New Translations (#371)

New translations via [Crowdin GH
Action](https://github.com/crowdin/github-action)

Co-authored-by: Crowdin Bot <support+bot@crowdin.com>

.vscode/settings.json

@@ -1,7 +1,7 @@
 {
-  "workbench.colorCustomizations": {
-    "activityBar.background": "#44116A",
-    "titleBar.activeBackground": "#5F1895",
-    "titleBar.activeForeground": "#FDFBFE"
-  }
-}
+    "workbench.colorCustomizations": {
+        "activityBar.background": "#44116A",
+        "titleBar.activeBackground": "#5F1895",
+        "titleBar.activeForeground": "#FDFBFE"
+    }
+}

android/app/src/main/AndroidManifest.xml

@@ -53,14 +53,12 @@
     </queries>
     <uses-permission android:name="android.permission.INTERNET"/>
     <uses-permission
-        android:name="android.permission.READ_MEDIA_IMAGES" />
+            android:name="android.permission.READ_EXTERNAL_STORAGE"
+            android:maxSdkVersion="32"/>
     <uses-permission
-        android:name="android.permission.READ_EXTERNAL_STORAGE"
-        android:maxSdkVersion="32" />
-    <uses-permission
-        android:name="android.permission.WRITE_EXTERNAL_STORAGE"
-        android:maxSdkVersion="29"
-        tools:ignore="ScopedStorage" />
+            android:name="android.permission.WRITE_EXTERNAL_STORAGE"
+            android:maxSdkVersion="29"
+            tools:ignore="ScopedStorage"/>
     <uses-permission android:name="android.permission.USE_BIOMETRIC"/>
 
 </manifest>

assets/custom-icons/_data/custom-icons.json

@@ -133,6 +133,10 @@
       "title": "Peerberry",
       "hex": "03E5A5"
     },
+    {
+      "title": "Pingvin Share",
+      "hex": "485099"
+    },
     {
       "title": "Plutus",
       "hex": "DEC685"
@@ -159,6 +163,9 @@
     {
       "title": "Proton"
     },
+    {
+      "title": "Proxmox"
+    },
     {
       "title": "Revolt",
       "hex": "858585"
@@ -202,10 +209,6 @@
       "title": "Twingate",
       "hex": "858585"
     },
-    {
-      "title": "Twitter",
-      "slug": "x"
-    },
     {
       "title": "Ubisoft",
       "hex": "4285f4"
@@ -225,7 +228,9 @@
       "title": "Wise"
     },
     {
-      "title": "X"
+      "title": "X",
+      "altNames": ["twitter"],
+      "slug": "x"
     },
     {
       "title": "NextDNS"
@@ -233,9 +238,6 @@
     {
       "title": "Skiff",
       "hex": "EF5A3C"
-    },
-    {
-      "title": "zzz_dev_test_icon"
     }
   ]
 }

assets/custom-icons/icons/pingvinshare.svg

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 943.11 911.62"><script xmlns=""/>
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        fill: #37474f;
+      }
+
+      .cls-3 {
+        fill: #46509e;
+      }
+    </style>
+  </defs>
+  <ellipse class="cls-3" cx="471.56" cy="454.28" rx="471.56" ry="454.28"/>
+  <g>
+    <g>
+      <ellipse class="cls-2" cx="471.56" cy="390.28" rx="233.66" ry="207"/>
+      <path class="cls-2" d="m705.22,848.95c-36.69,21.14-123.09,64.33-240.64,62.57-109.54-1.63-190.04-41.45-226.68-62.57v-454.19h467.33v454.19Z"/>
+    </g>
+    <path class="cls-1" d="m658.81,397.7v475.8c-36.98,15.7-98.93,36.54-177.98,38.04-88.67,1.69-157.75-21.73-196.2-38.04v-475.8c0-95.55,83.77-173.02,187.09-173.02s187.09,77.47,187.09,173.02Z"/>
+    <polygon class="cls-3" points="565.02 431.68 471.56 514.49 378.09 431.68 565.02 431.68"/>
+    <ellipse class="cls-2" cx="378.09" cy="369.58" rx="23.37" ry="20.7"/>
+    <ellipse class="cls-2" cx="565.02" cy="369.58" rx="23.37" ry="20.7"/>
+    <path class="cls-2" d="m658.49,400.63c0-40.04-36.59-72.45-81.78-72.45s-81.78,32.41-81.78,72.45c0,11.14,2.81,21.65,7.9,31.05h-62.54c5.1-9.4,7.9-19.91,7.9-31.05,0-40.04-36.59-72.45-81.78-72.45s-81.78,32.41-81.78,72.45l-46.73-10.35c0-114.32,104.63-207,233.66-207s233.66,92.69,233.66,207l-46.73,10.35Z"/>
+  </g>
+</svg>

assets/custom-icons/icons/proxmox.svg

@@ -0,0 +1,6 @@
+<svg width="500" height="500" viewBox="0 0 500 500" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M0 388.755L126.571 249.665L0 110.571C13.9095 96.6616 33.3816 87.8523 54.7141 87.8523C77.4297 87.8523 97.3643 97.5937 111.274 112.89L181.281 189.854L235.992 249.665L181.281 309.942L111.274 386.902C97.3643 402.202 77.4297 411.94 54.7141 411.94C33.3816 411.94 13.9095 403.127 0 388.755ZM500 388.757L373.43 249.667L500 110.573C486.091 96.6633 466.619 87.8536 445.286 87.8536C422.571 87.8536 402.636 97.5956 388.726 112.892L318.719 189.856L264.008 249.667L318.719 309.943L388.726 386.904C402.636 402.204 422.571 411.942 445.286 411.942C466.619 411.942 486.091 403.128 500 388.757Z" fill="#E57000"/>
+<g style="mix-blend-mode:difference">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M249.934 235.708L299.87 180.692L415.394 53.7358C402.7 41.0404 384.926 33 365.456 33C344.722 33 326.528 41.8913 313.83 55.8522L249.934 126.1L185.607 55.8522C172.491 41.4659 155.138 33 134.4 33C114.941 33 97.163 41.0404 84.4681 53.7358L199.996 180.692L249.934 235.708ZM249.937 263.615L299.873 318.631L415.398 445.588C402.703 458.283 384.929 466.323 365.459 466.323C344.725 466.323 326.531 457.432 313.834 443.471L249.937 373.224L185.61 443.471C172.494 457.857 155.141 466.323 134.403 466.323C114.944 466.323 97.1661 458.283 84.4713 445.588L200 318.631L249.937 263.615Z" fill="white"/>
+</g>
+</svg>

assets/custom-icons/icons/zzz_dev_test_icon.svg

@@ -1,5 +0,0 @@
-<svg width="500" height="500" viewBox="0 0 500 500" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g style="mix-blend-mode:difference">
-<path fill-rule="evenodd" clip-rule="evenodd" d="M250.207 5C111.849 5 0 117.52 0 256.723C0 367.996 71.6655 462.186 171.084 495.522C183.514 498.028 188.067 490.106 188.067 483.442C188.067 477.606 187.658 457.603 187.658 436.761C118.056 451.767 103.562 406.754 103.562 406.754C92.3769 377.581 75.8036 370.083 75.8036 370.083C53.0231 354.662 77.463 354.662 77.463 354.662C102.733 356.329 115.992 380.501 115.992 380.501C138.358 418.84 174.398 408.007 188.897 401.338C190.966 385.084 197.599 373.832 204.641 367.582C149.128 361.746 90.7226 340.075 90.7226 243.385C90.7226 215.879 100.658 193.374 116.402 175.872C113.918 169.622 105.217 143.779 118.891 109.189C118.891 109.189 140.017 102.519 187.653 135.028C208.047 129.517 229.079 126.714 250.207 126.691C271.333 126.691 292.869 129.611 312.756 135.028C360.396 102.519 381.523 109.189 381.523 109.189C395.197 143.779 386.491 169.622 384.007 175.872C400.165 193.374 409.691 215.879 409.691 243.385C409.691 340.075 351.285 361.326 295.358 367.582C304.474 375.499 312.341 390.5 312.341 414.257C312.341 448.013 311.931 475.105 311.931 483.437C311.931 490.106 316.49 498.028 328.914 495.527C428.333 462.18 499.999 367.996 499.999 256.723C500.409 117.52 388.15 5 250.207 5Z" fill="white"/>
-</g>
-</svg>

assets/scanner-icons/icons/cross.svg

@@ -1,5 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M12 22C17.5 22 22 17.5 22 12C22 6.5 17.5 2 12 2C6.5 2 2 6.5 2 12C2 17.5 6.5 22 12 22Z" stroke="#292D32" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M9.16998 14.8299L14.83 9.16992" stroke="#292D32" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M14.83 14.8299L9.16998 9.16992" stroke="#292D32" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>

assets/scanner-icons/icons/flash_off.svg

@@ -1,20 +0,0 @@
-<svg width="62" height="62" viewBox="0 0 62 62" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g filter="url(#filter0_d_884_3193)">
-<rect x="15" y="14" width="32" height="32" rx="15" fill="white"/>
-</g>
-<path d="M40.7558 20.2363C40.4408 19.9212 39.9262 19.9212 39.6112 20.2363L20.2363 39.6217C19.9212 39.9367 19.9212 40.4513 20.2363 40.7663C20.3938 40.9133 20.5933 40.9973 20.8033 40.9973C21.0134 40.9973 21.2129 40.9133 21.3704 40.7558L40.7558 21.3704C41.0814 21.0554 41.0814 20.5513 40.7558 20.2363Z" fill="#292D32"/>
-<path d="M33.4575 21.5971V27.5408L27.5347 33.4636V31.8464H24.2898C22.8196 31.8464 22.4101 30.9433 23.3867 29.8407L30.4961 21.7546L31.3362 20.799C32.5018 19.4759 33.4575 19.8329 33.4575 21.5971Z" fill="#292D32"/>
-<path d="M37.6039 31.1619L30.4946 39.2479L29.6545 40.2035C28.4888 41.5267 27.5332 41.1696 27.5332 39.4054V36.6121L34.9891 29.1562H36.7008C38.171 29.1562 38.5806 30.0593 37.6039 31.1619Z" fill="#292D32"/>
-<defs>
-<filter id="filter0_d_884_3193" x="0" y="0" width="62" height="62" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
-<feFlood flood-opacity="0" result="BackgroundImageFix"/>
-<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
-<feMorphology radius="5" operator="dilate" in="SourceAlpha" result="effect1_dropShadow_884_3193"/>
-<feOffset dy="1"/>
-<feGaussianBlur stdDeviation="5"/>
-<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.17 0"/>
-<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_884_3193"/>
-<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_884_3193" result="shape"/>
-</filter>
-</defs>
-</svg>

assets/scanner-icons/icons/flash_on.svg

@@ -1,18 +0,0 @@
-<svg width="62" height="62" viewBox="0 0 62 62" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g filter="url(#filter0_d_5498_6943)">
-<rect x="15" y="14" width="32" height="32" rx="15" fill="white"/>
-</g>
-<path d="M36.844 29.1561H33.5997V21.5968C33.5997 19.8329 32.6443 19.476 31.4789 20.7988L30.639 21.7543L23.5311 29.8386C22.5547 30.941 22.9642 31.8439 24.4341 31.8439H27.6783V39.4032C27.6783 41.1671 28.6337 41.524 29.7991 40.2012L30.639 39.2457L37.7469 31.1615C38.7233 30.0591 38.3138 29.1561 36.844 29.1561Z" fill="#292D32"/>
-<defs>
-<filter id="filter0_d_5498_6943" x="0" y="0" width="62" height="62" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
-<feFlood flood-opacity="0" result="BackgroundImageFix"/>
-<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
-<feMorphology radius="5" operator="dilate" in="SourceAlpha" result="effect1_dropShadow_5498_6943"/>
-<feOffset dy="1"/>
-<feGaussianBlur stdDeviation="5"/>
-<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.17 0"/>
-<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_5498_6943"/>
-<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_5498_6943" result="shape"/>
-</filter>
-</defs>
-</svg>

assets/scanner-icons/icons/gallery.svg

@@ -1,18 +0,0 @@
-<svg width="62" height="62" viewBox="0 0 62 62" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g filter="url(#filter0_d_884_3200)">
-<rect x="15" y="14" width="32" height="32" rx="15" fill="white"/>
-</g>
-<path d="M35.19 20H26.81C23.17 20 21 22.17 21 25.81V34.19C21 35.28 21.19 36.23 21.56 37.03C22.42 38.93 24.26 40 26.81 40H35.19C38.83 40 41 37.83 41 34.19V31.9V25.81C41 22.17 38.83 20 35.19 20ZM39.37 30.5C38.59 29.83 37.33 29.83 36.55 30.5L32.39 34.07C31.61 34.74 30.35 34.74 29.57 34.07L29.23 33.79C28.52 33.17 27.39 33.11 26.59 33.65L22.85 36.16C22.63 35.6 22.5 34.95 22.5 34.19V25.81C22.5 22.99 23.99 21.5 26.81 21.5H35.19C38.01 21.5 39.5 22.99 39.5 25.81V30.61L39.37 30.5Z" fill="#292D32"/>
-<defs>
-<filter id="filter0_d_884_3200" x="0" y="0" width="62" height="62" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
-<feFlood flood-opacity="0" result="BackgroundImageFix"/>
-<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
-<feMorphology radius="5" operator="dilate" in="SourceAlpha" result="effect1_dropShadow_884_3200"/>
-<feOffset dy="1"/>
-<feGaussianBlur stdDeviation="5"/>
-<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.17 0"/>
-<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_884_3200"/>
-<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_884_3200" result="shape"/>
-</filter>
-</defs>
-</svg>

lib/core/errors.dart

@@ -41,6 +41,8 @@ class InvalidStateError extends AssertionError {
 
 class KeyDerivationError extends Error {}
 
+class LoginKeyDerivationError extends Error {}
+
 class SrpSetupNotCompleteError extends Error {}
 
 class AuthenticatorKeyNotFound extends Error {}

lib/l10n/arb/app_ar.arb

@@ -0,0 +1 @@
+{}

lib/l10n/arb/app_en.arb

@@ -84,10 +84,12 @@
   "importFromApp": "Import codes from {appName}",
   "importGoogleAuthGuide": "Export your accounts from Google Authenticator to a QR code using the \"Transfer Accounts\" option. Then using another device, scan the QR code.\n\nTip: You can use your laptop's webcam to take a picture of the QR code.",
   "importSelectJsonFile": "Select JSON file",
+  "importSelectAppExport": "Select {appName} export file",
   "importEnteEncGuide": "Select the encrypted JSON file exported from ente",
   "importRaivoGuide": "Use the \"Export OTPs to Zip archive\" option in Raivo's Settings.\n\nExtract the zip file and import the JSON file.",
   "importBitwardenGuide": "Use the \"Export vault\" option within Bitwarden Tools and import the unencrypted JSON file.",
   "importAegisGuide": "Use the \"Export the vault\" option in Aegis's Settings.\n\nIf your vault is encrypted, you will need to enter vault password to decrypt the vault.",
+  "import2FasGuide": "Use the \"Settings->Backup -Export\" option in 2FAS.\n\nIf your backup is encrypted, you will need to enter the password to decrypt the backup",
   "exportCodes": "Export codes",
   "importLabel": "Import",
   "importInstruction": "Please select a file that contains a list of your codes in the following format",
@@ -100,6 +102,7 @@
   "authToChangeYourEmail": "Please authenticate to change your email",
   "authToChangeYourPassword": "Please authenticate to change your password",
   "authToViewSecrets": "Please authenticate to view your secrets",
+  "authToInitiateSignIn": "Please authenticate to initiate sign in for backup.",
   "ok": "Ok",
   "cancel": "Cancel",
   "yes": "Yes",
@@ -129,6 +132,7 @@
   "faq_q_5": "How can I enable FaceID lock in ente Auth",
   "faq_a_5": "You can enable FaceID lock under Settings → Security → Lockscreen.",
   "somethingWentWrongMessage": "Something went wrong, please try again",
+
   "leaveFamily": "Leave family",
   "leaveFamilyMessage": "Are you sure that you want to leave the family plan?",
   "inFamilyPlanMessage": "You are on a family plan!",
@@ -332,6 +336,7 @@
   "offlineModeWarning": "You have chosen to proceed without backups. Please take manual backups to make sure your codes are safe.",
   "showLargeIcons": "Show large icons",
   "shouldHideCode": "Hide codes",
+  "doubleTapToViewHiddenCode" : "You can double tap on an entry to view code",
   "focusOnSearchBar": "Focus search on app start",
   "confirmUpdatingkey": "Are you sure you want to update the secret key?",
   "minimizeAppOnCopy":  "Minimize app on copy",
@@ -340,13 +345,6 @@
   "showQRAuthMessage": "Authenticate to show QR code",
   "confirmAccountDeleteTitle": "Confirm account deletion",
   "confirmAccountDeleteMessage": "This account is linked to other ente apps, if you use any.\n\nYour uploaded data, across all ente apps, will be scheduled for deletion, and your account will be permanently deleted.",
-  "reminderText": "Reminder",
-  "reminderPopupBody": "Please delete the screenshot before resuming any photo cloud sync",
-  "invalidQrCodeText": "Invalid QR code",
-  "googleAuthImagePopupBody": "Please turn off all photo cloud sync from all apps, including iCloud, Google Photo, OneDrive, etc. \nAlso if you have a second smartphone, it is safer to import by scanning QR code.",
-  "importGoogleAuthImageButtonText": "Import from image",
-  "unableToRecognizeQrCodeText": "Unable to recognize a valid code from the uploaded image",
-  "qrCodeImageNotSelectedText": "Qr code image not selected",
   "androidBiometricHint": "Verify identity",
   "@androidBiometricHint": {
     "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
@@ -399,5 +397,6 @@
   "@iOSOkButton": {
     "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
   },
-  "parsingErrorText": "Error while parsing Google Auth QR code"
+  "noInternetConnection": "No internet connection",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Please check your internet connection and try again."
 }

lib/l10n/arb/app_ka.arb

@@ -1 +1,92 @@
-{}
+{
+  "account": "ანგარიში",
+  "unlock": "განბლოკვა",
+  "recoveryKey": "აღდგენის კოდი",
+  "counterAppBarTitle": "მრიცხველზე დაფუძნებული",
+  "@counterAppBarTitle": {
+    "description": "Text shown in the AppBar of the Counter Page"
+  },
+  "onBoardingBody": "შექმენით თქვენი ორმხრივი აუთენთიფიკაციის კოდების სარეზერვო ასლი უსაფრთხოდ",
+  "onBoardingGetStarted": "დაწყება",
+  "setupFirstAccount": "დააყენეთ თქვენი პირველი ანგარიში",
+  "importScanQrCode": "QR კოდის დასკანერება",
+  "qrCode": "QR კოდი",
+  "importEnterSetupKey": "შეიყვანეთ დაყენების კოდი",
+  "importAccountPageTitle": "შეიყვანეთ ანგარიშის დეტალები",
+  "secretCanNotBeEmpty": "გასაღების ველი არ შეიძლება ცარიელი იყოს",
+  "bothIssuerAndAccountCanNotBeEmpty": "ანგარიშის მომწოდებლისა და ანგარიშის ველი არ შეიძლება ცარიელი იყოს",
+  "incorrectDetails": "არასწორი მონაცემები",
+  "pleaseVerifyDetails": "გთხოვთ, გადაამოწმოთ დეტალები და სცადოთ ხელახლა",
+  "codeIssuerHint": "მომწოდებელი",
+  "codeSecretKeyHint": "გასაღები",
+  "codeAccountHint": "ანგარიში (you@domain.com)",
+  "accountKeyType": "გასაღების ტიპი",
+  "sessionExpired": "სესიის დრო ამოიწურა",
+  "@sessionExpired": {
+    "description": "Title of the dialog when the users current session is invalid/expired"
+  },
+  "pleaseLoginAgain": "გთხოვთ, გაიაროთ ავტორიზაცია ხელახლა",
+  "loggingOut": "მიმდინარეობს გამოსვლა...",
+  "timeBasedKeyType": "დროზე დაფუძნებული (TOTP)",
+  "counterBasedKeyType": "მრიცხველზე დაფუძნებული (HOTP)",
+  "saveAction": "შენახვა",
+  "nextTotpTitle": "შემდეგი",
+  "deleteCodeTitle": "გსურთ კოდის წაშლა?",
+  "deleteCodeMessage": "დარწმუნებული ხართ რომ გსურთ ამ კოდის წაშლა? ამ მოქმედების გაუქმება შეუძლებელია.",
+  "viewLogsAction": "აღრიცხვის ფაილების ნახვა",
+  "sendLogsDescription": "თქვენი პრობლემის აღმოსაფხვრელად, ეს ქმედება გააგზავნის აღრიცხვის ფაილებს. მიუხედავად იმისა, რომ ჩვენ ვიღებთ უსაფრთხოების ზომებს, რათა სენსიტიური ინფორმაცია არ მოხვდეს აღრიცხვის ფაილებში, გაგზავნამდე, გირჩევთ, გადახედოთ აღრიცხვის ფაილებს.",
+  "preparingLogsTitle": "მიმდინარეობს აღრიცხვის ფაილების მზადება...",
+  "emailLogsTitle": "აღრიცხვის ფაილების ელექტრონული ფოსტით გაგზავნა",
+  "emailLogsMessage": "გთხოვთ, გამოაგზავნოთ აღრიცხვის ფაილები {email}-ზე",
+  "@emailLogsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "copyEmailAction": "ელექტრონული ფოსტის დაკოპირება",
+  "exportLogsAction": "აღრიცხვის ფაილების ექსპორტირება",
+  "reportABug": "პრობლემის შესახებ შეტყობინება",
+  "crashAndErrorReporting": "აპლიკაციის ხარვეზის & პრობლემის შეტყობინება",
+  "reportBug": "პრობლემის შეტყობინება",
+  "emailUsMessage": "გთხოვთ, მოგვწეროთ ელექტრონულ ფოსტაზე {email}",
+  "@emailUsMessage": {
+    "placeholders": {
+      "email": {
+        "type": "String"
+      }
+    }
+  },
+  "contactSupport": "მხარდაჭერის გუნდთან დაკავშირება",
+  "rateUsOnStore": "შეგვაფასეთ {storeName}-ზე",
+  "blog": "ბლოგი",
+  "merchandise": "მერჩანტი",
+  "verifyPassword": "პაროლის დასტური",
+  "pleaseWait": "გთხოვთ, დაელოდოთ...",
+  "generatingEncryptionKeysTitle": "მიმდინარეობს დაშიფრვის გასაღებების გენერირება...",
+  "recreatePassword": "პაროლის ხელახლა შექმნა",
+  "incorrectPasswordTitle": "არასწორი პაროლი",
+  "welcomeBack": "კეთილი იყოს თქვენი დაბრუნება!",
+  "madeWithLoveAtPrefix": "შეიქმნა ❤️ ",
+  "changeEmail": "ელექტრონული ფოსტის შეცვლა",
+  "changePassword": "პაროლის შეცვლა",
+  "data": "მონაცემები",
+  "importCodes": "კოდების იმპორტირება",
+  "importTypePlainText": "სტანდარტული ტექსტი",
+  "importTypeEnteEncrypted": "ente დაშიფრული ექსპორტი",
+  "passwordForDecryptingExport": "ექსპორტის გაშიფრვის პაროლი",
+  "passwordEmptyError": "პაროლის ველი არ შეიძლება იყოს ცარიელი",
+  "emailVerificationToggle": "ელექტრონული ფოსტის ვერიფიკაცია",
+  "cancel": "გაუქმება",
+  "yes": "დიახ",
+  "no": "არა",
+  "email": "ელექტრონული ფოსტა",
+  "support": "მხარდაჭერა",
+  "general": "ზოგადი",
+  "settings": "პარამეტრები",
+  "copied": "დაკოპირებულია",
+  "pleaseTryAgain": "გთხოვთ, სცადოთ ხელახლა",
+  "existingUser": "არსებული მომხმარებელი",
+  "delete": "წაშლა"
+}

lib/l10n/arb/app_ru.arb

@@ -1,5 +1,6 @@
 {
   "account": "Аккаунт",
+  "unlock": "Разблокировать",
   "recoveryKey": "Ключ восстановления",
   "counterAppBarTitle": "Счетчик",
   "@counterAppBarTitle": {
@@ -85,6 +86,7 @@
   "importSelectJsonFile": "Выбрать JSON-файл",
   "importEnteEncGuide": "Выберите зашифрованный JSON-файл, экспортированный из ente",
   "importRaivoGuide": "Используйте опцию «Export OTPs to Zip archive» в настройках Raivo.\n\nРаспакуйте zip-архив и импортируйте JSON-файл.",
+  "importBitwardenGuide": "Используйте опцию \"Экспортировать хранилище\" в Bitwarden Tools и импортируйте незашифрованный JSON файл.",
   "importAegisGuide": "Используйте опцию «Экспортировать хранилище» в настройках Aegis.\n\nЕсли ваше хранилище зашифровано, то для его расшифровки потребуется ввести пароль хранилища.",
   "exportCodes": "Экспортировать коды",
   "importLabel": "Импорт",
@@ -97,6 +99,7 @@
   "authToViewYourRecoveryKey": "Пожалуйста, авторизуйтесь для просмотра вашего ключа восстановления",
   "authToChangeYourEmail": "Пожалуйста, авторизуйтесь, чтобы изменить адрес электронной почты",
   "authToChangeYourPassword": "Пожалуйста, авторизуйтесь, чтобы изменить пароль",
+  "authToViewSecrets": "Пожалуйста, авторизуйтесь для просмотра ваших секретов",
   "ok": "Ок",
   "cancel": "Отменить",
   "yes": "Да",
@@ -336,5 +339,59 @@
   "deleteCodeAuthMessage": "Аутентификация для удаления кода",
   "showQRAuthMessage": "Аутентификация для отображения QR-кода",
   "confirmAccountDeleteTitle": "Подтвердить удаление аккаунта",
-  "confirmAccountDeleteMessage": "Эта учетная запись связана с другими приложениями ente, если вы ими пользуетесь.\n\nЗагруженные вами данные во всех приложениях ente будут запланированы к удалению, а ваша учетная запись будет удалена без возможности восстановления."
+  "confirmAccountDeleteMessage": "Эта учетная запись связана с другими приложениями ente, если вы ими пользуетесь.\n\nЗагруженные вами данные во всех приложениях ente будут запланированы к удалению, а ваша учетная запись будет удалена без возможности восстановления.",
+  "androidBiometricHint": "Подтвердите личность",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "Не распознано. Попробуйте еще раз.",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Успех",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "Отменить",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "Требуется аутентификация",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "Требуется биометрия",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "Требуются учетные данные устройства",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsSetupDescription": "Требуются учетные данные устройства",
+  "@androidDeviceCredentialsSetupDescription": {
+    "description": "Message advising the user to go to the settings and configure device credentials on their device. It shows in a dialog on Android side."
+  },
+  "goToSettings": "Перейдите к настройкам",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "Биометрическая аутентификация не настроена на вашем устройстве. Перейдите в \"Настройки > Безопасность\", чтобы добавить биометрическую аутентификацию.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Биометрическая аутентификация отключена. Пожалуйста, заблокируйте и разблокируйте экран, чтобы включить ее.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Биометрическая аутентификация не настроена на вашем устройстве. Пожалуйста, включите Touch ID или Face ID на вашем телефоне.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "ОК",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "noInternetConnection": "Нет подключения к Интернету",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Проверьте подключение к Интернету и повторите попытку."
 }

lib/l10n/arb/app_tr.arb

@@ -1,5 +1,6 @@
 {
   "account": "Hesabım",
+  "unlock": "Kilidi aç",
   "recoveryKey": "Kurtarma Anahtarı",
   "counterAppBarTitle": "Sayaç",
   "@counterAppBarTitle": {
@@ -83,6 +84,7 @@
   "importSelectJsonFile": "JSON dosyasını seçin",
   "importEnteEncGuide": "Ente'den dışa aktarılan şifrelenmiş JSON dosyasını seçin",
   "importRaivoGuide": "Raivo'nun ayarlarında \"OTP'leri Zip arşivine aktar\" seçeneğini kullanın.\n\nZip dosyasını çıkarın ve JSON dosyasını içe aktarın.",
+  "importBitwardenGuide": "Bitwarden Tools içindeki \"Kasayı dışa aktar\" seçeneğini kullanın ve şifrelenmemiş JSON dosyasını içe aktarın.",
   "importAegisGuide": "Aegis'in Ayarlarında \"Kasayı dışa aktar\" seçeneğini kullanın.\n\nKasanız şifrelenmişse, kasanın şifresini çözmek için kasa parolasını girmeniz gerekecektir.",
   "exportCodes": "Kodu dışa aktar",
   "importLabel": "İçe aktar",
@@ -90,16 +92,19 @@
   "importCodeDelimiterInfo": "Kodlar, virgülle ya da yeni bir satırla ayrılabilir",
   "selectFile": "Dosya seç",
   "emailVerificationToggle": "E-posta doğrulama",
+  "emailVerificationEnableWarning": "E-postanız için 2FA'yı bizde saklıyorsanız, e-posta doğrulamasını açmak bir kilitlenmeye neden olabilir. Bir hizmetin dışında kalırsanız, diğerine giriş yapamayabilirsiniz.",
   "authToChangeEmailVerificationSetting": "E-posta doğrulamasını değiştirmek için lütfen kimlik doğrulaması yapın",
   "authToViewYourRecoveryKey": "Kurtarma anahtarınızı görmek için lütfen kimliğinizi doğrulayın",
   "authToChangeYourEmail": "Epostanızı değiştirmek için lütfen kimliğinizi doğrulayın",
   "authToChangeYourPassword": "Şifrenizi değiştirmek için lütfen kimliğinizi doğrulayın",
+  "authToInitiateSignIn": "Yedekleme için giriş yapmayı başlatmak üzere lütfen kimlik doğrulaması yapın.",
   "ok": "Tamam",
   "cancel": "İptal Et",
   "yes": "Evet",
   "no": "Hayır",
   "email": "E-Posta",
   "support": "Destek",
+  "general": "Genel",
   "settings": "Ayarlar",
   "copied": "Kopyalandı",
   "pleaseTryAgain": "Lütfen tekrar deneyin",
@@ -179,6 +184,7 @@
   "enterDetailsManually": "Bilgileri elle girin",
   "edit": "Düzenle",
   "copiedToClipboard": "Panoya kopyalandı",
+  "copiedNextToClipboard": "Sonraki kod panoya kopyalandı",
   "error": "Hata",
   "recoveryKeyCopiedToClipboard": "Kurtarma anahtarı panoya kopyalandı",
   "recoveryKeyOnForgotPassword": "Eğer şifrenizi unutursanız, verilerinizi kurtarabileceğiniz tek yol bu anahtardır.",
@@ -249,6 +255,10 @@
   "privacy": "Gizlilik",
   "terms": "Şartlar",
   "checkForUpdates": "Güncellemeleri denetleyin",
+  "downloadUpdate": "İndir",
+  "criticalUpdateAvailable": "Kritik güncelleme mevcut",
+  "updateAvailable": "Güncelleme mevcut",
+  "update": "Güncelle",
   "checking": "Denetleniyor...",
   "youAreOnTheLatestVersion": "En son sürümdesiniz",
   "warning": "Uyarı",
@@ -313,7 +323,69 @@
   "plainText": "Düz metin",
   "passwordToEncryptExport": "Dışa aktarımı şifrelemek için parola",
   "export": "Dışa aktar",
+  "useOffline": "Yedekleme olmadan kullan",
+  "signInToBackup": "Kodlarınızı yedeklemek için giriş yapın",
+  "singIn": "Giriş yap",
+  "sigInBackupReminder": "Geri yükleyebileceğiniz bir yedeğiniz olduğundan emin olmak için lütfen kodlarınızı dışa aktarın.",
+  "offlineModeWarning": "Yedekleme yapmadan devam etmeyi seçtiniz. Kodlarınızın güvende olduğundan emin olmak için lütfen manuel yedekleme yapın.",
+  "showLargeIcons": "Büyük simgeler göster",
+  "shouldHideCode": "Kodları gizle",
+  "doubleTapToViewHiddenCode": "Kodu görüntülemek için bir girdiye çift dokunabilirsiniz",
+  "focusOnSearchBar": "Uygulama başladığında arama bölümüne odaklan",
+  "minimizeAppOnCopy": "Kopyalarken uygulamayı küçült",
   "editCodeAuthMessage": "Kodu düzenlemek için doğrulama yapın",
   "deleteCodeAuthMessage": "Kodu silmek için doğrulama yapın",
-  "showQRAuthMessage": "QR kodunu göstermek için doğrulama yapın"
+  "showQRAuthMessage": "QR kodunu göstermek için doğrulama yapın",
+  "confirmAccountDeleteTitle": "Hesap silme işlemini onayla",
+  "confirmAccountDeleteMessage": "Bu hesap, eğer kullanıyorsanız, diğer ente uygulamalarıyla bağlantılıdır.\n\nTüm ente uygulamalarında yüklediğiniz veriler silinmek üzere programlanacak ve hesabınız kalıcı olarak silinecektir.",
+  "androidBiometricHint": "Kimliği doğrula",
+  "@androidBiometricHint": {
+    "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricNotRecognized": "Tanınmadı. Tekrar deneyin.",
+  "@androidBiometricNotRecognized": {
+    "description": "Message to let the user know that authentication was failed. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricSuccess": "Başarılı",
+  "@androidBiometricSuccess": {
+    "description": "Message to let the user know that authentication was successful. It is used on Android side. Maximum 60 characters."
+  },
+  "androidCancelButton": "İptal et",
+  "@androidCancelButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on Android side. Maximum 30 characters."
+  },
+  "androidSignInTitle": "Kimlik doğrulaması gerekli",
+  "@androidSignInTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user that they need to scan biometric to continue. It is used on Android side. Maximum 60 characters."
+  },
+  "androidBiometricRequiredTitle": "Biyometrik gerekli",
+  "@androidBiometricRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up biometric authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "androidDeviceCredentialsRequiredTitle": "Cihaz kimlik bilgileri gerekli",
+  "@androidDeviceCredentialsRequiredTitle": {
+    "description": "Message showed as a title in a dialog which indicates the user has not set up credentials authentication on their device. It is used on Android side. Maximum 60 characters."
+  },
+  "goToSettings": "Ayarlara git",
+  "@goToSettings": {
+    "description": "Message showed on a button that the user can click to go to settings pages from the current dialog. It is used on both Android and iOS side. Maximum 30 characters."
+  },
+  "androidGoToSettingsDescription": "Biyometrik kimlik doğrulama cihazınızda ayarlanmamış. Biyometrik kimlik doğrulama eklemek için 'Ayarlar > Güvenlik' bölümüne gidin.",
+  "@androidGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure biometric on their device. It shows in a dialog on Android side."
+  },
+  "iOSLockOut": "Biyometrik kimlik doğrulama devre dışı. Etkinleştirmek için lütfen ekranınızı kilitleyin ve kilidini açın.",
+  "@iOSLockOut": {
+    "description": "Message advising the user to re-enable biometrics on their device. It shows in a dialog on iOS side."
+  },
+  "iOSGoToSettingsDescription": "Cihazınızda biyometrik kimlik doğrulama ayarlanmamış. Lütfen telefonunuzda Touch ID veya Face ID'yi etkinleştirin.",
+  "@iOSGoToSettingsDescription": {
+    "description": "Message advising the user to go to the settings and configure Biometrics for their device. It shows in a dialog on iOS side."
+  },
+  "iOSOkButton": "Tamam",
+  "@iOSOkButton": {
+    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
+  },
+  "noInternetConnection": "İnternet bağlantısı yok",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Lütfen internet bağlantınızı kontrol edin ve yeniden deneyin."
 }

lib/l10n/arb/app_zh.arb

@@ -100,6 +100,7 @@
   "authToChangeYourEmail": "请验证以更改您的电子邮件",
   "authToChangeYourPassword": "请验证以更改密码",
   "authToViewSecrets": "请进行身份验证以查看您的秘密",
+  "authToInitiateSignIn": "请进行身份验证以启动登录进行备份。",
   "ok": "好的",
   "cancel": "取消",
   "yes": "是",
@@ -332,6 +333,7 @@
   "offlineModeWarning": "您已选择在不进行备份的情况下继续操作。请手动备份以确保您的代码安全。",
   "showLargeIcons": "显示大图标",
   "shouldHideCode": "隐藏代码",
+  "doubleTapToViewHiddenCode": "您可以双击条目来查看代码",
   "focusOnSearchBar": "应用启动后聚焦搜索",
   "confirmUpdatingkey": "您确定要更新此密钥吗？",
   "minimizeAppOnCopy": "复制时最小化应用",
@@ -340,13 +342,6 @@
   "showQRAuthMessage": "显示QR码需要身份验证",
   "confirmAccountDeleteTitle": "确认删除账户",
   "confirmAccountDeleteMessage": "该账户已链接到其他ente旗下的应用程序（如果您使用任何相关的应用程序）。\n\n您在所有ente旗下应用程序中上传的数据都将被安排删除，并且您的账户将被永久删除。",
-  "reminderText": "提醒",
-  "reminderPopupBody": "请先删除屏幕截图，然后再恢复任何照片的云同步",
-  "invalidQrCodeText": "二维码无效",
-  "googleAuthImagePopupBody": "请关闭所有应用程序中的所有照片云同步，包括 iCloud、Google Photo、OneDrive 等。 \n此外，如果您有第二部智能手机，通过扫描二维码导入会更安全。",
-  "importGoogleAuthImageButtonText": "从图像导入",
-  "unableToRecognizeQrCodeText": "无法从上传的图像中识别有效代码",
-  "qrCodeImageNotSelectedText": "未选择二维码图像",
   "androidBiometricHint": "验证身份",
   "@androidBiometricHint": {
     "description": "Hint message advising the user how to authenticate with biometrics. It is used on Android side. Maximum 60 characters."
@@ -399,5 +394,6 @@
   "@iOSOkButton": {
     "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
   },
-  "parsingErrorText": "解析谷歌验证器的二维码时出错"
+  "noInternetConnection": "无互联网连接",
+  "pleaseCheckYourInternetConnectionAndTryAgain": "请检查您的互联网连接，然后重试。"
 }

lib/services/user_service.dart

@@ -24,13 +24,12 @@ import 'package:ente_auth/ui/account/ott_verification_page.dart';
 import 'package:ente_auth/ui/account/password_entry_page.dart';
 import 'package:ente_auth/ui/account/password_reentry_page.dart';
 import 'package:ente_auth/ui/account/recovery_page.dart';
-import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/common/progress_dialog.dart';
 import 'package:ente_auth/ui/home_page.dart';
 import 'package:ente_auth/ui/two_factor_authentication_page.dart';
 import 'package:ente_auth/ui/two_factor_recovery_page.dart';
 import 'package:ente_auth/utils/crypto_util.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
-import 'package:ente_auth/utils/email_util.dart';
 import 'package:ente_auth/utils/toast_util.dart';
 import "package:flutter/foundation.dart";
 import 'package:flutter/material.dart';
@@ -48,7 +47,7 @@ class UserService {
   static const keyUserDetails = "user_details";
   static const kCanDisableEmailMFA = "can_disable_email_mfa";
   static const kIsEmailMFAEnabled = "is_email_mfa_enabled";
-  final  SRP6GroupParameters kDefaultSrpGroup = SRP6StandardGroups.rfc5054_4096;
+  final SRP6GroupParameters kDefaultSrpGroup = SRP6StandardGroups.rfc5054_4096;
   final _dio = Network.instance.getDio();
   final _enteDio = Network.instance.enteDio;
   final _logger = Logger((UserService).toString());
@@ -68,12 +67,12 @@ class UserService {
   }
 
   Future<void> sendOtt(
-      BuildContext context,
-      String email, {
-        bool isChangeEmail = false,
-        bool isCreateAccountScreen = false,
-        bool isResetPasswordScreen = false,
-      }) async {
+    BuildContext context,
+    String email, {
+    bool isChangeEmail = false,
+    bool isCreateAccountScreen = false,
+    bool isResetPasswordScreen = false,
+  }) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -122,17 +121,16 @@ class UserService {
   }
 
   Future<void> sendFeedback(
-      BuildContext context,
-      String feedback, {
-        String type = "SubCancellation",
-      }) async {
+    BuildContext context,
+    String feedback, {
+    String type = "SubCancellation",
+  }) async {
     await _dio.post(
       _config.getHttpEndpoint() + "/anonymous/feedback",
       data: {"feedback": feedback, "type": "type"},
     );
   }
 
-
   Future<UserDetails> getUserDetailsV2({
     bool memoryCount = false,
     bool shouldCache = true,
@@ -146,9 +144,15 @@ class UserService {
       );
       final userDetails = UserDetails.fromMap(response.data);
       if (shouldCache) {
-        if(userDetails.profileData != null) {
-          _preferences.setBool(kIsEmailMFAEnabled, userDetails.profileData!.isEmailMFAEnabled);
-          _preferences.setBool(kCanDisableEmailMFA, userDetails.profileData!.canDisableEmailMFA);
+        if (userDetails.profileData != null) {
+          _preferences.setBool(
+            kIsEmailMFAEnabled,
+            userDetails.profileData!.isEmailMFAEnabled,
+          );
+          _preferences.setBool(
+            kCanDisableEmailMFA,
+            userDetails.profileData!.canDisableEmailMFA,
+          );
         }
         // handle email change from different client
         if (userDetails.email != _config.getEmail()) {
@@ -156,7 +160,7 @@ class UserService {
         }
       }
       return userDetails;
-    } catch(e) {
+    } catch (e) {
       _logger.warning("Failed to fetch", e);
       rethrow;
     }
@@ -210,15 +214,15 @@ class UserService {
       //to close and only then to show the error dialog.
       Future.delayed(
         const Duration(milliseconds: 150),
-            () => showGenericErrorDialog(context: context),
+        () => showGenericErrorDialog(context: context),
       );
       rethrow;
     }
   }
 
   Future<DeleteChallengeResponse?> getDeleteChallenge(
-      BuildContext context,
-      ) async {
+    BuildContext context,
+  ) async {
     try {
       final response = await _enteDio.get("/users/delete-challenge");
       if (response.statusCode == 200) {
@@ -237,8 +241,9 @@ class UserService {
   }
 
   Future<void> deleteAccount(
-      BuildContext context,
-      String challengeResponse,) async {
+    BuildContext context,
+    String challengeResponse,
+  ) async {
     try {
       final response = await _enteDio.delete(
         "/users/delete",
@@ -258,9 +263,11 @@ class UserService {
     }
   }
 
-  Future<void> verifyEmail(BuildContext context, String ott, {bool
-  isResettingPasswordScreen = false,})
-  async {
+  Future<void> verifyEmail(
+    BuildContext context,
+    String ott, {
+    bool isResettingPasswordScreen = false,
+  }) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -280,14 +287,15 @@ class UserService {
         } else {
           await _saveConfiguration(response);
           if (Configuration.instance.getEncryptedToken() != null) {
-            if(isResettingPasswordScreen) {
+            if (isResettingPasswordScreen) {
               page = const RecoveryPage();
             } else {
               page = const PasswordReentryPage();
             }
-
           } else {
-            page = const PasswordEntryPage(mode: PasswordEntryMode.set,);
+            page = const PasswordEntryPage(
+              mode: PasswordEntryMode.set,
+            );
           }
         }
         Navigator.of(context).pushAndRemoveUntil(
@@ -296,7 +304,7 @@ class UserService {
               return page;
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         // should never reach here
@@ -336,10 +344,10 @@ class UserService {
   }
 
   Future<void> changeEmail(
-      BuildContext context,
-      String email,
-      String ott,
-      ) async {
+    BuildContext context,
+    String email,
+    String ott,
+  ) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -431,9 +439,9 @@ class UserService {
   }
 
   Future<void> registerOrUpdateSrp(
-      Uint8List loginKey, {
-        SetKeysRequest? setKeysRequest,
-      }) async {
+    Uint8List loginKey, {
+    SetKeysRequest? setKeysRequest,
+  }) async {
     try {
       final String username = const Uuid().v4().toString();
       final SecureRandom random = _getSecureRandom();
@@ -466,14 +474,14 @@ class UserService {
       );
       if (response.statusCode == 200) {
         final SetupSRPResponse setupSRPResponse =
-        SetupSRPResponse.fromJson(response.data);
+            SetupSRPResponse.fromJson(response.data);
         final serverB =
-        SRP6Util.decodeBigInt(base64Decode(setupSRPResponse.srpB));
+            SRP6Util.decodeBigInt(base64Decode(setupSRPResponse.srpB));
         // ignore: need to calculate secret to get M1, unused_local_variable
         final clientS = client.calculateSecret(serverB);
         final clientM = client.calculateClientEvidenceMessage();
         late Response srpCompleteResponse;
-        if(setKeysRequest == null) {
+        if (setKeysRequest == null) {
           srpCompleteResponse = await _enteDio.post(
             "/users/srp/complete",
             data: {
@@ -494,8 +502,8 @@ class UserService {
       } else {
         throw Exception("register-srp action failed");
       }
-    } catch (e,s) {
-      _logger.severe("failed to register srp" ,e,s);
+    } catch (e, s) {
+      _logger.severe("failed to register srp", e, s);
       rethrow;
     }
   }
@@ -512,133 +520,96 @@ class UserService {
   }
 
   Future<void> verifyEmailViaPassword(
-      BuildContext context,
-      SrpAttributes srpAttributes,
-      String userPassword,
-      ) async {
-    final dialog = createProgressDialog(
-      context,
-      context.l10n.pleaseWait,
-      isDismissible: true,
-    );
-    await dialog.show();
+    BuildContext context,
+    SrpAttributes srpAttributes,
+    String userPassword,
+    ProgressDialog dialog,
+  ) async {
     late Uint8List keyEncryptionKey;
-    try {
-      keyEncryptionKey = await CryptoUtil.deriveKey(
-        utf8.encode(userPassword) as Uint8List,
-        CryptoUtil.base642bin(srpAttributes.kekSalt),
-        srpAttributes.memLimit,
-        srpAttributes.opsLimit,
-      );
-      final loginKey = await CryptoUtil.deriveLoginKey(keyEncryptionKey);
-      final Uint8List identity = Uint8List.fromList(
-        utf8.encode(srpAttributes.srpUserID),
-      );
-      final Uint8List salt = base64Decode(srpAttributes.srpSalt);
-      final Uint8List password = loginKey;
-      final SecureRandom random = _getSecureRandom();
+    _logger.finest('Start deriving key');
+    keyEncryptionKey = await CryptoUtil.deriveKey(
+      utf8.encode(userPassword) as Uint8List,
+      CryptoUtil.base642bin(srpAttributes.kekSalt),
+      srpAttributes.memLimit,
+      srpAttributes.opsLimit,
+    );
+    _logger.finest('keyDerivation done, derive LoginKey');
+    final loginKey = await CryptoUtil.deriveLoginKey(keyEncryptionKey);
+    final Uint8List identity = Uint8List.fromList(
+      utf8.encode(srpAttributes.srpUserID),
+    );
+    _logger.finest('longinKey derivation done');
+    final Uint8List salt = base64Decode(srpAttributes.srpSalt);
+    final Uint8List password = loginKey;
+    final SecureRandom random = _getSecureRandom();
 
-      final client = SRP6Client(
-        group: kDefaultSrpGroup,
-        digest: Digest('SHA-256'),
-        random: random,
-      );
+    final client = SRP6Client(
+      group: kDefaultSrpGroup,
+      digest: Digest('SHA-256'),
+      random: random,
+    );
 
-      final A = client.generateClientCredentials(salt, identity, password);
-      final createSessionResponse = await _dio.post(
-        _config.getHttpEndpoint() + "/users/srp/create-session",
-        data: {
-          "srpUserID": srpAttributes.srpUserID,
-          "srpA": base64Encode(SRP6Util.encodeBigInt(A!)),
-        },
-      );
-      final String sessionID = createSessionResponse.data["sessionID"];
-      final String srpB = createSessionResponse.data["srpB"];
+    final A = client.generateClientCredentials(salt, identity, password);
+    final createSessionResponse = await _dio.post(
+      _config.getHttpEndpoint() + "/users/srp/create-session",
+      data: {
+        "srpUserID": srpAttributes.srpUserID,
+        "srpA": base64Encode(SRP6Util.encodeBigInt(A!)),
+      },
+    );
+    final String sessionID = createSessionResponse.data["sessionID"];
+    final String srpB = createSessionResponse.data["srpB"];
 
-      final serverB = SRP6Util.decodeBigInt(base64Decode(srpB));
-      // ignore: need to calculate secret to get M1, unused_local_variable
-      final clientS = client.calculateSecret(serverB);
-      final clientM = client.calculateClientEvidenceMessage();
-      final response = await _dio.post(
-        _config.getHttpEndpoint() + "/users/srp/verify-session",
-        data: {
-          "sessionID": sessionID,
-          "srpUserID": srpAttributes.srpUserID,
-          "srpM1": base64Encode(SRP6Util.encodeBigInt(clientM!)),
-        },
-      );
-      if (response.statusCode == 200) {
-        Widget page;
-        final String twoFASessionID = response.data["twoFactorSessionID"];
-        Configuration.instance.setVolatilePassword(userPassword);
-        if (twoFASessionID.isNotEmpty) {
-          page = TwoFactorAuthenticationPage(twoFASessionID);
-        } else {
-          await _saveConfiguration(response);
-          if (Configuration.instance.getEncryptedToken() != null) {
-            await Configuration.instance.decryptSecretsAndGetKeyEncKey(
-              userPassword,
-              Configuration.instance.getKeyAttributes()!,
-              keyEncryptionKey: keyEncryptionKey,
-            );
-            page = const HomePage();
-          } else {
-            throw Exception("unexpected response during email verification");
-          }
-        }
-        await dialog.hide();
-        Navigator.of(context).pushAndRemoveUntil(
-          MaterialPageRoute(
-            builder: (BuildContext context) {
-              return page;
-            },
-          ),
-              (route) => route.isFirst,
-        );
+    final serverB = SRP6Util.decodeBigInt(base64Decode(srpB));
+    // ignore: need to calculate secret to get M1, unused_local_variable
+    final clientS = client.calculateSecret(serverB);
+    final clientM = client.calculateClientEvidenceMessage();
+    final response = await _dio.post(
+      _config.getHttpEndpoint() + "/users/srp/verify-session",
+      data: {
+        "sessionID": sessionID,
+        "srpUserID": srpAttributes.srpUserID,
+        "srpM1": base64Encode(SRP6Util.encodeBigInt(clientM!)),
+      },
+    );
+    if (response.statusCode == 200) {
+      Widget page;
+      final String twoFASessionID = response.data["twoFactorSessionID"];
+      Configuration.instance.setVolatilePassword(userPassword);
+      if (twoFASessionID.isNotEmpty) {
+        page = TwoFactorAuthenticationPage(twoFASessionID);
       } else {
-        // should never reach here
-        throw Exception("unexpected response during email verification");
-      }
-    } on DioError catch (e, s) {
-      await dialog.hide();
-      if (e.response != null && e.response!.statusCode == 401) {
-        final dialogChoice = await showChoiceDialog(
-          context,
-          title: context.l10n.incorrectPasswordTitle,
-          body: context.l10n.pleaseTryAgain,
-          firstButtonLabel: context.l10n.contactSupport,
-          secondButtonLabel: context.l10n.ok,
-        );
-        if (dialogChoice!.action == ButtonAction.first) {
-          await sendLogs(
-            context,
-            context.l10n.contactSupport,
-            "support@ente.io",
-            postShare: () {},
+        await _saveConfiguration(response);
+        if (Configuration.instance.getEncryptedToken() != null) {
+          await Configuration.instance.decryptSecretsAndGetKeyEncKey(
+            userPassword,
+            Configuration.instance.getKeyAttributes()!,
+            keyEncryptionKey: keyEncryptionKey,
           );
+          page = const HomePage();
+        } else {
+          throw Exception("unexpected response during email verification");
         }
-      } else {
-        _logger.fine('failed to verify password', e, s);
-        await showErrorDialog(
-          context,
-          context.l10n.oops,
-          context.l10n.verificationFailedPleaseTryAgain,
-        );
       }
-    } catch (e, s) {
-      _logger.fine('failed to verify password', e, s);
       await dialog.hide();
-      await showErrorDialog(
-        context,
-        context.l10n.oops,
-        context.l10n.verificationFailedPleaseTryAgain,
+      Navigator.of(context).pushAndRemoveUntil(
+        MaterialPageRoute(
+          builder: (BuildContext context) {
+            return page;
+          },
+        ),
+        (route) => route.isFirst,
       );
+    } else {
+      // should never reach here
+      throw Exception("unexpected response during email verification");
     }
   }
 
-  Future<void> updateKeyAttributes(KeyAttributes keyAttributes, Uint8List
-  loginKey,)
-  async {
+  Future<void> updateKeyAttributes(
+    KeyAttributes keyAttributes,
+    Uint8List loginKey,
+  ) async {
     try {
       final setKeyRequest = SetKeysRequest(
         kekSalt: keyAttributes.kekSalt,
@@ -679,10 +650,10 @@ class UserService {
   }
 
   Future<void> verifyTwoFactor(
-      BuildContext context,
-      String sessionID,
-      String code,
-      ) async {
+    BuildContext context,
+    String sessionID,
+    String code,
+  ) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     try {
@@ -703,7 +674,7 @@ class UserService {
               return const PasswordReentryPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       }
     } on DioError catch (e) {
@@ -717,7 +688,7 @@ class UserService {
               return const LoginPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         showErrorDialog(
@@ -758,7 +729,7 @@ class UserService {
               );
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       }
     } on DioError catch (e) {
@@ -771,7 +742,7 @@ class UserService {
               return const LoginPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         showErrorDialog(
@@ -793,12 +764,12 @@ class UserService {
   }
 
   Future<void> removeTwoFactor(
-      BuildContext context,
-      String sessionID,
-      String recoveryKey,
-      String encryptedSecret,
-      String secretDecryptionNonce,
-      ) async {
+    BuildContext context,
+    String sessionID,
+    String recoveryKey,
+    String encryptedSecret,
+    String secretDecryptionNonce,
+  ) async {
     final dialog = createProgressDialog(context, context.l10n.pleaseWait);
     await dialog.show();
     String secret;
@@ -847,7 +818,7 @@ class UserService {
               return const PasswordReentryPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       }
     } on DioError catch (e) {
@@ -860,7 +831,7 @@ class UserService {
               return const LoginPage();
             },
           ),
-              (route) => route.isFirst,
+          (route) => route.isFirst,
         );
       } else {
         showErrorDialog(
@@ -881,13 +852,6 @@ class UserService {
     }
   }
 
-
-
-
-
-
-
-
   Future<void> _saveConfiguration(Response response) async {
     await Configuration.instance.setUserID(response.data["id"]);
     if (response.data["encryptedToken"] != null) {
@@ -904,6 +868,7 @@ class UserService {
   bool? canDisableEmailMFA() {
     return _preferences.getBool(kCanDisableEmailMFA);
   }
+
   bool hasEmailMFAEnabled() {
     return _preferences.getBool(kIsEmailMFAEnabled) ?? true;
   }
@@ -918,9 +883,8 @@ class UserService {
       );
       _preferences.setBool(kIsEmailMFAEnabled, isEnabled);
     } catch (e) {
-      _logger.severe("Failed to update email mfa",e);
+      _logger.severe("Failed to update email mfa", e);
       rethrow;
     }
   }
 }
-

lib/ui/account/login_pwd_verification_page.dart

@@ -1,11 +1,14 @@
-
+import "package:dio/dio.dart";
 import 'package:ente_auth/core/configuration.dart';
+import "package:ente_auth/core/errors.dart";
 import "package:ente_auth/l10n/l10n.dart";
 import "package:ente_auth/models/api/user/srp.dart";
 import "package:ente_auth/services/user_service.dart";
 import "package:ente_auth/theme/ente_theme.dart";
 import 'package:ente_auth/ui/common/dynamic_fab.dart';
+import "package:ente_auth/ui/components/buttons/button_widget.dart";
 import "package:ente_auth/utils/dialog_util.dart";
+import "package:ente_auth/utils/email_util.dart";
 import 'package:flutter/material.dart';
 import "package:logging/logging.dart";
 
@@ -16,14 +19,16 @@ import "package:logging/logging.dart";
 // volatile password.
 class LoginPasswordVerificationPage extends StatefulWidget {
   final SrpAttributes srpAttributes;
-  const LoginPasswordVerificationPage({Key? key, required this.srpAttributes}) : super(key: key);
+  const LoginPasswordVerificationPage({Key? key, required this.srpAttributes})
+      : super(key: key);
 
   @override
-  State<LoginPasswordVerificationPage> createState() => _LoginPasswordVerificationPageState();
+  State<LoginPasswordVerificationPage> createState() =>
+      _LoginPasswordVerificationPageState();
 }
 
-class _LoginPasswordVerificationPageState extends
-State<LoginPasswordVerificationPage> {
+class _LoginPasswordVerificationPageState
+    extends State<LoginPasswordVerificationPage> {
   final _logger = Logger((_LoginPasswordVerificationPageState).toString());
   final _passwordController = TextEditingController();
   final FocusNode _passwordFocusNode = FocusNode();
@@ -74,9 +79,7 @@ State<LoginPasswordVerificationPage> {
         buttonText: context.l10n.logInLabel,
         onPressedFunction: () async {
           FocusScope.of(context).unfocus();
-          await UserService.instance.verifyEmailViaPassword(context, widget
-              .srpAttributes,
-              _passwordController.text,);
+          await verifyPassword(context, _passwordController.text);
         },
       ),
       floatingActionButtonLocation: fabLocation(),
@@ -84,6 +87,106 @@ State<LoginPasswordVerificationPage> {
     );
   }
 
+  Future<void> verifyPassword(BuildContext context, String password) async {
+    final dialog = createProgressDialog(
+      context,
+      context.l10n.pleaseWait,
+      isDismissible: true,
+    );
+    await dialog.show();
+    try {
+      await UserService.instance.verifyEmailViaPassword(
+        context,
+        widget.srpAttributes,
+        password,
+        dialog,
+      );
+    } on DioError catch (e, s) {
+      await dialog.hide();
+      if (e.response != null && e.response!.statusCode == 401) {
+        _logger.severe('server reject, failed verify SRP login', e, s);
+        await _showContactSupportDialog(
+          context,
+          context.l10n.incorrectPasswordTitle,
+          context.l10n.pleaseTryAgain,
+        );
+      } else {
+        _logger.severe('API failure during SRP login', e, s);
+        if (e.type == DioErrorType.other) {
+          await _showContactSupportDialog(
+            context,
+            context.l10n.noInternetConnection,
+            context.l10n.pleaseCheckYourInternetConnectionAndTryAgain,
+          );
+        } else {
+          await _showContactSupportDialog(
+            context,
+            context.l10n.oops,
+            context.l10n.verificationFailedPleaseTryAgain,
+          );
+        }
+      }
+    } catch (e, s) {
+      _logger.info('error during loginViaPassword', e);
+      await dialog.hide();
+      if (e is LoginKeyDerivationError) {
+        _logger.severe('loginKey derivation error', e, s);
+        // LoginKey err, perform regular login via ott verification
+        await UserService.instance.sendOtt(
+          context,
+          email!,
+          isCreateAccountScreen: true,
+        );
+        return;
+      } else if (e is KeyDerivationError) {
+        // device is not powerful enough to perform derive key
+        final dialogChoice = await showChoiceDialog(
+          context,
+          title: context.l10n.recreatePasswordTitle,
+          body: context.l10n.recreatePasswordBody,
+          firstButtonLabel: context.l10n.useRecoveryKey,
+        );
+        if (dialogChoice!.action == ButtonAction.first) {
+          await UserService.instance.sendOtt(
+            context,
+            email!,
+            isResetPasswordScreen: true,
+          );
+        }
+        return;
+      } else {
+        _logger.severe('unexpected error while verifying password', e, s);
+        await _showContactSupportDialog(
+          context,
+          context.l10n.oops,
+          context.l10n.verificationFailedPleaseTryAgain,
+        );
+      }
+    }
+  }
+
+  Future<void> _showContactSupportDialog(
+    BuildContext context,
+    String title,
+    String message,
+  ) async {
+    final dialogChoice = await showChoiceDialog(
+      context,
+      title: title,
+      body: message,
+      firstButtonLabel: context.l10n.contactSupport,
+      secondButtonLabel: context.l10n.ok,
+    );
+    if (dialogChoice!.action == ButtonAction.first) {
+      await sendLogs(
+        context,
+        context.l10n.contactSupport,
+        "auth@ente.io",
+        postShare: () {},
+      );
+    }
+  }
+
   Widget _getBody() {
     return Column(
       children: [
@@ -92,17 +195,22 @@ State<LoginPasswordVerificationPage> {
             child: ListView(
               children: [
                 Padding(
-                  padding:
-                  const EdgeInsets.only(top: 30, left: 20, right: 20),
+                  padding: const EdgeInsets.only(top: 30, left: 20, right: 20),
                   child: Text(
                     context.l10n.enterPassword,
                     style: Theme.of(context).textTheme.headlineMedium,
                   ),
                 ),
                 Padding(
-                  padding: const EdgeInsets.only(bottom: 30, left: 22, right:
-                  20,),
-                  child: Text(email ?? '', style: getEnteTextTheme(context).smallMuted,),
+                  padding: const EdgeInsets.only(
+                    bottom: 30,
+                    left: 22,
+                    right: 20,
+                  ),
+                  child: Text(
+                    email ?? '',
+                    style: getEnteTextTheme(context).smallMuted,
+                  ),
                 ),
                 Visibility(
                   // hidden textForm for suggesting auto-fill service for saving
@@ -133,19 +241,19 @@ State<LoginPasswordVerificationPage> {
                       ),
                       suffixIcon: _passwordInFocus
                           ? IconButton(
-                        icon: Icon(
-                          _passwordVisible
-                              ? Icons.visibility
-                              : Icons.visibility_off,
-                          color: Theme.of(context).iconTheme.color,
-                          size: 20,
-                        ),
-                        onPressed: () {
-                          setState(() {
-                            _passwordVisible = !_passwordVisible;
-                          });
-                        },
-                      )
+                              icon: Icon(
+                                _passwordVisible
+                                    ? Icons.visibility
+                                    : Icons.visibility_off,
+                                color: Theme.of(context).iconTheme.color,
+                                size: 20,
+                              ),
+                              onPressed: () {
+                                setState(() {
+                                  _passwordVisible = !_passwordVisible;
+                                });
+                              },
+                            )
                           : null,
                     ),
                     style: const TextStyle(
@@ -176,9 +284,11 @@ State<LoginPasswordVerificationPage> {
                       GestureDetector(
                         behavior: HitTestBehavior.opaque,
                         onTap: () async {
-                          await UserService.instance
-                              .sendOtt(context, email!,
-                              isResetPasswordScreen: true,);
+                          await UserService.instance.sendOtt(
+                            context,
+                            email!,
+                            isResetPasswordScreen: true,
+                          );
                         },
                         child: Center(
                           child: Text(
@@ -187,9 +297,9 @@ State<LoginPasswordVerificationPage> {
                                 .textTheme
                                 .titleMedium!
                                 .copyWith(
-                              fontSize: 14,
-                              decoration: TextDecoration.underline,
-                            ),
+                                  fontSize: 14,
+                                  decoration: TextDecoration.underline,
+                                ),
                           ),
                         ),
                       ),
@@ -213,9 +323,9 @@ State<LoginPasswordVerificationPage> {
                                 .textTheme
                                 .titleMedium!
                                 .copyWith(
-                              fontSize: 14,
-                              decoration: TextDecoration.underline,
-                            ),
+                                  fontSize: 14,
+                                  decoration: TextDecoration.underline,
+                                ),
                           ),
                         ),
                       ),
@@ -229,4 +339,4 @@ State<LoginPasswordVerificationPage> {
       ],
     );
   }
-}
+}

lib/ui/settings/data/import/2fas_import.dart

@@ -0,0 +1,209 @@
+import 'dart:async';
+import 'dart:convert';
+import 'dart:io';
+import 'dart:typed_data';
+
+import 'package:ente_auth/l10n/l10n.dart';
+import 'package:ente_auth/models/code.dart';
+import 'package:ente_auth/services/authenticator_service.dart';
+import 'package:ente_auth/store/code_store.dart';
+import 'package:ente_auth/ui/common/progress_dialog.dart';
+import 'package:ente_auth/ui/components/buttons/button_widget.dart';
+import 'package:ente_auth/ui/components/dialog_widget.dart';
+import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/ui/settings/data/import/import_success.dart';
+import 'package:ente_auth/utils/dialog_util.dart';
+import 'package:file_picker/file_picker.dart';
+import 'package:flutter/cupertino.dart';
+import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';
+import 'package:pointycastle/export.dart';
+
+Future<void> show2FasImportInstruction(BuildContext context) async {
+  final l10n = context.l10n;
+  final result = await showDialogWidget(
+    context: context,
+    title: l10n.importFromApp("2FAS Authenticator"),
+    body: l10n.import2FasGuide,
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: l10n.importSelectAppExport("2FAS Authenticator"),
+        isInAlert: true,
+        buttonSize: ButtonSize.large,
+        buttonAction: ButtonAction.first,
+      ),
+      ButtonWidget(
+        buttonType: ButtonType.secondary,
+        labelText: context.l10n.cancel,
+        buttonSize: ButtonSize.large,
+        isInAlert: true,
+        buttonAction: ButtonAction.second,
+      ),
+    ],
+  );
+  if (result?.action != null && result!.action != ButtonAction.cancel) {
+    if (result.action == ButtonAction.first) {
+      await _pick2FasFile(context);
+    } else {}
+  }
+}
+
+Future<void> _pick2FasFile(BuildContext context) async {
+  final l10n = context.l10n;
+  FilePickerResult? result = await FilePicker.platform
+      .pickFiles(dialogTitle: l10n.importSelectJsonFile);
+  if (result == null) {
+    return;
+  }
+  final ProgressDialog progressDialog =
+      createProgressDialog(context, l10n.pleaseWait);
+  await progressDialog.show();
+  try {
+    String path = result.files.single.path!;
+    int? count = await _process2FasExportFile(context, path, progressDialog);
+    await progressDialog.hide();
+    if (count != null) {
+      await importSuccessDialog(context, count);
+    }
+  } catch (e, s) {
+    Logger('2FASImport').severe('exception while processing import', e, s);
+    await progressDialog.hide();
+    await showErrorDialog(
+      context,
+      context.l10n.sorry,
+      context.l10n.importFailureDesc,
+    );
+  }
+}
+
+Future<int?> _process2FasExportFile(
+  BuildContext context,
+  String path,
+  final ProgressDialog dialog,
+) async {
+  File file = File(path);
+
+  final jsonString = await file.readAsString();
+  final decodedJson = jsonDecode(jsonString);
+  int version = (decodedJson['schemaVersion'] ?? 0) as int;
+  if (version != 3) {
+    await dialog.hide();
+    // todo: extract strings for l10n. Use same naming format as in aegis
+    // to avoid duplicate translation efforts.
+    await showErrorDialog(
+      context,
+      'Unsupported format: $version',
+      version == 0
+          ? "The selected file is not a valid 2FAS Authenticator export."
+          : "Sorry, the app doesn't support this version of 2FAS Authenticator export",
+    );
+    return null;
+  }
+
+  var decodedServices = decodedJson['services'];
+  // https://github.com/twofas/2fas-android/blob/e97f1a1040eafaed6d5284d54d33403dff215886/data/services/src/main/java/com/twofasapp/data/services/domain/BackupContent.kt#L39
+  final isEncrypted = decodedJson['reference'] != null;
+  if (isEncrypted) {
+    String? password;
+    try {
+      await showTextInputDialog(
+        context,
+        title: "Enter password to decrypt 2FAS backup",
+        submitButtonLabel: "Submit",
+        isPasswordInput: true,
+        onSubmit: (value) async {
+          password = value;
+        },
+      );
+      if (password == null) {
+        await dialog.hide();
+        return null;
+      }
+      final content = decrypt2FasVault(decodedJson, password: password!);
+      decodedServices = jsonDecode(content);
+    } catch (e, s) {
+      Logger("2FASImport").warning("exception while decrypting  backup", e, s);
+      await dialog.hide();
+      if (password != null) {
+        await showErrorDialog(
+          context,
+          "Failed to decrypt 2Fas export",
+          "Please check your password and try again.",
+        );
+      }
+      return null;
+    }
+  }
+  final parsedCodes = [];
+  for (var item in decodedServices) {
+    var kind = item['otp']['tokenType'];
+    var account = item['otp']['account'] ?? '';
+    var issuer = item['otp']['issuer'] ?? item['name'] ?? '';
+    var algorithm = item['otp']['algorithm'];
+    var secret = item['secret'];
+    var timer = item['otp']['period'];
+    var digits = item['otp']['digits'];
+    var counter = item['otp']['counter'];
+
+    // Build the OTP URL
+    String otpUrl;
+
+    if (kind.toLowerCase() == 'totp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&period=$timer';
+    } else if (kind.toLowerCase() == 'hotp') {
+      otpUrl =
+          'otpauth://$kind/$issuer:$account?secret=$secret&issuer=$issuer&algorithm=$algorithm&digits=$digits&counter=$counter';
+    } else {
+      throw Exception('Invalid OTP type');
+    }
+    parsedCodes.add(Code.fromRawData(otpUrl));
+  }
+
+  for (final code in parsedCodes) {
+    await CodeStore.instance.addCode(code, shouldSync: false);
+  }
+  unawaited(AuthenticatorService.instance.onlineSync());
+  int count = parsedCodes.length;
+  return count;
+}
+
+String decrypt2FasVault(dynamic data, {required String password}) {
+  int ITERATION_COUNT = 10000;
+  int KEY_SIZE = 256;
+  final String encryptedServices = data["servicesEncrypted"];
+  var split = encryptedServices.split(":");
+  final encryptedData = base64.decode(split[0]);
+  final salt = base64.decode(split[1]);
+  final iv = base64.decode(split[2]);
+  // derive 256 key using PBKDF2WithHmacSHA256 and 10000 iterations and above salt
+  final pbkdf2 = PBKDF2KeyDerivator(HMac(SHA256Digest(), 64));
+  final params = Pbkdf2Parameters(
+    salt,
+    ITERATION_COUNT,
+    KEY_SIZE ~/ 8,
+  );
+  pbkdf2.init(params);
+  Uint8List key = Uint8List(KEY_SIZE ~/ 8);
+  pbkdf2.deriveKey(Uint8List.fromList(utf8.encode(password)), 0, key, 0);
+  final decrypted = decrypt(key, iv, encryptedData);
+  final utf8Decode = utf8.decode(decrypted);
+  return utf8Decode;
+}
+
+Uint8List decrypt(Uint8List key, Uint8List iv, Uint8List data) {
+  final cipher = GCMBlockCipher(AESEngine())
+    ..init(
+      false,
+      AEADParameters(
+        KeyParameter(key),
+        128,
+        iv,
+        Uint8List.fromList(<int>[]),
+      ),
+    );
+
+  final dbBytes = cipher.process(data);
+  return dbBytes;
+}

lib/ui/settings/data/import/analyze_qr_code.dart

@@ -1,268 +0,0 @@
-import 'dart:io';
-
-import 'package:ente_auth/l10n/l10n.dart';
-import 'package:ente_auth/models/code.dart';
-import 'package:ente_auth/ui/components/buttons/button_widget.dart';
-import 'package:ente_auth/ui/components/dialog_widget.dart';
-import 'package:ente_auth/ui/components/models/button_type.dart';
-import 'package:ente_auth/ui/settings/data/import/google_auth_import.dart';
-import 'package:ente_auth/ui/settings/data/import/qr_scanner_overlay.dart';
-import 'package:ente_auth/utils/toast_util.dart';
-import 'package:flutter/material.dart';
-import 'package:flutter/services.dart';
-import 'package:flutter_svg/svg.dart';
-import 'package:logging/logging.dart';
-import 'package:mobile_scanner/mobile_scanner.dart';
-import 'package:wechat_assets_picker/wechat_assets_picker.dart';
-
-class QrScanner extends StatefulWidget {
-  const QrScanner({super.key});
-
-  @override
-  State<QrScanner> createState() => _QrScannerState();
-}
-
-class _QrScannerState extends State<QrScanner> {
-  bool isNavigationPerformed = false;
-  bool isScannedByImage = false;
-
-  MobileScannerController scannerController = MobileScannerController(
-    detectionSpeed: DetectionSpeed.normal,
-    facing: CameraFacing.back,
-  );
-
-  @override
-  void dispose() {
-    scannerController.dispose();
-    super.dispose();
-  }
-
-  @override
-  Widget build(BuildContext context) {
-    final l10n = context.l10n;
-    return SafeArea(
-      child: Scaffold(
-        backgroundColor: Colors.black,
-        body: Stack(
-          alignment: Alignment.topLeft,
-          children: [
-            Stack(
-              children: [
-                MobileScanner(
-                  controller: scannerController,
-                  onDetect: (capture) async {
-                    if (!isNavigationPerformed) {
-                      isNavigationPerformed = true;
-                      if (capture.barcodes[0].rawValue!
-                          .startsWith(kGoogleAuthExportPrefix)) {
-                        if (isScannedByImage) {
-                          final result = await showDialogWidget(
-                            context: context,
-                            title: l10n.reminderText,
-                            body: l10n.reminderPopupBody,
-                            buttons: [
-                              ButtonWidget(
-                                buttonType: ButtonType.primary,
-                                labelText: l10n.ok,
-                                isInAlert: true,
-                                buttonSize: ButtonSize.large,
-                                buttonAction: ButtonAction.first,
-                              ),
-                            ],
-                          );
-                          if (result?.action != null &&
-                              result!.action == ButtonAction.first) {
-                            isScannedByImage = false;
-                          }
-                        }
-                        HapticFeedback.vibrate();
-                        try {
-                          List<Code> codes =
-                              parseGoogleAuth(capture.barcodes[0].rawValue!);
-                          scannerController.dispose();
-                          Navigator.of(context).pop(codes);
-                        } catch (e) {
-                          showToast(context, l10n.parsingErrorText);
-                          Logger("Code parsing error").severe(
-                            "Error while parsing Google Auth QR code",
-                            e,
-                          );
-                          throw Exception(
-                            'Failed to parse Google Auth QR code \n ${e.toString()}',
-                          );
-                        }
-                      } else {
-                        showToast(context, l10n.invalidQrCodeText);
-                        isNavigationPerformed = false;
-                      }
-                    }
-                  },
-                ),
-                const QRScannerOverlay(),
-                Positioned(
-                  top: 150,
-                  left: 0,
-                  right: 0,
-                  child: Row(
-                    mainAxisAlignment: MainAxisAlignment.center,
-                    children: [
-                      // Torch button
-                      IconButton(
-                        icon: ValueListenableBuilder(
-                          valueListenable: scannerController.torchState,
-                          builder: (context, state, child) {
-                            switch (state) {
-                              case TorchState.on:
-                                return SvgPicture.asset(
-                                  'assets/scanner-icons/icons/flash_on.svg',
-                                );
-                              case TorchState.off:
-                                return SvgPicture.asset(
-                                  'assets/scanner-icons/icons/flash_off.svg',
-                                );
-                            }
-                          },
-                        ),
-                        iconSize: 60,
-                        onPressed: () => scannerController.toggleTorch(),
-                      ),
-                      IconButton(
-                        icon: SvgPicture.asset(
-                          'assets/scanner-icons/icons/gallery.svg',
-                        ),
-                        iconSize: 60,
-                        onPressed: () async {
-                          final result = await showDialogWidget(
-                            context: context,
-                            title: l10n.importFromApp(
-                              "Google Authenticator (saved image)",
-                            ),
-                            body: l10n.googleAuthImagePopupBody,
-                            buttons: [
-                              ButtonWidget(
-                                buttonType: ButtonType.primary,
-                                labelText: l10n.importGoogleAuthImageButtonText,
-                                isInAlert: true,
-                                buttonSize: ButtonSize.large,
-                                buttonAction: ButtonAction.first,
-                              ),
-                              ButtonWidget(
-                                buttonType: ButtonType.secondary,
-                                labelText: l10n.cancel,
-                                buttonSize: ButtonSize.large,
-                                isInAlert: true,
-                                buttonAction: ButtonAction.second,
-                              ),
-                            ],
-                          );
-                          if (result?.action != null &&
-                              result!.action != ButtonAction.cancel) {
-                            if (result.action == ButtonAction.first) {
-                              List<AssetEntity>? assets =
-                                  await AssetPicker.pickAssets(
-                                context,
-                                pickerConfig: const AssetPickerConfig(
-                                  maxAssets: 1,
-                                  requestType: RequestType.image,
-                                ),
-                              );
-
-                              if (assets != null && assets.isNotEmpty) {
-                                AssetEntity asset = assets.first;
-                                File? file = await asset.file;
-                                String path = file!.path;
-
-                                if (await scannerController
-                                    .analyzeImage(path)) {
-                                  isScannedByImage = true;
-                                  if (!mounted) return;
-                                } else {
-                                  if (!mounted) return;
-                                  isScannedByImage = false;
-                                  showToast(
-                                    context,
-                                    l10n.unableToRecognizeQrCodeText,
-                                  );
-                                }
-                              } else {
-                                if (!mounted) return;
-                                showToast(
-                                  context,
-                                  l10n.qrCodeImageNotSelectedText,
-                                );
-                              }
-                            }
-                          }
-                        },
-                      ),
-                    ],
-                  ),
-                ),
-                Positioned(
-                  bottom: 0,
-                  left: 0,
-                  right: 0,
-                  child: Container(
-                    decoration: const BoxDecoration(
-                      borderRadius: BorderRadius.only(
-                        topLeft: Radius.circular(30),
-                        topRight: Radius.circular(30),
-                      ),
-                      color: Colors.white,
-                    ),
-                    child: Padding(
-                      padding: const EdgeInsets.fromLTRB(
-                        40,
-                        15,
-                        40,
-                        18,
-                      ),
-                      child: Column(
-                        crossAxisAlignment: CrossAxisAlignment.center,
-                        children: [
-                          Container(
-                            height: 5,
-                            width: 40,
-                            decoration: BoxDecoration(
-                              color: Colors.black,
-                              borderRadius: BorderRadius.circular(50),
-                            ),
-                          ),
-                          const SizedBox(
-                            height: 25,
-                          ),
-                          Text(
-                            l10n.scanACode,
-                            textAlign: TextAlign.center,
-                            style: const TextStyle(
-                              color: Colors.black,
-                            ),
-                          ),
-                        ],
-                      ),
-                    ),
-                  ),
-                ),
-              ],
-            ),
-            Positioned(
-              left: 25,
-              top: 25,
-              child: GestureDetector(
-                onTap: () {
-                  Navigator.pop(context);
-                },
-                child: SvgPicture.asset(
-                  'assets/scanner-icons/icons/cross.svg',
-                  colorFilter:
-                      const ColorFilter.mode(Colors.white, BlendMode.srcATop),
-                  height: 30,
-                ),
-              ),
-            ),
-          ],
-        ),
-      ),
-    );
-  }
-}

lib/ui/settings/data/import/google_auth_import.dart

@@ -1,7 +1,6 @@
 import 'dart:async';
 import 'dart:convert';
 import 'dart:typed_data';
-
 import 'package:base32/base32.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/models/code.dart';
@@ -11,7 +10,7 @@ import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
 import 'package:ente_auth/ui/components/dialog_widget.dart';
 import 'package:ente_auth/ui/components/models/button_type.dart';
-import 'package:ente_auth/ui/settings/data/import/analyze_qr_code.dart';
+import 'package:ente_auth/ui/scanner_gauth_page.dart';
 import 'package:ente_auth/ui/settings/data/import/import_success.dart';
 import 'package:flutter/material.dart';
 import 'package:logging/logging.dart';
@@ -46,7 +45,7 @@ Future<void> showGoogleAuthInstruction(BuildContext context) async {
       final List<Code>? codes = await Navigator.of(context).push(
         MaterialPageRoute(
           builder: (BuildContext context) {
-            return const QrScanner();
+            return const ScannerGoogleAuthPage();
           },
         ),
       );

lib/ui/settings/data/import/import_service.dart

@@ -1,3 +1,4 @@
+import 'package:ente_auth/ui/settings/data/import/2fas_import.dart';
 import 'package:ente_auth/ui/settings/data/import/aegis_import.dart';
 import 'package:ente_auth/ui/settings/data/import/bitwarden_import.dart';
 import 'package:ente_auth/ui/settings/data/import/encrypted_ente_import.dart';
@@ -5,7 +6,7 @@ import 'package:ente_auth/ui/settings/data/import/google_auth_import.dart';
 import 'package:ente_auth/ui/settings/data/import/plain_text_import.dart';
 import 'package:ente_auth/ui/settings/data/import/raivo_plain_text_import.dart';
 import 'package:ente_auth/ui/settings/data/import_page.dart';
-import 'package:flutter/material.dart';
+import 'package:flutter/cupertino.dart';
 
 class ImportService {
   static final ImportService _instance = ImportService._internal();
@@ -32,6 +33,9 @@ class ImportService {
       case ImportType.aegis:
         showAegisImportInstruction(context);
         break;
+      case ImportType.twoFas:
+        show2FasImportInstruction(context);
+        break;
       case ImportType.bitwarden:
         showBitwardenImportInstruction(context);
         break;

lib/ui/settings/data/import/qr_scanner_overlay.dart

@@ -1,152 +0,0 @@
-import 'package:flutter/material.dart';
-
-class QRScannerOverlay extends StatelessWidget {
-  const QRScannerOverlay({
-    Key? key,
-  }) : super(key: key);
-
-  @override
-  Widget build(BuildContext context) {
-    double scanArea = (MediaQuery.of(context).size.width < 400 ||
-            MediaQuery.of(context).size.height < 400)
-        ? 200.0
-        : 330.0;
-    return Stack(
-      children: [
-        ColorFiltered(
-          colorFilter:
-              ColorFilter.mode(Colors.black.withOpacity(0.9), BlendMode.srcOut),
-          child: Stack(
-            children: [
-              Container(
-                decoration: const BoxDecoration(
-                  color: Colors.red,
-                  backgroundBlendMode: BlendMode.dstOut,
-                ),
-              ),
-              Align(
-                alignment: Alignment.center,
-                child: Container(
-                  height: scanArea,
-                  width: scanArea,
-                  decoration: BoxDecoration(
-                    color: Colors.red,
-                    borderRadius: BorderRadius.circular(20),
-                  ),
-                ),
-              ),
-            ],
-          ),
-        ),
-        Align(
-          alignment: Alignment.center,
-          child: CustomPaint(
-            foregroundPainter: BorderPainter(),
-            child: SizedBox(
-              width: scanArea + 25,
-              height: scanArea + 25,
-            ),
-          ),
-        ),
-      ],
-    );
-  }
-}
-
-// Creates the white borders
-class BorderPainter extends CustomPainter {
-  @override
-  void paint(Canvas canvas, Size size) {
-    const width = 4.0;
-    const radius = 20.0;
-    const tRadius = 3 * radius;
-    final rect = Rect.fromLTWH(
-      width,
-      width,
-      size.width - 2 * width,
-      size.height - 2 * width,
-    );
-    final rrect = RRect.fromRectAndRadius(rect, const Radius.circular(radius));
-    const clippingRect0 = Rect.fromLTWH(
-      0,
-      0,
-      tRadius,
-      tRadius,
-    );
-    final clippingRect1 = Rect.fromLTWH(
-      size.width - tRadius,
-      0,
-      tRadius,
-      tRadius,
-    );
-    final clippingRect2 = Rect.fromLTWH(
-      0,
-      size.height - tRadius,
-      tRadius,
-      tRadius,
-    );
-    final clippingRect3 = Rect.fromLTWH(
-      size.width - tRadius,
-      size.height - tRadius,
-      tRadius,
-      tRadius,
-    );
-
-    final path = Path()
-      ..addRect(clippingRect0)
-      ..addRect(clippingRect1)
-      ..addRect(clippingRect2)
-      ..addRect(clippingRect3);
-
-    canvas.clipPath(path);
-    canvas.drawRRect(
-      rrect,
-      Paint()
-        ..color = Colors.blueAccent
-        ..style = PaintingStyle.stroke
-        ..strokeWidth = width,
-    );
-  }
-
-  @override
-  bool shouldRepaint(CustomPainter oldDelegate) {
-    return false;
-  }
-}
-
-class BarReaderSize {
-  static double width = 200;
-  static double height = 200;
-}
-
-class OverlayWithHolePainter extends CustomPainter {
-  @override
-  void paint(Canvas canvas, Size size) {
-    final paint = Paint()..color = Colors.black54;
-    canvas.drawPath(
-      Path.combine(
-        PathOperation.difference,
-        Path()..addRect(Rect.fromLTWH(0, 0, size.width, size.height)),
-        Path()
-          ..addOval(
-            Rect.fromCircle(
-              center: Offset(size.width - 44, size.height - 44),
-              radius: 40,
-            ),
-          )
-          ..close(),
-      ),
-      paint,
-    );
-  }
-
-  @override
-  bool shouldRepaint(CustomPainter oldDelegate) {
-    return false;
-  }
-}
-
-@override
-bool shouldRepaint(CustomPainter oldDelegate) {
-  return false;
-}

lib/ui/settings/data/import_page.dart

@@ -15,6 +15,7 @@ enum ImportType {
   ravio,
   googleAuthenticator,
   aegis,
+  twoFas,
   bitwarden,
 }
 
@@ -22,10 +23,11 @@ class ImportCodePage extends StatelessWidget {
   late List<ImportType> importOptions = [
     ImportType.plainText,
     ImportType.encrypted,
-    ImportType.ravio,
+    ImportType.twoFas,
     ImportType.aegis,
-    ImportType.googleAuthenticator,
     ImportType.bitwarden,
+    ImportType.googleAuthenticator,
+    ImportType.ravio,
   ];
 
   ImportCodePage({super.key});
@@ -34,7 +36,6 @@ class ImportCodePage extends StatelessWidget {
     switch (type) {
       case ImportType.plainText:
         return context.l10n.importTypePlainText;
-
       case ImportType.encrypted:
         return context.l10n.importTypeEnteEncrypted;
       case ImportType.ravio:
@@ -43,6 +44,8 @@ class ImportCodePage extends StatelessWidget {
         return 'Google Authenticator';
       case ImportType.aegis:
         return 'Aegis Authenticator';
+      case ImportType.twoFas:
+        return '2FAS Authenticator';
       case ImportType.bitwarden:
         return 'Bitwarden';
     }

lib/ui/settings/general_section_widget.dart

@@ -13,6 +13,7 @@ import 'package:ente_auth/ui/components/toggle_switch_widget.dart';
 import 'package:ente_auth/ui/settings/common_settings.dart';
 import 'package:ente_auth/ui/settings/language_picker.dart';
 import 'package:ente_auth/utils/navigation_util.dart';
+import 'package:ente_auth/utils/toast_util.dart';
 import 'package:flutter/material.dart';
 
 class AdvancedSectionWidget extends StatefulWidget {
@@ -86,6 +87,9 @@ class _AdvancedSectionWidgetState extends State<AdvancedSectionWidget> {
               await PreferenceService.instance.setHideCodes(
                 !PreferenceService.instance.shouldHideCodes(),
               );
+              if(PreferenceService.instance.shouldHideCodes()) {
+                showToast(context, context.l10n.doubleTapToViewHiddenCode);
+              }
               setState(() {});
             },
           ),

lib/ui/settings_page.dart

@@ -3,7 +3,9 @@ import 'dart:io';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/onboarding/view/onboarding_page.dart';
+import 'package:ente_auth/services/local_authentication_service.dart';
 import 'package:ente_auth/services/user_service.dart';
+import 'package:ente_auth/store/code_store.dart';
 import 'package:ente_auth/theme/colors.dart';
 import 'package:ente_auth/theme/ente_theme.dart';
 import 'package:ente_auth/ui/components/buttons/button_widget.dart';
@@ -99,6 +101,19 @@ class SettingsPage extends StatelessWidget {
               await handleExportClick(context);
             } else {
               if (result.action == ButtonAction.second) {
+                bool hasCodes =
+                    (await CodeStore.instance.getAllCodes()).isNotEmpty;
+                if (hasCodes) {
+                  final hasAuthenticated = await LocalAuthenticationService
+                      .instance
+                      .requestLocalAuthentication(
+                    context,
+                    context.l10n.authToInitiateSignIn,
+                  );
+                  if (!hasAuthenticated) {
+                    return;
+                  }
+                }
                 await routeToPage(
                   context,
                   const OnboardingPage(),

lib/ui/tools/lock_screen.dart

@@ -1,3 +1,5 @@
+import 'dart:io';
+
 import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/ui/common/gradient_button.dart';
 import 'package:ente_auth/ui/tools/app_lock.dart';
@@ -21,10 +23,16 @@ class _LockScreenState extends State<LockScreen> with WidgetsBindingObserver {
 
   @override
   void initState() {
-    _logger.info("initState");
+    _logger.info("initiatingState");
     super.initState();
-    _showLockScreen(source: "initState");
     WidgetsBinding.instance.addObserver(this);
+    WidgetsBinding.instance.addPostFrameCallback((timeStamp) {
+      if (isNonMobileIOSDevice()) {
+        _logger.info('ignore init for non mobile iOS device');
+        return;
+      }
+      _showLockScreen(source: "postFrameInit");
+    });
   }
 
   @override
@@ -60,6 +68,14 @@ class _LockScreenState extends State<LockScreen> with WidgetsBindingObserver {
     );
   }
 
+  bool isNonMobileIOSDevice() {
+    if (Platform.isAndroid) {
+      return false;
+    }
+    var shortestSide = MediaQuery.of(context).size.shortestSide;
+    return shortestSide > 600 ? true : false;
+  }
+
   @override
   void didChangeAppLifecycleState(AppLifecycleState state) {
     _logger.info(state.toString());
@@ -93,6 +109,7 @@ class _LockScreenState extends State<LockScreen> with WidgetsBindingObserver {
 
   @override
   void dispose() {
+    _logger.info('disposing');
     WidgetsBinding.instance.removeObserver(this);
     super.dispose();
   }

lib/utils/crypto_util.dart

@@ -42,8 +42,8 @@ Uint8List cryptoPwHash(Map<String, dynamic> args) {
 }
 
 Uint8List cryptoKdfDeriveFromKey(
-    Map<String, dynamic> args,
-    ) {
+  Map<String, dynamic> args,
+) {
   return Sodium.cryptoKdfDeriveFromKey(
     args["subkeyLen"],
     args["subkeyId"],
@@ -58,7 +58,7 @@ Future<Uint8List> cryptoGenericHash(Map<String, dynamic> args) async {
   final sourceFileLength = await sourceFile.length();
   final inputFile = sourceFile.openSync(mode: io.FileMode.read);
   final state =
-  Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
+      Sodium.cryptoGenerichashInit(null, Sodium.cryptoGenerichashBytesMax);
   var bytesRead = 0;
   bool isDone = false;
   while (!isDone) {
@@ -77,7 +77,7 @@ Future<Uint8List> cryptoGenericHash(Map<String, dynamic> args) async {
 
 EncryptionResult chachaEncryptData(Map<String, dynamic> args) {
   final initPushResult =
-  Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
+      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(args["key"]);
   final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
     initPushResult.state,
     args["source"],
@@ -102,7 +102,7 @@ Future<EncryptionResult> chachaEncryptFile(Map<String, dynamic> args) async {
   final inputFile = sourceFile.openSync(mode: io.FileMode.read);
   final key = args["key"] ?? Sodium.cryptoSecretstreamXchacha20poly1305Keygen();
   final initPushResult =
-  Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
+      Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);
   var bytesRead = 0;
   var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
   while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
@@ -156,7 +156,7 @@ Future<void> chachaDecryptFile(Map<String, dynamic> args) async {
     final buffer = await inputFile.read(chunkSize);
     bytesRead += chunkSize;
     final pullResult =
-    Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
+        Sodium.cryptoSecretstreamXchacha20poly1305Pull(pullState, buffer, null);
     await destinationFile.writeAsBytes(pullResult.m, mode: io.FileMode.append);
     tag = pullResult.tag;
   }
@@ -190,20 +190,22 @@ class CryptoUtil {
     Sodium.init();
   }
 
-  static Uint8List base642bin(String b64, {
+  static Uint8List base642bin(
+    String b64, {
     String? ignore,
     int variant = Sodium.base64VariantOriginal,
   }) {
     return Sodium.base642bin(b64, ignore: ignore, variant: variant);
   }
 
-  static String bin2base64(Uint8List bin, {
+  static String bin2base64(
+    Uint8List bin, {
     bool urlSafe = false,
   }) {
     return Sodium.bin2base64(
       bin,
       variant:
-      urlSafe ? Sodium.base64VariantUrlsafe : Sodium.base64VariantOriginal,
+          urlSafe ? Sodium.base64VariantUrlsafe : Sodium.base64VariantOriginal,
     );
   }
 
@@ -237,9 +239,11 @@ class CryptoUtil {
 
   // Decrypts the given cipher, with the given key and nonce using XSalsa20
   // (w Poly1305 MAC).
-  static Future<Uint8List> decrypt(Uint8List cipher,
-      Uint8List key,
-      Uint8List nonce,) async {
+  static Future<Uint8List> decrypt(
+    Uint8List cipher,
+    Uint8List key,
+    Uint8List nonce,
+  ) async {
     final args = <String, dynamic>{};
     args["cipher"] = cipher;
     args["nonce"] = nonce;
@@ -256,9 +260,11 @@ class CryptoUtil {
   // This function runs on the same thread as the caller, so should be used only
   // for small amounts of data where thread switching can result in a degraded
   // user experience
-  static Uint8List decryptSync(Uint8List cipher,
-      Uint8List key,
-      Uint8List nonce,) {
+  static Uint8List decryptSync(
+    Uint8List cipher,
+    Uint8List key,
+    Uint8List nonce,
+  ) {
     final args = <String, dynamic>{};
     args["cipher"] = cipher;
     args["nonce"] = nonce;
@@ -270,8 +276,10 @@ class CryptoUtil {
   // nonce, using XChaCha20 (w Poly1305 MAC).
   // This function runs on the isolate pool held by `_computer`.
   // TODO: Remove "ChaCha", an implementation detail from the function name
-  static Future<EncryptionResult> encryptChaCha(Uint8List source,
-      Uint8List key,) async {
+  static Future<EncryptionResult> encryptChaCha(
+    Uint8List source,
+    Uint8List key,
+  ) async {
     final args = <String, dynamic>{};
     args["source"] = source;
     args["key"] = key;
@@ -285,9 +293,11 @@ class CryptoUtil {
   // Decrypts the given source, with the given key and header using XChaCha20
   // (w Poly1305 MAC).
   // TODO: Remove "ChaCha", an implementation detail from the function name
-  static Future<Uint8List> decryptChaCha(Uint8List source,
-      Uint8List key,
-      Uint8List header,) async {
+  static Future<Uint8List> decryptChaCha(
+    Uint8List source,
+    Uint8List key,
+    Uint8List header,
+  ) async {
     final args = <String, dynamic>{};
     args["source"] = source;
     args["key"] = key;
@@ -304,10 +314,10 @@ class CryptoUtil {
   // to the destinationFilePath.
   // If a key is not provided, one is generated and returned.
   static Future<EncryptionResult> encryptFile(
-      String sourceFilePath,
-      String destinationFilePath, {
-        Uint8List? key,
-      }) {
+    String sourceFilePath,
+    String destinationFilePath, {
+    Uint8List? key,
+  }) {
     final args = <String, dynamic>{};
     args["sourceFilePath"] = sourceFilePath;
     args["destinationFilePath"] = destinationFilePath;
@@ -322,10 +332,11 @@ class CryptoUtil {
   // Decrypts the file at sourceFilePath, with the given key and header using
   // XChaCha20 (w Poly1305 MAC), and writes it to the destinationFilePath.
   static Future<void> decryptFile(
-      String sourceFilePath,
-      String destinationFilePath,
-      Uint8List header,
-      Uint8List key,) {
+    String sourceFilePath,
+    String destinationFilePath,
+    Uint8List header,
+    Uint8List key,
+  ) {
     final args = <String, dynamic>{};
     args["sourceFilePath"] = sourceFilePath;
     args["destinationFilePath"] = destinationFilePath;
@@ -356,10 +367,10 @@ class CryptoUtil {
 
   // Decrypts the input using the given publicKey-secretKey pair
   static Uint8List openSealSync(
-      Uint8List input,
-      Uint8List publicKey,
-      Uint8List secretKey,
-      ) {
+    Uint8List input,
+    Uint8List publicKey,
+    Uint8List secretKey,
+  ) {
     return Sodium.cryptoBoxSealOpen(input, publicKey, secretKey);
   }
 
@@ -377,9 +388,9 @@ class CryptoUtil {
   // At all points, we ensure that the product of these two variables (the area
   // under the graph that determines the amount of work required) is a constant.
   static Future<DerivedKeyResult> deriveSensitiveKey(
-      Uint8List password,
-      Uint8List salt,
-      ) async {
+    Uint8List password,
+    Uint8List salt,
+  ) async {
     final logger = Logger("pwhash");
     int memLimit = Sodium.cryptoPwhashMemlimitSensitive;
     int opsLimit = Sodium.cryptoPwhashOpslimitSensitive;
@@ -407,7 +418,10 @@ class CryptoUtil {
         return DerivedKeyResult(key, memLimit, opsLimit);
       } catch (e, s) {
         logger.warning(
-          "failed to deriveKey mem: $memLimit, ops: $opsLimit", e, s,);
+          "failed to deriveKey mem: $memLimit, ops: $opsLimit",
+          e,
+          s,
+        );
       }
       memLimit = (memLimit / 2).round();
       opsLimit = opsLimit * 2;
@@ -421,9 +435,9 @@ class CryptoUtil {
   // extra layer of authentication (atop the access token and collection key).
   // More details @ https://ente.io/blog/building-shareable-links/
   static Future<DerivedKeyResult> deriveInteractiveKey(
-      Uint8List password,
-      Uint8List salt,
-      ) async {
+    Uint8List password,
+    Uint8List salt,
+  ) async {
     final int memLimit = Sodium.cryptoPwhashMemlimitInteractive;
     final int opsLimit = Sodium.cryptoPwhashOpslimitInteractive;
     final key = await deriveKey(password, salt, memLimit, opsLimit);
@@ -433,13 +447,13 @@ class CryptoUtil {
   // Derives a key for a given password, salt, memLimit and opsLimit using
   // Argon2id, v1.3.
   static Future<Uint8List> deriveKey(
-      Uint8List password,
-      Uint8List salt,
-      int memLimit,
-      int opsLimit,
-      ) {
+    Uint8List password,
+    Uint8List salt,
+    int memLimit,
+    int opsLimit,
+  ) async {
     try {
-      return _computer.compute(
+      return await _computer.compute(
         cryptoPwHash,
         param: {
           "password": password,
@@ -449,7 +463,7 @@ class CryptoUtil {
         },
         taskName: "deriveKey",
       );
-    } catch(e,s) {
+    } catch (e, s) {
       final String errMessage = 'failed to deriveKey memLimit: $memLimit and '
           'opsLimit: $opsLimit';
       Logger("CryptoUtilDeriveKey").warning(errMessage, e, s);
@@ -461,20 +475,25 @@ class CryptoUtil {
   // (Key Derivation Function) with the `loginSubKeyId` and
   // `loginSubKeyLen` and `loginSubKeyContext` as context
   static Future<Uint8List> deriveLoginKey(
-      Uint8List key,
-      ) async {
-    final Uint8List derivedKey = await  _computer.compute(
-      cryptoKdfDeriveFromKey,
-      param: {
-        "key": key,
-        "subkeyId": loginSubKeyId,
-        "subkeyLen": loginSubKeyLen,
-        "context": utf8.encode(loginSubKeyContext),
-      },
-      taskName: "deriveLoginKey",
-    );
-    // return the first 16 bytes of the derived key
-    return derivedKey.sublist(0, 16);
+    Uint8List key,
+  ) async {
+    try {
+      final Uint8List derivedKey = await _computer.compute(
+        cryptoKdfDeriveFromKey,
+        param: {
+          "key": key,
+          "subkeyId": loginSubKeyId,
+          "subkeyLen": loginSubKeyLen,
+          "context": utf8.encode(loginSubKeyContext),
+        },
+        taskName: "deriveLoginKey",
+      );
+      // return the first 16 bytes of the derived key
+      return derivedKey.sublist(0, 16);
+    } catch (e, s) {
+      Logger("deriveLoginKey").severe("loginKeyDerivation failed", e, s);
+      throw LoginKeyDerivationError();
+    }
   }
 
   // Computes and returns the hash of the source file

macos/Flutter/GeneratedPluginRegistrant.swift

@@ -10,16 +10,13 @@ import device_info_plus
 import file_saver
 import flutter_local_notifications
 import flutter_secure_storage_macos
-import mobile_scanner
 import package_info_plus
 import path_provider_foundation
-import photo_manager
 import sentry_flutter
 import share_plus
 import shared_preferences_foundation
 import sqflite
 import url_launcher_macos
-import video_player_avfoundation
 
 func RegisterGeneratedPlugins(registry: FlutterPluginRegistry) {
   ConnectivityPlugin.register(with: registry.registrar(forPlugin: "ConnectivityPlugin"))
@@ -27,14 +24,11 @@ func RegisterGeneratedPlugins(registry: FlutterPluginRegistry) {
   FileSaverPlugin.register(with: registry.registrar(forPlugin: "FileSaverPlugin"))
   FlutterLocalNotificationsPlugin.register(with: registry.registrar(forPlugin: "FlutterLocalNotificationsPlugin"))
   FlutterSecureStoragePlugin.register(with: registry.registrar(forPlugin: "FlutterSecureStoragePlugin"))
-  MobileScannerPlugin.register(with: registry.registrar(forPlugin: "MobileScannerPlugin"))
   FLTPackageInfoPlusPlugin.register(with: registry.registrar(forPlugin: "FLTPackageInfoPlusPlugin"))
   PathProviderPlugin.register(with: registry.registrar(forPlugin: "PathProviderPlugin"))
-  PhotoManagerPlugin.register(with: registry.registrar(forPlugin: "PhotoManagerPlugin"))
   SentryFlutterPlugin.register(with: registry.registrar(forPlugin: "SentryFlutterPlugin"))
   SharePlusMacosPlugin.register(with: registry.registrar(forPlugin: "SharePlusMacosPlugin"))
   SharedPreferencesPlugin.register(with: registry.registrar(forPlugin: "SharedPreferencesPlugin"))
   SqflitePlugin.register(with: registry.registrar(forPlugin: "SqflitePlugin"))
   UrlLauncherPlugin.register(with: registry.registrar(forPlugin: "UrlLauncherPlugin"))
-  FVPVideoPlayerPlugin.register(with: registry.registrar(forPlugin: "FVPVideoPlayerPlugin"))
 }

pubspec.lock

@@ -386,22 +386,6 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "3.0.0"
-  extended_image:
-    dependency: transitive
-    description:
-      name: extended_image
-      sha256: b4d72a27851751cfadaf048936d42939db7cd66c08fdcfe651eeaa1179714ee6
-      url: "https://pub.dev"
-    source: hosted
-    version: "8.1.1"
-  extended_image_library:
-    dependency: transitive
-    description:
-      name: extended_image_library
-      sha256: "8bf87c0b14dcb59200c923a9a3952304e4732a0901e40811428834ef39018ee1"
-      url: "https://pub.dev"
-    source: hosted
-    version: "3.6.0"
   fake_async:
     dependency: transitive
     description:
@@ -703,14 +687,6 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.1.0"
-  http_client_helper:
-    dependency: transitive
-    description:
-      name: http_client_helper
-      sha256: "8a9127650734da86b5c73760de2b404494c968a3fd55602045ffec789dac3cb1"
-      url: "https://pub.dev"
-    source: hosted
-    version: "3.0.0"
   http_multi_server:
     dependency: transitive
     description:
@@ -863,14 +839,6 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.0.4"
-  mobile_scanner:
-    dependency: "direct main"
-    description:
-      name: mobile_scanner
-      sha256: cf978740676ba5b0c17399baf117984b31190bb7a6eaa43e51229ed46abc42ee
-      url: "https://pub.dev"
-    source: hosted
-    version: "3.5.2"
   mocktail:
     dependency: "direct dev"
     description:
@@ -1039,14 +1007,6 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "5.1.0"
-  photo_manager:
-    dependency: transitive
-    description:
-      name: photo_manager
-      sha256: c1f21882f22c97cc85a8a67b08d7b979a03c9b7f18f940c10c6860b3a49581d3
-      url: "https://pub.dev"
-    source: hosted
-    version: "2.8.0"
   pinput:
     dependency: "direct main"
     description:
@@ -1588,46 +1548,6 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "2.1.4"
-  video_player:
-    dependency: transitive
-    description:
-      name: video_player
-      sha256: e16f0a83601a78d165dabc17e4dac50997604eb9e4cc76e10fa219046b70cef3
-      url: "https://pub.dev"
-    source: hosted
-    version: "2.8.1"
-  video_player_android:
-    dependency: transitive
-    description:
-      name: video_player_android
-      sha256: "3fe89ab07fdbce786e7eb25b58532d6eaf189ceddc091cb66cba712f8d9e8e55"
-      url: "https://pub.dev"
-    source: hosted
-    version: "2.4.10"
-  video_player_avfoundation:
-    dependency: transitive
-    description:
-      name: video_player_avfoundation
-      sha256: fe73d636f82286a3739f5e644f95f09442cacdc436ebbe5436521dc915f3ecac
-      url: "https://pub.dev"
-    source: hosted
-    version: "2.5.1"
-  video_player_platform_interface:
-    dependency: transitive
-    description:
-      name: video_player_platform_interface
-      sha256: be72301bf2c0150ab35a8c34d66e5a99de525f6de1e8d27c0672b836fe48f73a
-      url: "https://pub.dev"
-    source: hosted
-    version: "6.2.1"
-  video_player_web:
-    dependency: transitive
-    description:
-      name: video_player_web
-      sha256: ab7a462b07d9ca80bed579e30fb3bce372468f1b78642e0911b10600f2c5cb5b
-      url: "https://pub.dev"
-    source: hosted
-    version: "2.1.2"
   vm_service:
     dependency: transitive
     description:
@@ -1668,14 +1588,6 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.2.0"
-  wechat_assets_picker:
-    dependency: "direct main"
-    description:
-      name: wechat_assets_picker
-      sha256: "00c93a04421013040b555cdcccdb8e90f142a171d6c0d968c2b5042a76013601"
-      url: "https://pub.dev"
-    source: hosted
-    version: "8.7.1"
   win32:
     dependency: transitive
     description:
@@ -1717,5 +1629,5 @@ packages:
     source: hosted
     version: "3.1.2"
 sdks:
-  dart: ">=3.1.0 <4.0.0"
-  flutter: ">=3.13.0"
+  dart: ">=3.1.0-185.0.dev <4.0.0"
+  flutter: ">=3.10.0"

pubspec.yaml

@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 2.0.18+218
+version: 2.0.24+224
 publish_to: none
 
 environment:
@@ -58,7 +58,6 @@ dependencies:
   local_auth_android: ^1.0.31
   local_auth_ios: ^1.1.3
   logging: ^1.0.1
-  mobile_scanner: ^3.5.2
   modal_bottom_sheet: ^3.0.0-pre
   move_to_background: ^1.0.2
   open_filex: ^4.3.2
@@ -82,7 +81,6 @@ dependencies:
   uni_links: ^0.5.1
   url_launcher: ^6.1.5
   uuid: ^3.0.4
-  wechat_assets_picker: ^8.6.3
 
 dev_dependencies:
   bloc_test: ^9.0.3
@@ -105,7 +103,6 @@ flutter:
     - assets/simple-icons/_data/
     - assets/custom-icons/icons/
     - assets/custom-icons/_data/
-    - assets/scanner-icons/icons/
 
   fonts:
     - family: Inter