kee-org
diff --git a/‎assets/Demo.kdbx‎
256 Bytes b/‎assets/Demo.kdbx‎
256 Bytes
diff --git a/‎assets/Demo.zip‎
22.4 KB b/‎assets/Demo.zip‎
22.4 KB
diff --git a/‎lib/cubit/account_cubit.dart‎
Lines changed: 88 additions & 0 deletions b/‎lib/cubit/account_cubit.dart‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎lib/cubit/account_state.dart‎
Lines changed: 5 additions & 0 deletions b/‎lib/cubit/account_state.dart‎
Lines changed: 5 additions & 0 deletions
@@ -10,6 +10,7 @@ import 'package:keevault/vault_backend/user.dart';
 import 'package:meta/meta.dart';
 import 'package:shared_preferences/shared_preferences.dart';
 import '../logging/logger.dart';
+import '../vault_backend/utils.dart';
 
 part 'account_state.dart';
 
@@ -325,6 +326,93 @@ class AccountCubit extends Cubit<AccountState> {
     }
   }
 
+  void startEmailChange() {
+    emit(AccountEmailChangeRequested(currentUser, null));
+  }
+
+  Future<bool> changePassword(ProtectedValue password, Future<bool> Function(User user) onChangeStarted) async {
+    if (currentUser.emailHashed == null) throw KeeInvalidStateException();
+    if (currentUser.email?.isEmpty ?? true) throw KeeInvalidStateException();
+    if (currentUser.salt?.isEmpty ?? true) throw KeeInvalidStateException();
+
+    final key = password.hash;
+    final newPassKey = await derivePassKey(currentUser.email!, key);
+
+    try {
+      await _userRepo.changePasswordStart(currentUser, newPassKey);
+
+      final success = await onChangeStarted(currentUser);
+
+      if (!success) {
+        throw VaultPasswordChangeException('Password change aborted.');
+      }
+
+      await _userRepo.changePasswordFinish(currentUser, newPassKey);
+      return true;
+    } on KeeLoginFailedMITMException {
+      rethrow;
+    } on KeeLoginRequiredException {
+      l.w('Unable to change password due to a 403.');
+      throw VaultPasswordChangeException(
+          'Due to an authentication problem, we were unable to change your password. Probably it has been too long since you last signed in. Please sign out and then sign in again with your previous password and try again when you have enough time to complete the operation within 10 minutes.');
+    } on KeeNotFoundException {
+      l.i('Unable to change password due to 404 response.');
+      throw VaultPasswordChangeException('We cannot find your account. Have you recently deleted it?');
+    } on KeeServiceTransportException catch (e) {
+      l.w('Unable to change password due to a transport error. Cannot be sure if the request was successful or not. Details: $e');
+      throw VaultPasswordChangeException(
+          'Due to a network failure, we cannot say whether your request succeeded or not. If possible, try signing in to a different device with your new password to find out if the change took effect. If unsure if it worked, sign in with your previous password next time and try again when you have a more stable network connection.');
+    }
+  }
+
+  Future<bool> changeEmailAddress(String password, String newEmailAddress) async {
+    l.d('starting the changeEmailAddress procedure');
+    User user = currentUser;
+    try {
+      final newEmailHashed = await hashString(newEmailAddress, EMAIL_ID_SALT);
+
+      final protectedValue = ProtectedValue.fromString(password);
+
+      await _userRepo.changeEmailAddress(user, newEmailAddress, newEmailHashed, protectedValue);
+      final prefs = await SharedPreferences.getInstance();
+      await prefs.setString('user.current.email', newEmailAddress);
+      if (user.id?.isNotEmpty ?? false) {
+        await prefs.setString('user.authMaterialUserIdMap.${user.emailHashed}', user.id!);
+      }
+      final newUser = await User.fromEmail(newEmailAddress);
+      emit(AccountChosen(newUser));
+      await signout();
+      return true;
+    } on KeeLoginFailedMITMException {
+      rethrow;
+    } on KeeLoginRequiredException {
+      l.w('Unable to changeEmailAddress due to a 403.');
+      emit(AccountEmailChangeRequested(user,
+          'Due to an authentication problem, we were unable to change your email address. Probably it has been too long since you last signed in with your previous email address. Please click Cancel and then sign in again with your previous email address and try this email change again when you have enough time to complete the operation within 10 minutes.'));
+    } on FormatException {
+      // Local validation
+      l.i('Unable to changeEmailAddress due to FormatException.');
+      emit(AccountEmailChangeRequested(user, 'Please enter the correct password for your Kee Vault account.'));
+    } on KeeInvalidRequestException {
+      // Local validation should mean this is unlikely to happen outside of malicious acts
+      l.i('Unable to changeEmailAddress due to 400 response.');
+      emit(AccountEmailChangeRequested(user,
+          'Please double check that you have entered the correct password for your Kee Vault account. Also check that you have entered a valid email address of no more than 70 characters.'));
+    } on KeeServerConflictException {
+      l.i('Unable to changeEmailAddress due to 409 response.');
+      emit(AccountEmailChangeRequested(user,
+          'Sorry, that email address is already associated with a different Kee Vault account (or is reserved due to earlier use by a deleted account). Try signing in to that account, and consider importing your exported KDBX file from this account if you wish to transfer your data to the other account. If you have access to the requested email address but are unable to remember your password, you could use the account reset feature to delete the contents of the other account and assign it a new password that you will remember.'));
+    } on KeeNotFoundException {
+      l.i('Unable to changeEmailAddress due to 404 response.');
+      emit(AccountEmailChangeRequested(user, 'We cannot find your account. Have you recently deleted it?'));
+    } on KeeServiceTransportException catch (e) {
+      l.w('Unable to changeEmailAddress due to a transport error. Cannot be sure if the request was successful or not. Details: $e');
+      emit(AccountEmailChangeRequested(user,
+          'Due to a network failure, we cannot say whether your request succeeded or not. Please check your new email address for a verification request. It might take a moment to arrive but if it does, that suggests the process did work so just verify your new address, click Cancel below and then sign-in using the new email address. If unsure if it worked, sign in with your previous email address next time and try again when you have a more stable network connection.'));
+    }
+    return false;
+  }
+
   Future<void> signout() async {
     final AccountState currentState = state;
     if (currentState is AccountChosen && (currentState.user.email?.isNotEmpty ?? false)) {
 
@@ -60,6 +60,11 @@ class AccountEmailNotVerified extends AccountAuthenticated {
   const AccountEmailNotVerified(super.user);
 }
 
+class AccountEmailChangeRequested extends AccountAuthenticated {
+  final String? error;
+  const AccountEmailChangeRequested(super.user, this.error);
+}
+
 class AccountTrialRestartStarted extends AccountExpired {
   const AccountTrialRestartStarted(super.user, super.trialAvailable);
 }
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,11 @@ class AccountEmailNotVerified extends AccountAuthenticated {`
`60`	`60`	`const AccountEmailNotVerified(super.user);`
`61`	`61`	`}`
`62`	`62`
	`63`	`+class AccountEmailChangeRequested extends AccountAuthenticated {`
	`64`	`+ final String? error;`
	`65`	`+ const AccountEmailChangeRequested(super.user, this.error);`
	`66`	`+}`
	`67`	`+`
`63`	`68`	`class AccountTrialRestartStarted extends AccountExpired {`
`64`	`69`	`const AccountTrialRestartStarted(super.user, super.trialAvailable);`
`65`	`70`	`}`