monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(frontend): show Secret Key field when IndexedDB key is stale

Browse Source 
When a user logs in from a browser with an outdated Secret Key in
IndexedDB (e.g. after server rebuild/re-enrollment), the SRP handshake
fails with 401 but the Secret Key input field was never shown — leaving
the user stuck with no way to enter their current key.

Now detects stale-key 401s and prompts for manual Secret Key entry.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Staack
2026-03-09 21:30:09 -05:00
parent 32965857e7
commit 6c7dfe02f5
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
frontend/src/lib/auth.ts
View File

@@ -159,7 +159,14 @@ export const useAuth = create<AuthState>((set, get) => ({
const detail = axErr?.response?.data?.detail ?? ''
let message: string
if (axErr?.response?.status === 401) {
// SRP proof failed — wrong password, wrong Secret Key, or stale credentials
// SRP proof failed — wrong password, wrong Secret Key, or stale credentials.
// If the user didn't manually provide a key, the stored IndexedDB key is wrong
// (e.g. server was rebuilt, user re-enrolled). Show the Secret Key field so they
// can enter their current key from their Emergency Kit.
if (!secretKeyInput) {
set({ needsSecretKey: true, isLoading: false, isDerivingKeys: false, error: 'This device has an outdated Secret Key. Please enter your current Secret Key from your Emergency Kit.' })
return
}
message = 'Sign in failed. Check your password and Secret Key. If you lost your Secret Key, use "Forgot password?" to reset your account and get a new one.'
} else if (detail.includes('initialization failed')) {
message = 'Authentication setup failed. Please try again or reset your password.'