From 4a7ed739f209afb537ae88519fa009148e676568 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Wed, 15 Apr 2026 20:32:43 +0200
Subject: [PATCH] Update password change logic to use srpIdentity from server
 (#1911)

---
 apps/mobile-app/hooks/useVaultMutate.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apps/mobile-app/hooks/useVaultMutate.ts b/apps/mobile-app/hooks/useVaultMutate.ts
index d30dccec4..8ba5ac85d 100644
--- a/apps/mobile-app/hooks/useVaultMutate.ts
+++ b/apps/mobile-app/hooks/useVaultMutate.ts
@@ -185,12 +185,14 @@ export function useVaultMutate() : {
       throw new Error(t('common.errors.unknownError'));
     }
 
-    const privateKey = await NativeVaultManager.srpDerivePrivateKey(currentSalt, username, currentPasswordHashString);
+    // Use srpIdentity from server response if available, otherwise fall back to username.
+    const srpIdentity = data.srpIdentity ?? username;
+    const privateKey = await NativeVaultManager.srpDerivePrivateKey(currentSalt, srpIdentity, currentPasswordHashString);
     const newClientSession = await NativeVaultManager.srpDeriveSession(
       newClientEphemeral.secret,
       currentServerEphemeral,
       currentSalt,
-      username,
+      srpIdentity,
       privateKey
     );
 
@@ -226,7 +228,7 @@ export function useVaultMutate() : {
     }
 
     // Generate SRP password change data using native SRP
-    const newPrivateKey = await NativeVaultManager.srpDerivePrivateKey(newSalt, username, newPasswordHashString);
+    const newPrivateKey = await NativeVaultManager.srpDerivePrivateKey(newSalt, srpIdentity, newPasswordHashString);
     const newVerifier = await NativeVaultManager.srpDeriveVerifier(newPrivateKey);
 
     // Prepare vault for password change