From ccf923bc98e57cc08d24848dd3c2c9fc76917fc2 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Thu, 13 Nov 2025 07:03:04 +0100
Subject: [PATCH] Clear PIN data on logout (#1340)

---
 .../src/entrypoints/popup/context/AuthContext.tsx        | 9 +++++++++
 apps/mobile-app/context/AuthContext.tsx                  | 8 ++++++++
 2 files changed, 17 insertions(+)

diff --git a/apps/browser-extension/src/entrypoints/popup/context/AuthContext.tsx b/apps/browser-extension/src/entrypoints/popup/context/AuthContext.tsx
index c64326fa6..c41ac1c75 100644
--- a/apps/browser-extension/src/entrypoints/popup/context/AuthContext.tsx
+++ b/apps/browser-extension/src/entrypoints/popup/context/AuthContext.tsx
@@ -4,6 +4,7 @@ import { sendMessage } from 'webext-bridge/popup';
 import { useDb } from '@/entrypoints/popup/context/DbContext';
 
 import { VAULT_LOCKED_DISMISS_UNTIL_KEY } from '@/utils/Constants';
+import { removeAndDisablePin } from '@/utils/PinUnlockService';
 
 import { storage } from '#imports';
 
@@ -73,6 +74,14 @@ export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children
     await storage.removeItems(['local:username', 'local:accessToken', 'local:refreshToken']);
     dbContext?.clearDatabase();
 
+    // Clear PIN unlock data (if any)
+    try {
+      await removeAndDisablePin();
+    } catch (error) {
+      console.error('Failed to remove PIN data:', error);
+      // Non-fatal error - continue with logout
+    }
+
     // Set local storage global message that will be shown on the login page.
     if (errorMessage) {
       setGlobalMessage(errorMessage);
diff --git a/apps/mobile-app/context/AuthContext.tsx b/apps/mobile-app/context/AuthContext.tsx
index 59fb24e6e..c9bda626f 100644
--- a/apps/mobile-app/context/AuthContext.tsx
+++ b/apps/mobile-app/context/AuthContext.tsx
@@ -205,6 +205,14 @@ export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children
       // Non-fatal error - continue with logout
     }
 
+    // Clear PIN unlock data (if any)
+    try {
+      await NativeVaultManager.removeAndDisablePin();
+    } catch (error) {
+      console.error('Failed to remove PIN data:', error);
+      // Non-fatal error - continue with logout
+    }
+
     // Clear from native layer
     await NativeVaultManager.clearUsername();
     await NativeVaultManager.clearAuthTokens();