-
-
- Utilise les fonctionnalités de sécurité du navigateur
-
-
- â
WebAuthn standard
- â ïž DĂ©pendant du navigateur
- â ïž Moins sĂ©curisĂ© que les options OS
-
-
-
+
- đ
- Navigateur
- Moyennement sécurisé
+ đ
+ OTP (code Ă usage unique)
+ Sécurisé
-
Utilise les fonctionnalités de sécurité du navigateur
-
-
-
-
- đ±
- Application 2FA
- â ïž Non sĂ©curisĂ©
-
-
Stockage en clair avec authentification 2FA
+
Code OTP généré par Proton Pass, Google Authenticator, etc.
diff --git a/src/pages/security-setup/security-setup.html b/src/pages/security-setup/security-setup.html
index 95cbcca..946c62d 100644
--- a/src/pages/security-setup/security-setup.html
+++ b/src/pages/security-setup/security-setup.html
@@ -122,11 +122,6 @@
Utilise l'authentification biométrique de votre systÚme
-
-
đ Navigateur
-
Sauvegarde dans le gestionnaire de mots de passe du navigateur
-
-
đ OTP (code Ă usage unique)
Code OTP généré par Proton Pass, Google Authenticator, etc.
diff --git a/src/pages/security-setup/security-setup.ts b/src/pages/security-setup/security-setup.ts
index 800fd90..993f315 100644
--- a/src/pages/security-setup/security-setup.ts
+++ b/src/pages/security-setup/security-setup.ts
@@ -89,7 +89,9 @@ document.addEventListener('DOMContentLoaded', async () => {
console.log('â
PBKDF2 key generated and stored securely');
// Rediriger vers la page de génération du wallet
- window.location.href = '/src/pages/wallet-setup/wallet-setup.html';
+ console.log('đ Security setup completed, checking storage state...');
+ const { checkStorageStateAndNavigate } = await import('../../router');
+ await checkStorageStateAndNavigate();
} catch (error) {
console.error('â PBKDF2 key generation failed:', error);
diff --git a/src/pages/wallet-setup/wallet-setup.html b/src/pages/wallet-setup/wallet-setup.html
index dc47dbe..0eac0d4 100644
--- a/src/pages/wallet-setup/wallet-setup.html
+++ b/src/pages/wallet-setup/wallet-setup.html
@@ -112,7 +112,7 @@
-
+
diff --git a/src/pages/wallet-setup/wallet-setup.ts b/src/pages/wallet-setup/wallet-setup.ts
index 78261f3..cc61f26 100644
--- a/src/pages/wallet-setup/wallet-setup.ts
+++ b/src/pages/wallet-setup/wallet-setup.ts
@@ -142,8 +142,8 @@ document.addEventListener('DOMContentLoaded', async () => {
console.log('đ Testing all security modes to find a PBKDF2 key...');
// Tester tous les modes de sécurité pour trouver une clé PBKDF2 valide
- const allSecurityModes: Array<'browser' | 'otp' | 'password' | 'none' | 'os' | 'proton-pass'> =
- ['browser', 'otp', 'password', 'none', 'os', 'proton-pass'];
+ const allSecurityModes: Array<'otp' | 'password' | 'none' | 'os' | 'proton-pass'> =
+ ['otp', 'password', 'none', 'os', 'proton-pass'];
let currentMode: string | null = null;
@@ -466,6 +466,8 @@ document.addEventListener('DOMContentLoaded', async () => {
// Gestion du bouton continuer
continueBtn.addEventListener('click', () => {
console.log('đ Redirecting to pairing page...');
- window.location.href = '/src/pages/birthday-setup/birthday-setup.html';
+ console.log('đ° Wallet setup completed, checking storage state...');
+ const { checkStorageStateAndNavigate } = await import('../../router');
+ await checkStorageStateAndNavigate();
});
});
\ No newline at end of file
diff --git a/src/router.ts b/src/router.ts
index 2869a57..06141bd 100755
--- a/src/router.ts
+++ b/src/router.ts
@@ -17,10 +17,90 @@ const routes: { [key: string]: string } = {
account: '/src/pages/account/account.html',
chat: '/src/pages/chat/chat.html',
signature: '/src/pages/signature/signature.html',
+ 'security-setup': '/src/pages/security-setup/security-setup.html',
+ 'wallet-setup': '/src/pages/wallet-setup/wallet-setup.html',
+ 'birthday-setup': '/src/pages/birthday-setup/birthday-setup.html',
};
export let currentRoute = '';
+/**
+ * Vérifie l'état du storage et détermine quelle page afficher selon l'état actuel
+ * Logique de progression :
+ * - Si pairing â account
+ * - Si date anniversaire â pairing
+ * - Si wallet â birthday-setup
+ * - Si pbkdf2 â wallet-setup
+ * - Sinon â security-setup
+ */
+export async function checkStorageStateAndNavigate(): Promise
{
+ console.log('đ Checking storage state to determine next step...');
+
+ try {
+ // VĂ©rifier l'Ă©tat du pairing
+ const services = await Services.getInstance();
+ const isPaired = services.isPaired();
+
+ if (isPaired) {
+ console.log('â
Device is paired, navigating to account page');
+ await navigate('account');
+ return;
+ }
+
+ // Vérifier si la date anniversaire est configurée (wallet avec birthday > 0)
+ const device = await services.getDeviceFromDatabase();
+ if (device && device.sp_wallet && device.sp_wallet.birthday > 0) {
+ console.log('đ Birthday is configured, navigating to pairing');
+ await navigate('home'); // Pour l'instant, rediriger vers home pour le pairing
+ return;
+ }
+
+ // VĂ©rifier si le wallet existe (mĂȘme avec birthday = 0)
+ if (device && device.sp_wallet) {
+ console.log('đ° Wallet exists but birthday not set, navigating to birthday-setup');
+ await navigate('birthday-setup');
+ return;
+ }
+
+ // Vérifier si une clé PBKDF2 existe
+ const { SecureCredentialsService } = await import('./services/secure-credentials.service');
+ const secureCredentialsService = SecureCredentialsService.getInstance();
+
+ const allSecurityModes: Array<'otp' | 'password' | 'none' | 'os' | 'proton-pass'> =
+ ['otp', 'password', 'none', 'os', 'proton-pass'];
+
+ let hasPBKDF2Key = false;
+ for (const mode of allSecurityModes) {
+ try {
+ const key = await secureCredentialsService.retrievePBKDF2Key(mode);
+ if (key) {
+ hasPBKDF2Key = true;
+ console.log(`đ PBKDF2 key found for mode: ${mode}`);
+ break;
+ }
+ } catch (error) {
+ // Mode non disponible, continuer
+ }
+ }
+
+ if (hasPBKDF2Key) {
+ console.log('đ PBKDF2 key exists, navigating to wallet-setup');
+ await navigate('wallet-setup');
+ return;
+ }
+
+ // Aucune clé PBKDF2 trouvée, commencer par la configuration de sécurité
+ console.log('đ No PBKDF2 key found, navigating to security-setup');
+ await navigate('security-setup');
+
+ } catch (error) {
+ console.error('â Error checking storage state:', error);
+ // En cas d'erreur, commencer par la configuration de sécurité
+ console.log('đ Error occurred, defaulting to security-setup');
+ await navigate('security-setup');
+ }
+}
+
export async function navigate(path: string) {
console.log('đ§ Navigate called with path:', path);
cleanSubscriptions();
@@ -77,6 +157,12 @@ async function handleLocation(path: string) {
} catch (error) {
console.error('â Failed to initialize home page:', error);
}
+ } else if (path === 'security-setup' || path === 'wallet-setup' || path === 'birthday-setup') {
+ console.log('đ Processing setup route:', path);
+
+ // Pour les pages de setup, rediriger directement vers la page HTML
+ window.location.href = routeHtml;
+ return;
} else {
console.log('đ Processing other route:', path);
const html = await fetch(routeHtml).then(data => data.text());
@@ -138,108 +224,19 @@ export async function init(): Promise {
try {
console.log('đ Starting application initialization...');
- // ĂTAPE 1: GESTION DE LA SĂCURITĂ (clĂ©s de sĂ©curitĂ©) - EN PREMIER
- console.log('đ Step 1: Security key management...');
- const securityConfigured = await handleSecurityKeyManagement();
-
- if (!securityConfigured) {
- console.log('đ Security not configured, redirecting to home for setup...');
- // Naviguer directement vers home pour la configuration de sécurité
- handleLocation('home');
- return;
- }
-
- // ĂTAPE 2: INITIALISATION DES SERVICES (seulement aprĂšs la sĂ©curitĂ©)
- console.log('đ§ Step 2: Initializing services...');
+ // Initialiser les services de base
+ console.log('đ§ Initializing basic services...');
const services = await Services.getInstance();
(window as any).myService = services;
const db = await Database.getInstance();
- // Register service worker and wait for it to be ready
+ // Register service worker
console.log('đ± Registering service worker...');
await db.registerServiceWorker('/src/service-workers/database.worker.js');
- // ĂTAPE 3: CONNEXION AUX RELAIS (pour la hauteur de blocs)
- console.log('đ Step 3: Connecting to relays for block height...');
- try {
- console.log('đ Connecting to relays...');
- services.updateUserStatus('đ Connecting to blockchain relays...');
- await services.connectAllRelays();
- console.log('â
Relays connected successfully');
- services.updateUserStatus('â
Connected to blockchain relays');
-
- // CRITICAL: Wait for handshake to be processed and block height to be set
- console.log('âł Waiting for relay handshake to complete...');
- services.updateUserStatus('âł Waiting for blockchain synchronization...');
- await services.waitForBlockHeight();
- console.log('â
Block height received from relay');
- services.updateUserStatus('â
Blockchain synchronized');
- } catch (error) {
- console.warn('â ïž Failed to connect to some relays:', error);
- console.log('đ Continuing despite relay connection issues...');
- services.updateUserStatus('â ïž Some relays unavailable, continuing...');
- }
-
- // ĂTAPE 4: GĂNĂRATION/CHARGEMENT DU WALLET
- console.log('đ° Step 4: Wallet generation/loading...');
- const device = await services.getDeviceFromDatabase();
- console.log('đ ~ device:', device);
-
- if (!device) {
- // No wallet exists, create new account
- console.log('đ No existing wallet found, creating new account...');
- services.updateUserStatus('đ Creating new secure wallet...');
- await services.createNewDevice();
- services.updateUserStatus('â
New wallet created successfully');
- } else {
- // Wallet exists, restore it and check pairing
- console.log('đ Existing wallet found, restoring account...');
- services.updateUserStatus('đ Restoring existing wallet...');
- services.restoreDevice(device);
- services.updateUserStatus('â
Wallet restored successfully');
- }
-
- // CRITICAL: Now that block height is set, synchronize wallet
- console.log('đ Synchronizing wallet with blockchain...');
- services.updateUserStatus('đ Synchronizing wallet with blockchain...');
- await services.updateDeviceBlockHeight();
- console.log('â
Wallet synchronization completed');
- services.updateUserStatus('â
Wallet synchronized successfully');
-
- // ĂTAPE 5: HANDSHAKE
- console.log('đ€ Step 5: Performing handshake...');
- await performHandshake(services);
-
- // ĂTAPE 6: PAIRING
- console.log('đ Step 6: Device pairing...');
- await handlePairing(services);
-
- // ĂTAPE 7: ĂCOUTE DES PROCESSUS
- console.log('đ Step 7: Starting process listening...');
- await startProcessListening(services);
-
- // We register all the event listeners if we run in an iframe
- if (window.self !== window.top) {
- console.log('đŒïž Registering iframe listeners...');
- await registerAllListeners();
-
- // Add iframe mode class for styling
- document.body.classList.add('iframe-mode');
- }
-
- // Navigate to appropriate page based on pairing status
- const isPaired = services.isPaired();
- console.log('đ Device pairing status:', isPaired ? 'Paired' : 'Not paired');
-
- if (isPaired) {
- console.log('â
Device is paired, navigating to account page...');
- await navigate('account');
- console.log('â
Navigation to account completed');
- } else {
- console.log('â ïž Device not paired, navigating to home page...');
- await navigate('home');
- console.log('â
Navigation to home completed');
- }
+ // Vérifier l'état du storage et naviguer vers la page appropriée
+ console.log('đ Checking storage state and navigating to appropriate page...');
+ await checkStorageStateAndNavigate();
console.log('â
Application initialization completed successfully');
} catch (error) {
@@ -254,8 +251,8 @@ export async function init(): Promise {
alert('â ïž Insufficient memory for WebAssembly. Please refresh the page or close other tabs.');
}
- console.log('đ Falling back to home page...');
- await navigate('home');
+ console.log('đ Falling back to security-setup...');
+ await navigate('security-setup');
}
}
diff --git a/src/services/credentials/encryption.service.ts b/src/services/credentials/encryption.service.ts
index bbaa8b7..c514211 100644
--- a/src/services/credentials/encryption.service.ts
+++ b/src/services/credentials/encryption.service.ts
@@ -264,47 +264,4 @@ export class EncryptionService {
}
- /**
- * WARNING: DEPRECATED - This method does NOT encrypt, only base64 encoding
- * Use encryptWithPassword or WebAuthn key encryption instead
- */
- async encryptWithWebAuthn(
- credentials: CredentialData,
- credentialId: string
- ): Promise {
- secureLogger.error('encryptWithWebAuthn is deprecated and does NOT encrypt data', new Error('Use encryptWithPassword or WebAuthn encryption'));
-
- const data = JSON.stringify({
- spendKey: credentials.spendKey,
- scanKey: credentials.scanKey,
- timestamp: credentials.timestamp
- });
-
- // WARNING: Only base64 encoding, no encryption - DO NOT USE FOR SENSITIVE DATA
- const encoded = btoa(data);
- return encoded;
- }
-
- /**
- * WARNING: DEPRECATED - This method does NOT decrypt, only base64 decoding
- * Use decryptWithPassword or WebAuthn key decryption instead
- */
- async decryptWithWebAuthn(
- encryptedData: string,
- credentialId: string
- ): Promise {
- secureLogger.error('decryptWithWebAuthn is deprecated and does NOT decrypt data', new Error('Use decryptWithPassword or WebAuthn decryption'));
-
- // WARNING: Only base64 decoding, no decryption - DO NOT USE FOR SENSITIVE DATA
- const decoded = atob(encryptedData);
- const data = JSON.parse(decoded);
-
- return {
- spendKey: data.spendKey,
- scanKey: data.scanKey,
- salt: new Uint8Array(0),
- iterations: 0,
- timestamp: data.timestamp
- };
- }
}
diff --git a/src/services/credentials/storage.service.ts b/src/services/credentials/storage.service.ts
index 13a437f..4ed166c 100644
--- a/src/services/credentials/storage.service.ts
+++ b/src/services/credentials/storage.service.ts
@@ -20,77 +20,6 @@ export class StorageService {
return StorageService.instance;
}
- /**
- * Stocke une clé dans le gestionnaire de mots de passe du navigateur
- */
- async storeKeyInBrowser(key: string): Promise {
- try {
- secureLogger.info('Storing key in browser password manager', {
- component: 'StorageService',
- operation: 'storeKeyInBrowser'
- });
-
- // IMPORTANT: Ne jamais stocker la clé PBKDF2 en clair !
- // Utiliser l'API Credential Management pour stocker comme mot de passe
- // Le navigateur chiffrera automatiquement le mot de passe
- const credential = new PasswordCredential({
- id: 'lecoffre-pbkdf2-key',
- password: key, // Le navigateur chiffre automatiquement ce mot de passe
- name: 'LeCoffre PBKDF2 Key'
- });
-
- await navigator.credentials.store(credential);
-
- secureLogger.info('Key stored in browser password manager successfully (encrypted by browser)', {
- component: 'StorageService',
- operation: 'storeKeyInBrowser'
- });
-
- } catch (error) {
- secureLogger.error('Failed to store key in browser password manager', {
- component: 'StorageService',
- operation: 'storeKeyInBrowser',
- error: error instanceof Error ? error.message : String(error)
- });
- throw error;
- }
- }
-
-
- /**
- * Stocke un wallet chiffré
- */
- async storeEncryptedWallet(encryptedWallet: string): Promise {
- try {
- secureLogger.info('Storing encrypted wallet', {
- component: 'StorageService',
- operation: 'storeEncryptedWallet'
- });
-
- const db = await this.openDatabase();
- const transaction = db.transaction([this.storeName], 'readwrite');
- const store = transaction.objectStore(this.storeName);
-
- await new Promise((resolve, reject) => {
- const request = store.put(encryptedWallet, 'encrypted-wallet');
- request.onsuccess = () => resolve();
- request.onerror = () => reject(request.error);
- });
-
- secureLogger.info('Encrypted wallet stored successfully', {
- component: 'StorageService',
- operation: 'storeEncryptedWallet'
- });
- } catch (error) {
- secureLogger.error('Failed to store encrypted wallet', {
- component: 'StorageService',
- operation: 'storeEncryptedWallet',
- error: error instanceof Error ? error.message : String(error)
- });
- throw error;
- }
- }
-
/**
* Stocke une clé en clair (non recommandé)
*/
@@ -126,31 +55,6 @@ export class StorageService {
}
}
- /**
- * RécupÚre une clé depuis le gestionnaire de mots de passe du navigateur
- */
- async retrieveKeyFromBrowser(): Promise {
- try {
- const credentials = await navigator.credentials.get({
- password: true,
- mediation: 'required' as CredentialMediationRequirement
- });
-
- if (credentials && 'password' in credentials) {
- return credentials.password || null;
- }
-
- return null;
- } catch (error) {
- secureLogger.error('Failed to retrieve key from browser', {
- component: 'StorageService',
- operation: 'retrieveKeyFromBrowser',
- error: error instanceof Error ? error.message : String(error)
- });
- return null;
- }
- }
-
/**
* RécupÚre une clé en clair depuis IndexedDB
*/
diff --git a/src/services/secure-credentials.service.ts b/src/services/secure-credentials.service.ts
index d21687a..14d9d79 100644
--- a/src/services/secure-credentials.service.ts
+++ b/src/services/secure-credentials.service.ts
@@ -58,11 +58,11 @@ export class SecureCredentialsService {
let currentMode = await this.securityModeService.getCurrentMode();
if (!currentMode) {
- secureLogger.warn('No security mode selected, using default mode: browser', {
+ secureLogger.warn('No security mode selected, using default mode: none', {
component: 'SecureCredentialsService',
operation: 'generateSecureCredentials'
});
- currentMode = 'browser';
+ currentMode = 'none';
await this.securityModeService.setSecurityMode(currentMode);
}
@@ -83,8 +83,6 @@ export class SecureCredentialsService {
} else if (modeConfig.implementation.useEncryption) {
if (currentMode === 'password') {
return this.generatePasswordCredentials(password, _options);
- } else if (currentMode === 'browser') {
- return this.generateBrowserCredentials(password, _options);
} else {
return this.generateEncryptedCredentials(password, _options);
}
@@ -113,10 +111,6 @@ export class SecureCredentialsService {
// Récupérer la clé chiffrée avec WebAuthn
return await webAuthnService.retrieveKeyWithWebAuthn(securityMode);
- case 'browser':
- // Récupérer la clé du gestionnaire de mots de passe
- return await storageService.retrieveKeyFromBrowser();
-
case 'otp':
// Récupérer la clé en clair (l'OTP protÚge l'accÚs)
return await storageService.retrievePlainKey();
@@ -126,8 +120,15 @@ export class SecureCredentialsService {
return await storageService.retrieveEncryptedKey();
case 'none':
- // Récupérer la clé en clair
- return await storageService.retrievePlainKey();
+ // Récupérer la clé chiffrée avec la clé en dur
+ const encryptedData = await storageService.retrieveEncryptedKey();
+ if (encryptedData) {
+ const { EncryptionService } = await import('./encryption.service');
+ const encryptionService = EncryptionService.getInstance();
+ const hardcodedKey = '4NK_DEFAULT_ENCRYPTION_KEY_NOT_SECURE';
+ return await encryptionService.decrypt(encryptedData, hardcodedKey);
+ }
+ return null;
default:
return null;
@@ -182,12 +183,6 @@ export class SecureCredentialsService {
await webAuthnService.storeKeyWithWebAuthn(pbkdf2Key, securityMode);
break;
- case 'browser':
- // Stocker dans le gestionnaire de mots de passe du navigateur
- console.log('đ Storing PBKDF2 key in browser password manager...');
- await storageService.storeKeyInBrowser(pbkdf2Key);
- break;
-
case 'otp':
// Générer un secret OTP pour l'authentification (pas de chiffrement)
console.log('đ Setting up OTP authentication for PBKDF2 key...');
@@ -208,9 +203,11 @@ export class SecureCredentialsService {
break;
case 'none':
- // Stockage en clair (non recommandé)
- console.log('â ïž Storing PBKDF2 key in plain text (not recommended)...');
- await storageService.storePlainKey(pbkdf2Key);
+ // Chiffrer avec une clé déterminée en dur (non sécurisé)
+ console.log('â ïž Storing PBKDF2 key with hardcoded encryption (not recommended)...');
+ const hardcodedKey = '4NK_DEFAULT_ENCRYPTION_KEY_NOT_SECURE';
+ const encryptedKeyNone = await encryptionService.encrypt(pbkdf2Key, hardcodedKey);
+ await storageService.storeEncryptedKey(encryptedKeyNone, securityMode);
break;
default:
@@ -347,57 +344,6 @@ export class SecureCredentialsService {
}
}
- /**
- * GĂ©nĂšre des credentials pour le navigateur
- */
- private async generateBrowserCredentials(
- password: string,
- _options: CredentialOptions = {}
- ): Promise {
- try {
- secureLogger.info('Generating browser-saved credentials', {
- component: 'SecureCredentialsService',
- operation: 'generateBrowserCredentials'
- });
-
- // Import dynamique du service
- const { EncryptionService } = await import('./encryption.service');
- const encryptionService = EncryptionService.getInstance();
-
- // Générer des clés aléatoires
- const keys = encryptionService.generateRandomKeys();
-
- // Créer un formulaire temporaire pour déclencher la sauvegarde du navigateur
- const form = document.createElement('form');
- form.style.cssText = 'position: absolute; left: -9999px; top: -9999px;';
- form.innerHTML = `
-
-
-
- `;
-
- document.body.appendChild(form);
- const submitEvent = new Event('submit', { bubbles: true, cancelable: true });
- form.dispatchEvent(submitEvent);
- await new Promise(resolve => setTimeout(resolve, 1000));
- document.body.removeChild(form);
-
- return {
- spendKey: keys.spendKey,
- scanKey: keys.scanKey,
- salt: new Uint8Array(0),
- iterations: 0,
- timestamp: Date.now()
- };
- } catch (error) {
- secureLogger.error('Failed to generate browser credentials', error as Error, {
- component: 'SecureCredentialsService',
- operation: 'generateBrowserCredentials'
- });
- throw error;
- }
- }
-
/**
* GénÚre des credentials chiffrés
*/
diff --git a/src/services/security-mode.service.ts b/src/services/security-mode.service.ts
index 164f567..5f20d79 100644
--- a/src/services/security-mode.service.ts
+++ b/src/services/security-mode.service.ts
@@ -6,7 +6,7 @@
import { secureLogger } from './secure-logger';
-export type SecurityMode = 'proton-pass' | 'os' | 'browser' | 'otp' | '2fa' | 'password' | 'none';
+export type SecurityMode = 'proton-pass' | 'os' | 'otp' | '2fa' | 'password' | 'none';
export interface SecurityModeConfig {
mode: SecurityMode;
@@ -20,6 +20,8 @@ export interface SecurityModeConfig {
useEncryption: boolean;
usePlatformAuth: boolean;
storageType: 'encrypted' | 'plain' | 'hybrid';
+ requiresOTP?: boolean;
+ requiresPassword?: boolean;
};
}
@@ -124,20 +126,6 @@ export class SecurityModeService {
storageType: 'encrypted'
}
},
- 'browser': {
- mode: 'browser',
- name: 'Navigateur',
- description: 'Utilise les fonctionnalités de sécurité du navigateur',
- securityLevel: 'medium',
- requiresConfirmation: false,
- warnings: [],
- implementation: {
- useWebAuthn: true,
- useEncryption: true,
- usePlatformAuth: false,
- storageType: 'encrypted'
- }
- },
'otp': {
mode: 'otp',
name: 'OTP (Proton Pass Compatible)',
@@ -193,19 +181,20 @@ export class SecurityModeService {
'none': {
mode: 'none',
name: 'Aucune Sécurité',
- description: 'Stockage en clair sans aucune protection',
+ description: 'Chiffrement avec une clé déterminée en dur (non sécurisé)',
securityLevel: 'critical',
requiresConfirmation: true,
warnings: [
- 'đš ClĂ©s stockĂ©es en clair',
+ 'đš ClĂ© de chiffrement en dur',
'đš AccĂšs non protĂ©gĂ©',
'đš RISQUE ĂLEVĂ'
],
implementation: {
useWebAuthn: false,
- useEncryption: false,
+ useEncryption: true,
usePlatformAuth: false,
- storageType: 'plain'
+ storageType: 'encrypted',
+ requiresPassword: false
}
}
};
@@ -244,14 +233,14 @@ export class SecurityModeService {
* RĂ©cupĂšre tous les modes disponibles
*/
public getAvailableModes(): SecurityMode[] {
- return ['proton-pass', 'os', 'browser', '2fa', 'none'];
+ return ['proton-pass', 'os', 'otp', '2fa', 'password', 'none'];
}
/**
* RécupÚre les modes recommandés (sécurisés)
*/
public getRecommendedModes(): SecurityMode[] {
- return ['proton-pass', 'os', 'browser'];
+ return ['proton-pass', 'os', 'otp'];
}
/**
diff --git a/src/services/service.ts b/src/services/service.ts
index 4d57a9b..030bb19 100755
--- a/src/services/service.ts
+++ b/src/services/service.ts
@@ -1841,16 +1841,16 @@ export default class Services {
if (dbRes['encrypted_device']) {
// New encrypted format - need to decrypt
console.log('đ Wallet found in encrypted format, decrypting...');
-
+
// Get the PBKDF2 key based on security mode
const { SecureCredentialsService } = await import('./secure-credentials.service');
const secureCredentialsService = SecureCredentialsService.getInstance();
-
+
// Get all security modes to find which one works
- const allSecurityModes = ['browser', 'otp', 'password', 'none', 'os', 'proton-pass'];
+ const allSecurityModes = ['otp', 'password', 'none', 'os', 'proton-pass'];
let pbkdf2Key: string | null = null;
let workingMode: string | null = null;
-
+
for (const mode of allSecurityModes) {
try {
const key = await secureCredentialsService.retrievePBKDF2Key(mode as any);
@@ -1863,20 +1863,20 @@ export default class Services {
// Continue to next mode
}
}
-
+
if (!pbkdf2Key) {
throw new Error('Failed to retrieve PBKDF2 key - cannot decrypt wallet');
}
-
+
// Decrypt the device
const { EncryptionService } = await import('./encryption.service');
const encryptionService = EncryptionService.getInstance();
-
+
const decryptedDeviceString = await encryptionService.decrypt(
dbRes['encrypted_device'],
pbkdf2Key
);
-
+
const decryptedDevice = JSON.parse(decryptedDeviceString);
console.log('â
Wallet decrypted successfully');
return decryptedDevice;