From 22d2f559c76c0cba8163eeb82f9f2efc49526bae Mon Sep 17 00:00:00 2001 From: Leendert de Borst Date: Mon, 16 Feb 2026 19:04:28 +0100 Subject: [PATCH] Fix account deletion not working in mobile app for newly created accounts (#1721) --- .../(tabs)/settings/security/delete-account.tsx | 15 +++++---------- apps/mobile-app/i18n/locales/en.json | 3 +-- core/models/src/webapi/DeleteAccountInitiate.ts | 1 + 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/apps/mobile-app/app/(tabs)/settings/security/delete-account.tsx b/apps/mobile-app/app/(tabs)/settings/security/delete-account.tsx index b12f96d35..c3a062a8b 100644 --- a/apps/mobile-app/app/(tabs)/settings/security/delete-account.tsx +++ b/apps/mobile-app/app/(tabs)/settings/security/delete-account.tsx @@ -143,7 +143,7 @@ export default function DeleteAccountScreen(): React.ReactNode { await new Promise((resolve) => setTimeout(resolve, 500)); if (!username) { - throw new Error(t('settings.securitySettings.deleteAccount.usernameNotFound')); + throw new Error(t('common.errors.unknownErrorTryAgain')); } const deleteAccountInitiateRequest: DeleteAccountInitiateRequest = { @@ -154,6 +154,7 @@ export default function DeleteAccountScreen(): React.ReactNode { const data = await webApi.post('Auth/delete-account/initiate', deleteAccountInitiateRequest); const currentSalt = data.salt; const currentServerEphemeral = data.serverEphemeral; + const srpIdentity = data.srpIdentity; setLoadingStatus(t('settings.securitySettings.deleteAccount.verifyingWithServer')); // Convert base64 string to hex string @@ -162,23 +163,17 @@ export default function DeleteAccountScreen(): React.ReactNode { // Generate client ephemeral and session using native SRP const newClientEphemeral = await NativeVaultManager.srpGenerateEphemeral(); - // Get username from the auth context, always lowercase and trimmed which is required for the argon2id key derivation - const sanitizedUsername = username?.toLowerCase().trim(); - if (!sanitizedUsername) { - throw new Error(t('settings.securitySettings.deleteAccount.usernameNotFound')); - } - - const privateKey = await NativeVaultManager.srpDerivePrivateKey(currentSalt, sanitizedUsername, currentPasswordHashString); + const privateKey = await NativeVaultManager.srpDerivePrivateKey(currentSalt, srpIdentity, currentPasswordHashString); const newClientSession = await NativeVaultManager.srpDeriveSession( newClientEphemeral.secret, currentServerEphemeral, currentSalt, - sanitizedUsername, + srpIdentity, privateKey ); const deleteAccountRequest: DeleteAccountRequest = { - username: sanitizedUsername, + username: username, clientPublicEphemeral: newClientEphemeral.public, clientSessionProof: newClientSession.proof, }; diff --git a/apps/mobile-app/i18n/locales/en.json b/apps/mobile-app/i18n/locales/en.json index b5358e927..a647c377f 100644 --- a/apps/mobile-app/i18n/locales/en.json +++ b/apps/mobile-app/i18n/locales/en.json @@ -305,8 +305,7 @@ "verifyingWithServer": "Verifying with server", "deletingAccount": "Deleting account", "accountDeleted": "Account deleted successfully", - "failedToDelete": "Failed to delete account. Please try again.", - "usernameNotFound": "Username not found. Please login again." + "failedToDelete": "Failed to delete account. Please try again." } }, "qrScanner": { diff --git a/core/models/src/webapi/DeleteAccountInitiate.ts b/core/models/src/webapi/DeleteAccountInitiate.ts index 703d3fbbe..b9d039dd1 100644 --- a/core/models/src/webapi/DeleteAccountInitiate.ts +++ b/core/models/src/webapi/DeleteAccountInitiate.ts @@ -13,4 +13,5 @@ export type DeleteAccountInitiateResponse = { serverEphemeral: string; encryptionType: string; encryptionSettings: string; + srpIdentity: string; };