              mode: PasswordEntryMode.set,
+            );
           }
         }
         Navigator.of(context).pushAndRemoveUntil(
@@ -296,7 +300,7 @@ class UserService {
               return page;
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         // should never reach here
@@ -336,10 +340,10 @@ class UserService {
   }
 
   Future<void> changeEmail(
-      BuildContext context,
-      String email,
-      String ott,
-      ) async {
+    BuildContext context,
+    String email,
+    String ott,
+  ) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -431,9 +435,9 @@ class UserService {
   }
 
   Future<void> registerOrUpdateSrp(
-      Uint8List loginKey, {
-        SetKeysRequest? setKeysRequest,
-      }) async {
+    Uint8List loginKey, {
+    SetKeysRequest? setKeysRequest,
+  }) async {
     try {
       final String username = const Uuid().v4().toString();
       final SecureRandom random = _getSecureRandom();
@@ -466,14 +470,14 @@ class UserService {
       );
       if (response.statusCode == 200) {
         final SetupSRPResponse setupSRPResponse =
-        SetupSRPResponse.fromJson(response.data);
+            SetupSRPResponse.fromJson(response.data);
         final serverB =
-        SRP6Util.decodeBigInt(base64Decode(setupSRPResponse.srpB));
+            SRP6Util.decodeBigInt(base64Decode(setupSRPResponse.srpB));
         // ignore: need to calculate secret to get M1, unused_local_variable
         final clientS = client.calculateSecret(serverB);
         final clientM = client.calculateClientEvidenceMessage();
         late Response srpCompleteResponse;
-        if(setKeysRequest == null) {
+        if (setKeysRequest == null) {
           srpCompleteResponse = await _enteDio.post(
             "/users/srp/complete",
             data: {
@@ -494,8 +498,8 @@ class UserService {
       } else {
         throw Exception("register-srp action failed");
       }
-    } catch (e,s) {
-      _logger.severe("failed to register srp" ,e,s);
+    } catch (e, s) {
+      _logger.severe("failed to register srp", e, s);
       rethrow;
     }
   }
@@ -512,133 +516,96 @@ class UserService {
   }
 
   Future<void> verifyEmailViaPassword(
-      BuildContext context,
-      SrpAttributes srpAttributes,
-      String userPassword,
-      ) async {
-    final dialog = createProgressDialog(
-      context,
-      context.l10n.pleaseWait,
-      isDismissible: true,
-    );
-    await dialog.show();
+    BuildContext context,
+    SrpAttributes srpAttributes,
+    String userPassword,
+    ProgressDialog dialog,
+  ) async {
     late Uint8List keyEncryptionKey;
-    try {
-      keyEncryptionKey = await CryptoUtil.deriveKey(
-        utf8.encode(userPassword) as Uint8List,
-        CryptoUtil.base642bin(srpAttributes.kekSalt),
-        srpAttributes.memLimit,
-        srpAttributes.opsLimit,
-      );
-      final loginKey = await CryptoUtil.deriveLoginKey(keyEncryptionKey);
-      final Uint8List identity = Uint8List.fromList(
-        utf8.encode(srpAttributes.srpUserID),
-      );
-      final Uint8List salt = base64Decode(srpAttributes.srpSalt);
-      final Uint8List password = loginKey;
-      final SecureRandom random = _getSecureRandom();
+    _logger.finest('Start deriving key');
+    keyEncryptionKey = await CryptoUtil.deriveKey(
+      utf8.encode(userPassword) as Uint8List,
+      CryptoUtil.base642bin(srpAttributes.kekSalt),
+      srpAttributes.memLimit,
+      srpAttributes.opsLimit,
+    );
+    _logger.finest('keyDerivation done, derive LoginKey');
+    final loginKey = await CryptoUtil.deriveLoginKey(keyEncryptionKey);
+    final Uint8List identity = Uint8List.fromList(
+      utf8.encode(srpAttributes.srpUserID),
+    );
+    _logger.finest('longinKey derivation done');
+    final Uint8List salt = base64Decode(srpAttributes.srpSalt);
+    final Uint8List password = loginKey;
+    final SecureRandom random = _getSecureRandom();
 
-      final client = SRP6Client(
-        group: kDefaultSrpGroup,
-        digest: Digest('SHA-256'),
-        random: random,
-      );
+    final client = SRP6Client(
+      group: kDefaultSrpGroup,
+      digest: Digest('SHA-256'),
+      random: random,
+    );
 
-      final A = client.generateClientCredentials(salt, identity, password);
-      final createSessionResponse = await _dio.post(
-        _config.getHttpEndpoint() + "/users/srp/create-session",
-        data: {
-          "srpUserID": srpAttributes.srpUserID,
-          "srpA": base64Encode(SRP6Util.encodeBigInt(A!)),
-        },
-      );
-      final String sessionID = createSessionResponse.data["sessionID"];
-      final String srpB = createSessionResponse.data["srpB"];
+    final A = client.generateClientCredentials(salt, identity, password);
+    final createSessionResponse = await _dio.post(
+      _config.getHttpEndpoint() + "/users/srp/create-session",
+      data: {
+        "srpUserID": srpAttributes.srpUserID,
+        "srpA": base64Encode(SRP6Util.encodeBigInt(A!)),
+      },
+    );
+    final String sessionID = createSessionResponse.data["sessionID"];
+    final String srpB = createSessionResponse.data["srpB"];
 
-      final serverB = SRP6Util.decodeBigInt(base64Decode(srpB));
-      // ignore: need to calculate secret to get M1, unused_local_variable
-      final clientS = client.calculateSecret(serverB);
-      final clientM = client.calculateClientEvidenceMessage();
-      final response = await _dio.post(
-        _config.getHttpEndpoint() + "/users/srp/verify-session",
-        data: {
-          "sessionID": sessionID,
-          "srpUserID": srpAttributes.srpUserID,
-          "srpM1": base64Encode(SRP6Util.encodeBigInt(clientM!)),
-        },
-      );
-      if (response.statusCode == 200) {
-        Widget page;
-        final String twoFASessionID = response.data["twoFactorSessionID"];
-        Configuration.instance.setVolatilePassword(userPassword);
-        if (twoFASessionID.isNotEmpty) {
-          page = TwoFactorAuthenticationPage(twoFASessionID);
-        } else {
-          await _saveConfiguration(response);
-          if (Configuration.instance.getEncryptedToken() != null) {
-            await Configuration.instance.decryptSecretsAndGetKeyEncKey(
-              userPassword,
-              Configuration.instance.getKeyAttributes()!,
-              keyEncryptionKey: keyEncryptionKey,
-            );
-            page = const HomePage();
-          } else {
-            throw Exception("unexpected response during email verification");
-          }
-        }
-        await dialog.hide();
-        Navigator.of(context).pushAndRemoveUntil(
-          MaterialPageRoute(
-            builder: (BuildContext context) {
-              return page;
-            },
-          ),
-              (route) => route.isFirst,
-        );
+    final serverB = SRP6Util.decodeBigInt(base64Decode(srpB));
+    // ignore: need to calculate secret to get M1, unused_local_variable
+    final clientS = client.calculateSecret(serverB);
+    final clientM = client.calculateClientEvidenceMessage();
+    final response = await _dio.post(
+      _config.getHttpEndpoint() + "/users/srp/verify-session",
+      data: {
+        "sessionID": sessionID,
+        "srpUserID": srpAttributes.srpUserID,
+        "srpM1": base64Encode(SRP6Util.encodeBigInt(clientM!)),
+      },
+    );
+    if (response.statusCode == 200) {
+      Widget page;
+      final String twoFASessionID = response.data["twoFactorSessionID"];
+      Configuration.instance.setVolatilePassword(userPassword);
+      if (twoFASessionID.isNotEmpty) {
+        page = TwoFactorAuthenticationPage(twoFASessionID);
       } else {
-        // should never reach here
-        throw Exception("unexpected response during email verification");
-      }
-    } on DioError catch (e, s) {
-      await dialog.hide();
-      if (e.response != null && e.response!.statusCode == 401) {
-        final dialogChoice = await showChoiceDialog(
-          context,
-          title: context.l10n.incorrectPasswordTitle,
-          body: context.l10n.pleaseTryAgain,
-          firstButtonLabel: context.l10n.contactSupport,
-          secondButtonLabel: context.l10n.ok,
-        );
-        if (dialogChoice!.action == ButtonAction.first) {
-          await sendLogs(
-            context,
-            context.l10n.contactSupport,
-            "support@ente.io",
-            postShare: () {},
+        await _saveConfiguration(response);
+        if (Configuration.instance.getEncryptedToken() != null) {
+          await Configuration.instance.decryptSecretsAndGetKeyEncKey(
+            userPassword,
+            Configuration.instance.getKeyAttributes()!,
+            keyEncryptionKey: keyEncryptionKey,
           );
+          page = const HomePage();
+        } else {
+          throw Exception("unexpected response during email verification");
         }
-      } else {
-        _logger.fine('failed to verify password', e, s);
-        await showErrorDialog(
-          context,
-          context.l10n.oops,
-          context.l10n.verificationFailedPleaseTryAgain,
-        );
       }
-    } catch (e, s) {
-      _logger.fine('failed to verify password', e, s);
       await dialog.hide();
-      await showErrorDialog(
-        context,
-        context.l10n.oops,
-        context.l10n.verificationFailedPleaseTryAgain,
+      Navigator.of(context).pushAndRemoveUntil(
+        MaterialPageRoute(
+          builder: (BuildContext context) {
+            return page;
+          },
+        ),
+        (route) => route.isFirst,
       );
+    } else {
+      // should never reach here
+      throw Exception("unexpected response during email verification");
     }
   }
 
-  Future<void> updateKeyAttributes(KeyAttributes keyAttributes, Uint8List
-  loginKey,)
-  async {
+  Future<void> updateKeyAttributes(
+    KeyAttributes keyAttributes,
+    Uint8List loginKey,
+  ) async {
     try {
       final setKeyRequest = SetKeysRequest(
         kekSalt: keyAttributes.kekSalt,
@@ -679,10 +646,10 @@ class UserService {
   }
 
   Future<void> verifyTwoFactor(
-      BuildContext context,
-      String sessionID,
-      String code,
-      ) async {
+    BuildContext context,
+    String sessionID,
+    String code,
+  ) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -703,7 +670,7 @@ class UserService {
               return const PasswordReentryPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       }
     } on DioError catch (e) {
@@ -717,7 +684,7 @@ class UserService {
               return const LoginPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         showErrorDialog(
@@ -758,7 +725,7 @@ class UserService {
               );
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       }
     } on DioError catch (e) {
@@ -771,7 +738,7 @@ class UserService {
               return const LoginPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         showErrorDialog(
@@ -793,12 +760,12 @@ class UserService {
   }
 
   Future<void> removeTwoFactor(
-      BuildContext context,
-      String sessionID,
-      String recoveryKey,
-      String encryptedSecret,
-      String secretDecryptionNonce,
-      ) async {
+    BuildContext context,
+    String sessionID,
+    String recoveryKey,
+    String encryptedSecret,
+    String secretDecryptionNonce,
+  ) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     String secret;
@@ -847,7 +814,7 @@ class UserService {
               return const PasswordReentryPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       }
     } on DioError catch (e) {
@@ -860,7 +827,7 @@ class UserService {
               return const LoginPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         showErrorDialog(
@@ -881,13 +848,6 @@ class UserService {
     }
   }
 
-
-
-
-
-
-
-
   Future<void> _saveConfiguration(Response response) async {
     await Configuration.instance.setUserID(response.data["id"]);
     if (response.data["encryptedToken"] != null) {
@@ -904,6 +864,7 @@ class UserService {
   bool? canDisableEmailMFA() {
     return _preferences.getBool(kCanDisableEmailMFA);
   }
+
   bool hasEmailMFAEnabled() {
     return _preferences.getBool(kIsEmailMFAEnabled) ?? true;
   }
@@ -918,9 +879,8 @@ class UserService {
       );
       _preferences.setBool(kIsEmailMFAEnabled, isEnabled);
     } catch (e) {
-      _logger.severe("Failed to update email mfa",e);
+      _logger.severe("Failed to update email mfa", e);
       rethrow;
     }
   }
 }
-

lib/ui/account/login_pwd_verification_page.dart

@@ -1,11 +1,14 @@
-
+import "package:dio/dio.dart";
 import 'package:ente_auth/core/configuration.dart';
+import "package:ente_auth/core/errors.dart";
 import "package:ente_auth/l10n/l10n.dart";
 import "package:ente_auth/models/api/user/srp.dart";
 import "package:ente_auth/services/user_service.dart";
 import "package:ente_auth/theme/ente_theme.dart";
 import 'package:ente_auth/ui/common/dynamic_fab.dart';
+import "package:ente_auth/ui/components/buttons/button_widget.dart";
 import "package:ente_auth/utils/dialog_util.dart";
+import "package:ente_auth/utils/email_util.dart";
 import 'package:flutter/material.dart';
 import "package:logging/logging.dart";
 
@@ -16,14 +19,16 @@ import "package:logging/logging.dart";
 // volatile password.
 class LoginPasswordVerificationPage extends StatefulWidget {
   final SrpAttributes srpAttributes;
-  const LoginPasswordVerificationPage({Key? key, required this.srpAttributes}) : super(key: key);
+  const LoginPasswordVerificationPage({Key? key, required this.srpAttributes})
+      : super(key: key);
 
   @override
-  State<LoginPasswordVerificationPage> createState() => _LoginPasswordVerificationPageState();
+  State<LoginPasswordVerificationPage> createState() =>
+      _LoginPasswordVerificationPageState();
 }
 
-class _LoginPasswordVerificationPageState extends
-State<LoginPasswordVerificationPage> {
+class _LoginPasswordVerificationPageState
+    extends State<LoginPasswordVerificationPage> {
   final _logger = Logger((_LoginPasswordVerificationPageState).toString());
   final _passwordController = TextEditingController();
   final FocusNode _passwordFocusNode = FocusNode();
@@ -74,9 +79,7 @@ State<LoginPasswordVerificationPage> {
         buttonText: context.l10n.logInLabel,
         onPressedFunction: () async {
           FocusScope.of(context).unfocus();
-          await UserService.instance.verifyEmailViaPassword(context, widget
-              .srpAttributes,
-              _passwordController.text,);
+          await verifyPassword(context, _passwordController.text);
         },
       ),
       floatingActionButtonLocation: fabLocation(),
@@ -84,6 +87,106 @@ State<LoginPasswordVerificationPage> {
     );
   }
 
+  Future<void> verifyPassword(BuildContext context, String password) async {
+    final dialog = createProgressDialog(
+      context,
+      context.l10n.pleaseWait,
+      isDismissible: true,
+    );
+    await dialog.show();
+    try {
+      await UserService.instance.verifyEmailViaPassword(
+        context,
+        widget.srpAttributes,
+        password,
+        dialog,
+      );
+    } on DioError catch (e, s) {
+      await dialog.hide();
+      if (e.response != null && e.response!.statusCode == 401) {
+        _logger.severe('server reject, failed verify SRP login', e, s);
+        await _showContactSupportDialog(
+          context,
+          context.l10n.incorrectPasswordTitle,
+          context.l10n.pleaseTryAgain,
+        );
+      } else {
+        _logger.severe('API failure during SRP login', e, s);
+        if (e.type == DioErrorType.other) {
+          await _showContactSupportDialog(
+            context,
+            context.l10n.noInternetConnection,
+            context.l10n.pleaseCheckYourInternetConnectionAndTryAgain,
+          );
+        } else {
+          await _showContactSupportDialog(
+            context,
+            context.l10n.oops,
+            context.l10n.verificationFailedPleaseTryAgain,
+          );
+        }
+      }
+    } catch (e, s) {
+      _logger.info('error during loginViaPassword', e);
+      await dialog.hide();
+      if (e is LoginKeyDerivationError) {
+        _logger.severe('loginKey derivation error', e, s);
+        // LoginKey err, perform regular login via ott verification
+        await UserService.instance.sendOtt(
+          context,
+          email!,
+          isCreateAccountScreen: true,
+        );
+        return;
+      } else if (e is KeyDerivationError) {
+        // device is not powerful enough to perform derive key
+        final dialogChoice = await showChoiceDialog(
+          context,
+          title: context.l10n.recreatePasswordTitle,
+          body: context.l10n.recreatePasswordBody,
+          firstButtonLabel: context.l10n.useRecoveryKey,
+        );
+        if (dialogChoice!.action == ButtonAction.first) {
+          await UserService.instance.sendOtt(
+            context,
+            email!,
+            isResetPasswordScreen: true,
+          );
+        }
+        return;
+      } else {
+        _logger.severe('unexpected error while verifying password', e, s);
+        await _showContactSupportDialog(
+          context,
+          context.l10n.oops,
+          context.l10n.verificationFailedPleaseTryAgain,
+        );
+      }
+    }
+  }
+
+  Future<void> _showContactSupportDialog(
+    BuildContext context,
+    String title,
+    String message,
+  ) async {
+    final dialogChoice = await showChoiceDialog(
+      context,
+      title: title,
+      body: message,
+      firstButtonLabel: context.l10n.contactSupport,
+      secondButtonLabel: context.l10n.ok,
+    );
+    if (dialogChoice!.action == ButtonAction.first) {
+      await sendLogs(
+        context,
+        context.l10n.contactSupport,
+        "auth@ente.io",
+        postShare: () {},
+      );
+    }
+  }
+
   Widget _getBody() {
     return Column(
       children: [
@@ -92,17 +195,22 @@ State<LoginPasswordVerificationPage> {
             child: ListView(
               children: [
                 Padding(
-                  padding:
-                  const EdgeInsets.only(top: 30, left: 20, right: 20),
+                  padding: const EdgeInsets.only(top: 30, left: 20, right: 20),
                   child: Text(
                     context.l10n.enterPassword,
                     style: Theme.of(context).textTheme.headlineMedium,
                   ),
                 ),
                 Padding(
-                  padding: const EdgeInsets.only(bottom: 30, left: 22, right:
-                  20,),
-                  child: Text(email ?? '', style: getEnteTextTheme(context).smallMuted,),
+                  padding: const EdgeInsets.only(
+                    bottom: 30,
+                    left: 22,
+                    right: 20,
+                  ),
+                  child: Text(
+                    email ?? '',
+                    style: getEnteTextTheme(context).smallMuted,
+                  ),
                 ),
                 Visibility(
                   // hidden textForm for suggesting auto-fill service for saving
@@ -133,19 +241,19 @@ State<LoginPasswordVerificationPage> {
                       ),
                       suffixIcon: _passwordInFocus
                           ? IconButton(
-                        icon: Icon(
-                          _passwordVisible
-                              ? Icons.visibility
-                              : Icons.visibility_off,
-                          color: Theme.of(context).iconTheme.color,
-                          size: 20,
-                        ),
-                        onPressed: () {
-                          setState(() {
-                            _passwordVisible = !_passwordVisible;
-                          });
-                        },
-                      )
+                              icon: Icon(
+                                _passwordVisible
+                                    ? Icons.visibility
+                                    : Icons.visibility_off,
+                                color: Theme.of(context).iconTheme.color,
+                                size: 20,
+                              ),
+                              onPressed: () {
+                                setState(() {
+                                  _passwordVisible = !_passwordVisible;
+                                });
+                              },
+                            )
                           : null,
                     ),
                     style: const TextStyle(
@@ -176,9 +284,11 @@ State<LoginPasswordVerificationPage> {
                       GestureDetector(
                         behavior: HitTestBehavior.opaque,
                         onTap: () async {
-                          await UserService.instance
-                              .sendOtt(context, email!,
-                              isResetPasswordScreen: true,);
+                          await UserService.instance.sendOtt(
+                            context,
+                            email!,
+                            isResetPasswordScreen: true,
+                          );
                         },
                         child: Center(
                           child: Text(
@@ -187,9 +297,9 @@ State<LoginPasswordVerificationPage> {
                                 .textTheme
                                 .titleMedium!
                                 .copyWith(
-                              fontSize: 14,
-                              decoration: TextDecoration.underline,
-                            ),
+                                  fontSize: 14,
+                                  decoration: TextDecoration.underline,
+                                ),
                           ),
                         ),
                       ),
@@ -213,9 +323,9 @@ State<LoginPasswordVerificationPage> {
                                 .textTheme
                                 .titleMedium!
                                 .copyWith(
-                              fontSize: 14,
-                              decoration: TextDecoration.underline,
-                            ),
+                                  fontSize: 14,
+                                  decoration: TextDecoration.underline,
+                                ),
                           ),
                         ),
                       ),
@@ -229,4 +339,4 @@ State<LoginPasswordVerificationPage> {
       ],
     );
   }
-}
+}

lib/ui/settings/data/import/bitwarden_import.dart

@@ -0,0 +1,103 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:io';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+
+Future<void> showBitwardenImportInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("Bitwarden"),
+    body: l10n.importBitwardenGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.importSelectJsonFile,
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _pickBitwardenJsonFile(context);
+    }
+  }
+}
+
+Future<void> _pickBitwardenJsonFile(BuildContext context) async {
+  final l10n = context.l10n;
+  FilePickerResult? result = await FilePicker.platform.pickFiles();
+  if (result == null) {
+    return;
+  }
+  final progressDialog = createProgressDialog(context, l10n.pleaseWait);
+  await progressDialog.show();
+  try {
+    String path = result.files.single.path!;
+    int? count = await _processBitwardenExportFile(context, path);
+    await progressDialog.hide();
+    if (count != null) {
+      await importSuccessDialog(context, count);
+    }
+  } catch (e) {
+    await progressDialog.hide();
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}
+
+Future<int?> _processBitwardenExportFile(
+  BuildContext context,
+  String path,
+) async {
+  File file = File(path);
+  final jsonString = await file.readAsString();
+  final data = jsonDecode(jsonString);
+  List<dynamic> jsonArray = data['items'];
+  final parsedCodes = [];
+  for (var item in jsonArray) {
+    if (item['login']['totp'] != null) {
+      var issuer = item['name'];
+      var account = item['login']['username'];
+      var secret = item['login']['totp'];
+
+      parsedCodes.add(
+        Code.fromAccountAndSecret(
+          account,
+          issuer,
+          secret,
+        ),
+      );
+    }
+  }
+
+  for (final code in parsedCodes) {
+    await CodeStore.instance.addCode(code, shouldSync: false);
+  }
+  unawaited(AuthenticatorService.instance.onlineSync());
+  return parsedCodes.length;
+}

lib/ui/settings/data/import/import_service.dart

@@ -1,4 +1,5 @@
 import 'package:ente_auth/ui/settings/data/import/aegis_import.dart';
+import 'package:ente_auth/ui/settings/data/import/bitwarden_import.dart';
 import 'package:ente_auth/ui/settings/data/import/encrypted_ente_import.dart';
 import 'package:ente_auth/ui/settings/data/import/google_auth_import.dart';
 import 'package:ente_auth/ui/settings/data/import/plain_text_import.dart';
@@ -31,6 +32,9 @@ class ImportService {
       case ImportType.aegis:
         showAegisImportInstruction(context);
         break;
+      case ImportType.bitwarden:
+        showBitwardenImportInstruction(context);
+        break;
     }
   }
 }

lib/ui/settings/data/import_page.dart

@@ -15,6 +15,7 @@ enum ImportType {
   ravio,
   googleAuthenticator,
   aegis,
+  bitwarden,
 }
 
 class ImportCodePage extends StatelessWidget {
@@ -24,6 +25,7 @@ class ImportCodePage extends StatelessWidget {
     ImportType.ravio,
     ImportType.aegis,
     ImportType.googleAuthenticator,
+    ImportType.bitwarden,
   ];
 
   ImportCodePage({super.key});
@@ -40,6 +42,8 @@ class ImportCodePage extends StatelessWidget {
         return 'Google Authenticator';
       case ImportType.aegis:
         return 'Aegis Authenticator';
+      case ImportType.bitwarden:
+        return 'Bitwarden';
     }
   }
 

lib/ui/settings/general_section_widget.dart

@@ -13,6 +13,7 @@ import 'package:ente_auth/ui/components/toggle_switch_widget.dart';
 import 'package:ente_auth/ui/settings/common_settings.dart';
 import 'package:ente_auth/ui/settings/language_picker.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
 import 'package:flutter/material.dart';
 
 class AdvancedSectionWidget extends StatefulWidget {
@@ -86,6 +87,9 @@ class _AdvancedSectionWidgetState extends State<AdvancedSectionWidget> {
               await PreferenceService.instance.setHideCodes(
                 !PreferenceService.instance.shouldHideCodes(),
               );
+              if(PreferenceService.instance.shouldHideCodes()) {
+                showToast(context, context.l10n.doubleTapToViewHiddenCode);
+              }
               setState(() {});
             },
           ),

lib/ui/settings_page.dart

@@ -3,7 +3,9 @@ import 'dart:io';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/onboarding/view/onboarding_page.dart';
+import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/services/user_service.dart';
+import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/theme/colors.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
@@ -99,6 +101,19 @@ class SettingsPage extends StatelessWidget {
               await handleExportClick(context);
             } else {
               if (result.action == ButtonAction.second) {
+                bool hasCodes =
+                    (await CodeStore.instance.getAllCodes()).isNotEmpty;
+                if (hasCodes) {
+                  final hasAuthenticated = await LocalAuthenticationService
+                      .instance
+                      .requestLocalAuthentication(
+                    context,
+                    context.l10n.authToInitiateSignIn,
+                  );
+                  if (!hasAuthenticated) {
+                    return;
+                  }
+                }
                 await routeToPage(
                   context,
                   const OnboardingPage(),

lib/ui/tools/lock_screen.dart

@@ -1,5 +1,6 @@
+import 'dart:io';
 
-
+import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/ui/common/gradient_button.dart';
 import 'package:ente_auth/ui/tools/app_lock.dart';
 import 'package:ente_auth/utils/auth_util.dart';
@@ -13,13 +14,25 @@ class LockScreen extends StatefulWidget {
   State<LockScreen> createState() => _LockScreenState();
 }
 
-class _LockScreenState extends State<LockScreen> {
+class _LockScreenState extends State<LockScreen> with WidgetsBindingObserver {
   final _logger = Logger("LockScreen");
+  bool _isShowingLockScreen = false;
+  bool _hasPlacedAppInBackground = false;
+  bool _hasAuthenticationFailed = false;
+  int? lastAuthenticatingTime;
 
   @override
   void initState() {
-    _showLockScreen();
+    _logger.info("initiatingState");
     super.initState();
+    WidgetsBinding.instance.addObserver(this);
+    WidgetsBinding.instance.addPostFrameCallback((timeStamp) {
+      if (isNonMobileIOSDevice()) {
+        _logger.info('ignore init for non mobile iOS device');
+        return;
+      }
+      _showLockScreen(source: "postFrameInit");
+    });
   }
 
   @override
@@ -34,16 +47,16 @@ class _LockScreenState extends State<LockScreen> {
               alignment: Alignment.center,
               children: [
                 Opacity(
-                  opacity: 0.3,
+                  opacity: 0.2,
                   child: Image.asset('assets/loading_photos_background.png'),
                 ),
                 SizedBox(
-                  width: 142,
+                  width: 180,
                   child: GradientButton(
-                    text: "Unlock",
+                    text: context.l10n.unlock,
                     iconData: Icons.lock_open_outlined,
                     onTap: () async {
-                      _showLockScreen();
+                      _showLockScreen(source: "tapUnlock");
                     },
                   ),
                 ),
@@ -55,16 +68,76 @@ class _LockScreenState extends State<LockScreen> {
     );
   }
 
-  Future<void> _showLockScreen() async {
-    _logger.info("Showing lockscreen");
+  bool isNonMobileIOSDevice() {
+    if (Platform.isAndroid) {
+      return false;
+    }
+    var shortestSide = MediaQuery.of(context).size.shortestSide;
+    return shortestSide > 600 ? true : false;
+  }
+
+  @override
+  void didChangeAppLifecycleState(AppLifecycleState state) {
+    _logger.info(state.toString());
+    if (state == AppLifecycleState.resumed && !_isShowingLockScreen) {
+      // This is triggered either when the lock screen is dismissed or when
+      // the app is brought to foreground
+      _hasPlacedAppInBackground = false;
+      final bool didAuthInLast5Seconds = lastAuthenticatingTime != null &&
+          DateTime.now().millisecondsSinceEpoch - lastAuthenticatingTime! <
+              5000;
+      if (!_hasAuthenticationFailed && !didAuthInLast5Seconds) {
+        // Show the lock screen again only if the app is resuming from the
+        // background, and not when the lock screen was explicitly dismissed
+        Future.delayed(
+          Duration.zero,
+          () => _showLockScreen(source: "lifeCycle"),
+        );
+      } else {
+        _hasAuthenticationFailed = false; // Reset failure state
+      }
+    } else if (state == AppLifecycleState.paused ||
+        state == AppLifecycleState.inactive) {
+      // This is triggered either when the lock screen pops up or when
+      // the app is pushed to background
+      if (!_isShowingLockScreen) {
+        _hasPlacedAppInBackground = true;
+        _hasAuthenticationFailed = false; // reset failure state
+      }
+    }
+  }
+
+  @override
+  void dispose() {
+    _logger.info('disposing');
+    WidgetsBinding.instance.removeObserver(this);
+    super.dispose();
+  }
+
+  Future<void> _showLockScreen({String source = ''}) async {
+    final int id = DateTime.now().millisecondsSinceEpoch;
+    _logger.info("Showing lock screen $source $id");
     try {
+      _isShowingLockScreen = true;
       final result = await requestAuthentication(
-        "Please authenticate to view your secrets",
+        context,
+        context.l10n.authToViewSecrets,
       );
+      _logger.finest("LockScreen Result $result $id");
+      _isShowingLockScreen = false;
       if (result) {
+        lastAuthenticatingTime = DateTime.now().millisecondsSinceEpoch;
         AppLock.of(context)!.didUnlock();
+      } else {
+        if (!_hasPlacedAppInBackground) {
+          // Treat this as a failure only if user did not explicitly
+          // put the app in background
+          _hasAuthenticationFailed = true;
+          _logger.info("Authentication failed");
+        }
       }
     } catch (e, s) {
+      _isShowingLockScreen = false;
       _logger.severe(e, s);
     }
   }

lib/ui/utils/icon_utils.dart

@@ -4,6 +4,7 @@ import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:flutter_svg/svg.dart';
+import 'package:logging/logging.dart';
 
 class IconUtils {
   IconUtils._privateConstructor();
@@ -77,20 +78,32 @@ class IconUtils {
   }
 
   Future<void> _loadJson() async {
-    final simpleIconData = await rootBundle
-        .loadString('assets/simple-icons/_data/simple-icons.json');
-    final simpleIcons = json.decode(simpleIconData);
-    for (final icon in simpleIcons["icons"]) {
-      _simpleIcons[icon["title"].toString().toLowerCase()] = icon["hex"];
-    }
-    final customIconData = await rootBundle
-        .loadString('assets/custom-icons/_data/custom-icons.json');
-    final customIcons = json.decode(customIconData);
-    for (final icon in customIcons["icons"]) {
-      _customIcons[icon["title"].toString().toLowerCase()] = CustomIconData(
-        icon["slug"],
-        icon["hex"],
-      );
+    try {
+      final simpleIconData = await rootBundle
+          .loadString('assets/simple-icons/_data/simple-icons.json');
+      final simpleIcons = json.decode(simpleIconData);
+      for (final icon in simpleIcons["icons"]) {
+        _simpleIcons[icon["title"].toString().toLowerCase()] = icon["hex"];
+      }
+      final customIconData = await rootBundle
+          .loadString('assets/custom-icons/_data/custom-icons.json');
+      final customIcons = json.decode(customIconData);
+      for (final icon in customIcons["icons"]) {
+        _customIcons[icon["title"].toString().toLowerCase()] = CustomIconData(
+          icon["slug"],
+          icon["hex"],
+        );
+        if (icon["altNames"] != null) {
+          for (final name in icon["altNames"]) {
+            _customIcons[name] = CustomIconData(
+              icon["slug"],
+              icon["hex"],
+            );
+          }
+        }
+      }
+    } catch (e) {
+      Logger("IconUtils").severe("Error loading icons", e);
     }
   }
 

lib/utils/auth_util.dart

@@ -1,25 +1,37 @@
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:flutter/cupertino.dart';
 import 'package:local_auth/local_auth.dart';
 import 'package:local_auth_android/local_auth_android.dart';
+import 'package:local_auth_ios/types/auth_messages_ios.dart';
 import 'package:logging/logging.dart';
 
-Future<bool> requestAuthentication(String reason) async {
+Future<bool> requestAuthentication(BuildContext context, String reason) async {
   Logger("AuthUtil").info("Requesting authentication");
   await LocalAuthentication().stopAuthentication();
+  final l10n = context.l10n;
   return await LocalAuthentication().authenticate(
     localizedReason: reason,
     authMessages: [
-      const AndroidAuthMessages(
-        biometricHint: "Verify identity",
-        biometricNotRecognized: "Not recognized, try again",
-        biometricRequiredTitle: "Biometric required",
-        biometricSuccess: "Successfully verified",
-        cancelButton: "Cancel",
-        deviceCredentialsRequiredTitle: "Device credentials required",
-        deviceCredentialsSetupDescription: "Device credentials required",
-        goToSettingsButton: "Go to settings",
-        goToSettingsDescription:
-            "Authentication is not setup on your device, go to Settings > Security to set it up",
-        signInTitle: "Authentication required",
+      AndroidAuthMessages(
+        biometricHint: l10n.androidBiometricHint,
+        biometricNotRecognized: l10n.androidBiometricNotRecognized,
+        biometricRequiredTitle: l10n.androidBiometricRequiredTitle,
+        biometricSuccess: l10n.androidBiometricSuccess,
+        cancelButton: l10n.androidCancelButton,
+        deviceCredentialsRequiredTitle:
+            l10n.androidDeviceCredentialsRequiredTitle,
+        deviceCredentialsSetupDescription:
+            l10n.androidDeviceCredentialsSetupDescription,
+        goToSettingsButton: l10n.goToSettings,
+        goToSettingsDescription: l10n.androidGoToSettingsDescription,
+        signInTitle: l10n.androidSignInTitle,
+      ),
+      IOSAuthMessages(
+        goToSettingsButton: l10n.goToSettings,
+        goToSettingsDescription: l10n.goToSettings,
+        lockOut: l10n.iOSLockOut,
+        // cancelButton default value is "Ok"
+        cancelButton: l10n.iOSOkButton,
       ),
     ],
   );

lib/utils/crypto_util.dart

@@ -42,8 +42,8 @@ Uint8List cryptoPwHash(Map<String, dynamic> args) {
 }
 
 Uint8List cryptoKdfDeriveFromKey(
-    Map<String, dynamic> args,
-    ) {
+  Map<String, dynamic> args,
+) {
   return Sodium.cryptoKdfDeriveFromKey(
     args["subkeyLen"],
     args["subkeyId"],
@@ -58,7 +58,7 @@ Future<Uint8List> cryptoGenericHash(Map<String, dynamic> args) async {
   final sourceFileLength = await sourceFile.length();
   final inputFile = sourceFile.openSync(mode: io.FileMode.read);
   final state =
-  Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
+      Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
   var bytesRead = 0;
   bool isDone = false;
   while (!isDone) {
@@ -77,7 +77,7 @@ Future<Uint8List> cryptoGenericHash(Map<String, dynamic> args) async {
 
 EncryptionResult chachaEncryptData(Map<String, dynamic> args) {
   final initPushResult =
-  Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
+      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
   final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
     initPushResult.state,
     args["source"],
@@ -102,7 +102,7 @@ Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
   final inputFile = sourceFile.openSync(mode: io.FileMode.read);
   final key = args["key"] ?? Sodium.cryptoSecretstreamXchacha20poly1305Keygen();
   final initPushResult =
-  Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
+      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
   var bytesRead = 0;
   var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
   while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
@@ -156,7 +156,7 @@ Future<void> chachaDecryptFile(Map<String, dynamic> args) async {
     final buffer = await inputFile.read(chunkSize);
     bytesRead += chunkSize;
     final pullResult =
-    Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
+        Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
     await destinationFile.writeAsBytes(pullResult.m, mode: io.FileMode.append);
     tag = pullResult.tag;
   }
@@ -190,20 +190,22 @@ class CryptoUtil {
     Sodium.init();
   }
 
-  static Uint8List base642bin(String b64, {
+  static Uint8List base642bin(
+    String b64, {
     String? ignore,
     int variant = Sodium.base64VariantOriginal,
   }) {
     return Sodium.base642bin(b64, ignore: ignore, variant: variant);
   }
 
-  static String bin2base64(Uint8List bin, {
+  static String bin2base64(
+    Uint8List bin, {
     bool urlSafe = false,
   }) {
     return Sodium.bin2base64(
       bin,
       variant:
-      urlSafe ? Sodium.base64VariantUrlsafe : Sodium.base64VariantOriginal,
+          urlSafe ? Sodium.base64VariantUrlsafe : Sodium.base64VariantOriginal,
     );
   }
 
@@ -237,9 +239,11 @@ class CryptoUtil {
 
   // Decrypts the given cipher, with the given key and nonce using XSalsa20
   // (w Poly1305 MAC).
-  static Future<Uint8List> decrypt(Uint8List cipher,
-      Uint8List key,
-      Uint8List nonce,) async {
+  static Future<Uint8List> decrypt(
+    Uint8List cipher,
+    Uint8List key,
+    Uint8List nonce,
+  ) async {
     final args = <String, dynamic>{};
     args["cipher"] = cipher;
     args["nonce"] = nonce;
@@ -256,9 +260,11 @@ class CryptoUtil {
   // This function runs on the same thread as the caller, so should be used only
   // for small amounts of data where thread switching can result in a degraded
   // user experience
-  static Uint8List decryptSync(Uint8List cipher,
-      Uint8List key,
-      Uint8List nonce,) {
+  static Uint8List decryptSync(
+    Uint8List cipher,
+    Uint8List key,
+    Uint8List nonce,
+  ) {
     final args = <String, dynamic>{};
     args["cipher"] = cipher;
     args["nonce"] = nonce;
@@ -270,8 +276,10 @@ class CryptoUtil {
   // nonce, using XChaCha20 (w Poly1305 MAC).
   // This function runs on the isolate pool held by `_computer`.
   // TODO: Remove "ChaCha", an implementation detail from the function name
-  static Future<EncryptionResult> encryptChaCha(Uint8List source,
-      Uint8List key,) async {
+  static Future<EncryptionResult> encryptChaCha(
+    Uint8List source,
+    Uint8List key,
+  ) async {
     final args = <String, dynamic>{};
     args["source"] = source;
     args["key"] = key;
@@ -285,9 +293,11 @@ class CryptoUtil {
   // Decrypts the given source, with the given key and header using XChaCha20
   // (w Poly1305 MAC).
   // TODO: Remove "ChaCha", an implementation detail from the function name
-  static Future<Uint8List> decryptChaCha(Uint8List source,
-      Uint8List key,
-      Uint8List header,) async {
+  static Future<Uint8List> decryptChaCha(
+    Uint8List source,
+    Uint8List key,
+    Uint8List header,
+  ) async {
     final args = <String, dynamic>{};
     args["source"] = source;
     args["key"] = key;
@@ -304,10 +314,10 @@ class CryptoUtil {
   // to the destinationFilePath.
   // If a key is not provided, one is generated and returned.
   static Future<EncryptionResult> encryptFile(
-      String sourceFilePath,
-      String destinationFilePath, {
-        Uint8List? key,
-      }) {
+    String sourceFilePath,
+    String destinationFilePath, {
+    Uint8List? key,
+  }) {
     final args = <String, dynamic>{};
     args["sourceFilePath"] = sourceFilePath;
     args["destinationFilePath"] = destinationFilePath;
@@ -322,10 +332,11 @@ class CryptoUtil {
   // Decrypts the file at sourceFilePath, with the given key and header using
   // XChaCha20 (w Poly1305 MAC), and writes it to the destinationFilePath.
   static Future<void> decryptFile(
-      String sourceFilePath,
-      String destinationFilePath,
-      Uint8List header,
-      Uint8List key,) {
+    String sourceFilePath,
+    String destinationFilePath,
+    Uint8List header,
+    Uint8List key,
+  ) {
     final args = <String, dynamic>{};
     args["sourceFilePath"] = sourceFilePath;
     args["destinationFilePath"] = destinationFilePath;
@@ -356,10 +367,10 @@ class CryptoUtil {
 
   // Decrypts the input using the given publicKey-secretKey pair
   static Uint8List openSealSync(
-      Uint8List input,
-      Uint8List publicKey,
-      Uint8List secretKey,
-      ) {
+    Uint8List input,
+    Uint8List publicKey,
+    Uint8List secretKey,
+  ) {
     return Sodium.cryptoBoxSealOpen(input, publicKey, secretKey);
   }
 
@@ -377,9 +388,9 @@ class CryptoUtil {
   // At all points, we ensure that the product of these two variables (the area
   // under the graph that determines the amount of work required) is a constant.
   static Future<DerivedKeyResult> deriveSensitiveKey(
-      Uint8List password,
-      Uint8List salt,
-      ) async {
+    Uint8List password,
+    Uint8List salt,
+  ) async {
     final logger = Logger("pwhash");
     int memLimit = Sodium.cryptoPwhashMemlimitSensitive;
     int opsLimit = Sodium.cryptoPwhashOpslimitSensitive;
@@ -407,7 +418,10 @@ class CryptoUtil {
         return DerivedKeyResult(key, memLimit, opsLimit);
       } catch (e, s) {
         logger.warning(
-          "failed to deriveKey mem: $memLimit, ops: $opsLimit", e, s,);
+          "failed to deriveKey mem: $memLimit, ops: $opsLimit",
+          e,
+          s,
+        );
       }
       memLimit = (memLimit / 2).round();
       opsLimit = opsLimit * 2;
@@ -421,9 +435,9 @@ class CryptoUtil {
   // extra layer of authentication (atop the access token and collection key).
   // More details @ https://ente.io/blog/building-shareable-links/
   static Future<DerivedKeyResult> deriveInteractiveKey(
-      Uint8List password,
-      Uint8List salt,
-      ) async {
+    Uint8List password,
+    Uint8List salt,
+  ) async {
     final int memLimit = Sodium.cryptoPwhashMemlimitInteractive;
     final int opsLimit = Sodium.cryptoPwhashOpslimitInteractive;
     final key = await deriveKey(password, salt, memLimit, opsLimit);
@@ -433,11 +447,11 @@ class CryptoUtil {
   // Derives a key for a given password, salt, memLimit and opsLimit using
   // Argon2id, v1.3.
   static Future<Uint8List> deriveKey(
-      Uint8List password,
-      Uint8List salt,
-      int memLimit,
-      int opsLimit,
-      ) {
+    Uint8List password,
+    Uint8List salt,
+    int memLimit,
+    int opsLimit,
+  ) {
     try {
       return _computer.compute(
         cryptoPwHash,
@@ -449,7 +463,7 @@ class CryptoUtil {
         },
         taskName: "deriveKey",
       );
-    } catch(e,s) {
+    } catch (e, s) {
       final String errMessage = 'failed to deriveKey memLimit: $memLimit and '
           'opsLimit: $opsLimit';
       Logger("CryptoUtilDeriveKey").warning(errMessage, e, s);
@@ -461,20 +475,25 @@ class CryptoUtil {
   // (Key Derivation Function) with the `loginSubKeyId` and
   // `loginSubKeyLen` and `loginSubKeyContext` as context
   static Future<Uint8List> deriveLoginKey(
-      Uint8List key,
-      ) async {
-    final Uint8List derivedKey = await  _computer.compute(
-      cryptoKdfDeriveFromKey,
-      param: {
-        "key": key,
-        "subkeyId": loginSubKeyId,
-        "subkeyLen": loginSubKeyLen,
-        "context": utf8.encode(loginSubKeyContext),
-      },
-      taskName: "deriveLoginKey",
-    );
-    // return the first 16 bytes of the derived key
-    return derivedKey.sublist(0, 16);
+    Uint8List key,
+  ) async {
+    try {
+      final Uint8List derivedKey = await _computer.compute(
+        cryptoKdfDeriveFromKey,
+        param: {
+          "key": key,
+          "subkeyId": loginSubKeyId,
+          "subkeyLen": loginSubKeyLen,
+          "context": utf8.encode(loginSubKeyContext),
+        },
+        taskName: "deriveLoginKey",
+      );
+      // return the first 16 bytes of the derived key
+      return derivedKey.sublist(0, 16);
+    } catch (e, s) {
+      Logger("deriveLoginKey").severe("loginKeyDerivation failed", e, s);
+      throw LoginKeyDerivationError();
+    }
   }
 
   // Computes and returns the hash of the source file

pubspec.lock

@@ -768,7 +768,7 @@ packages:
     source: hosted
     version: "2.1.7"
   local_auth_android:
-    dependency: transitive
+    dependency: "direct main"
     description:
       name: local_auth_android
       sha256: "523dd636ce061ddb296cbc3db410cb8f21efb7d8798f7b9532c8038ce2f8bad5"
@@ -776,7 +776,7 @@ packages:
     source: hosted
     version: "1.0.31"
   local_auth_ios:
-    dependency: transitive
+    dependency: "direct main"
     description:
       name: local_auth_ios
       sha256: edc2977c5145492f3451db9507a2f2f284ee4f408950b3e16670838726761940

pubspec.yaml

@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 2.0.14+214
+version: 2.0.22+222
 publish_to: none
 
 environment:
@@ -54,6 +54,9 @@ dependencies:
   intl: ^0.18.0
   json_annotation: ^4.5.0
   local_auth: ^2.1.7
+
+  local_auth_android: ^1.0.31
+  local_auth_ios: ^1.1.3
   logging: ^1.0.1
   modal_bottom_sheet: ^3.0.0-pre
   move_to_background: ^1.0.2