Fix account deletion not working in mobile app for newly created accounts (#1721)

2026-05-18 21:40:41 -04:00 · 2026-02-16 19:04:28 +01:00
parent 03b91ababa
commit 22d2f559c7
3 changed files with 7 additions and 12 deletions
--- a/apps/mobile-app/app/(tabs)/settings/security/delete-account.tsx
+++ b/apps/mobile-app/app/(tabs)/settings/security/delete-account.tsx
@@ -143,7 +143,7 @@ export default function DeleteAccountScreen(): React.ReactNode {
      await new Promise((resolve) => setTimeout(resolve, 500));

      if (!username) {
-        throw new Error(t('settings.securitySettings.deleteAccount.usernameNotFound'));
+        throw new Error(t('common.errors.unknownErrorTryAgain'));
      }

      const deleteAccountInitiateRequest: DeleteAccountInitiateRequest = {
@@ -154,6 +154,7 @@ export default function DeleteAccountScreen(): React.ReactNode {
      const data = await webApi.post<DeleteAccountInitiateRequest, DeleteAccountInitiateResponse>('Auth/delete-account/initiate', deleteAccountInitiateRequest);
      const currentSalt = data.salt;
      const currentServerEphemeral = data.serverEphemeral;
+      const srpIdentity = data.srpIdentity;

      setLoadingStatus(t('settings.securitySettings.deleteAccount.verifyingWithServer'));
      // Convert base64 string to hex string
@@ -162,23 +163,17 @@ export default function DeleteAccountScreen(): React.ReactNode {
      // Generate client ephemeral and session using native SRP
      const newClientEphemeral = await NativeVaultManager.srpGenerateEphemeral();

-      // Get username from the auth context, always lowercase and trimmed which is required for the argon2id key derivation
-      const sanitizedUsername = username?.toLowerCase().trim();
-      if (!sanitizedUsername) {
-        throw new Error(t('settings.securitySettings.deleteAccount.usernameNotFound'));
-      }
-
-      const privateKey = await NativeVaultManager.srpDerivePrivateKey(currentSalt, sanitizedUsername, currentPasswordHashString);
+      const privateKey = await NativeVaultManager.srpDerivePrivateKey(currentSalt, srpIdentity, currentPasswordHashString);
      const newClientSession = await NativeVaultManager.srpDeriveSession(
        newClientEphemeral.secret,
        currentServerEphemeral,
        currentSalt,
-        sanitizedUsername,
+        srpIdentity,
        privateKey
      );

      const deleteAccountRequest: DeleteAccountRequest = {
-        username: sanitizedUsername,
+        username: username,
        clientPublicEphemeral: newClientEphemeral.public,
        clientSessionProof: newClientSession.proof,
      };
--- a/apps/mobile-app/i18n/locales/en.json
+++ b/apps/mobile-app/i18n/locales/en.json
@@ -305,8 +305,7 @@
        "verifyingWithServer": "Verifying with server",
        "deletingAccount": "Deleting account",
        "accountDeleted": "Account deleted successfully",
-        "failedToDelete": "Failed to delete account. Please try again.",
-        "usernameNotFound": "Username not found. Please login again."
+        "failedToDelete": "Failed to delete account. Please try again."
      }
    },
    "qrScanner": {
--- a/core/models/src/webapi/DeleteAccountInitiate.ts
+++ b/core/models/src/webapi/DeleteAccountInitiate.ts
@@ -13,4 +13,5 @@ export type DeleteAccountInitiateResponse = {
  serverEphemeral: string;
  encryptionType: string;
  encryptionSettings: string;
+  srpIdentity: string;
 };