All files / services wifiPasswordStore.ts

0% Statements 0/69
0% Branches 0/16
0% Functions 0/8
0% Lines 0/69
Press n or j to go to the next uncovered block, b, p or k for the previous block.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  /**
 * WiFi Password Secure Storage Service
 *
 * Provides secure storage for WiFi passwords using expo-secure-store with encryption.
 * All passwords are encrypted using AES-256-GCM before storage.
 */
 
import * as SecureStore from 'expo-secure-store';
import { encrypt, decrypt, isEncrypted } from './encryption';
 
const WIFI_PASSWORDS_KEY = 'WIFI_PASSWORDS';
const LEGACY_SINGLE_PASSWORD_KEY = 'LAST_WIFI_PASSWORD';
 
export interface WiFiPasswordMap {
  [ssid: string]: string;
}
 
/**
 * Save WiFi password for a specific network
 * @param ssid Network SSID
 * @param password Network password
 */
export async function saveWiFiPassword(ssid: string, password: string): Promise<void> {
  try {
    // Get existing passwords (encrypted format)
    const existing = await getAllWiFiPasswordsEncrypted();
 
    // Encrypt the password
    const encryptedPassword = await encrypt(password);
 
    // Add/update the password
    existing[ssid] = encryptedPassword;
 
    // Save back to SecureStore
    await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(existing));
 
  } catch (error) {
    throw error;
  }
}
 
/**
 * Get WiFi password for a specific network
 * @param ssid Network SSID
 * @returns Decrypted password or undefined if not found
 */
export async function getWiFiPassword(ssid: string): Promise<string | undefined> {
  try {
    const encryptedPasswords = await getAllWiFiPasswordsEncrypted();
    const encryptedPassword = encryptedPasswords[ssid];
 
    if (!encryptedPassword) {
      return undefined;
    }
 
    // Decrypt the password
    const decryptedPassword = await decrypt(encryptedPassword);
    return decryptedPassword;
  } catch {
    return undefined;
  }
}
 
/**
 * Get all saved WiFi passwords (encrypted format)
 * Internal helper - passwords remain encrypted
 * @returns Map of SSID to encrypted password
 */
async function getAllWiFiPasswordsEncrypted(): Promise<WiFiPasswordMap> {
  try {
    const stored = await SecureStore.getItemAsync(WIFI_PASSWORDS_KEY);
 
    if (stored) {
      return JSON.parse(stored);
    }
 
    return {};
  } catch {
    return {};
  }
}
 
/**
 * Get all saved WiFi passwords (decrypted)
 * @returns Map of SSID to decrypted password
 */
export async function getAllWiFiPasswords(): Promise<WiFiPasswordMap> {
  try {
    const encryptedPasswords = await getAllWiFiPasswordsEncrypted();
    const decryptedPasswords: WiFiPasswordMap = {};
 
    // Decrypt each password
    for (const [ssid, encryptedPassword] of Object.entries(encryptedPasswords)) {
      try {
        decryptedPasswords[ssid] = await decrypt(encryptedPassword);
      } catch {
        // Skip this password if decryption fails
      }
    }
 
    return decryptedPasswords;
  } catch {
    return {};
  }
}
 
/**
 * Remove WiFi password for a specific network
 * @param ssid Network SSID
 */
export async function removeWiFiPassword(ssid: string): Promise<void> {
  try {
    const existing = await getAllWiFiPasswordsEncrypted();
 
    // Remove the password
    delete existing[ssid];
 
    // Save back to SecureStore
    if (Object.keys(existing).length > 0) {
      await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(existing));
    } else {
      // If no passwords left, remove the key entirely
      await SecureStore.deleteItemAsync(WIFI_PASSWORDS_KEY);
    }
 
  } catch (error) {
    throw error;
  }
}
 
/**
 * Clear all saved WiFi passwords
 * Should be called on logout
 */
export async function clearAllWiFiPasswords(): Promise<void> {
  try {
    await SecureStore.deleteItemAsync(WIFI_PASSWORDS_KEY);
  } catch (error) {
    throw error;
  }
}
 
/**
 * Migrate unencrypted passwords to encrypted format
 * Checks each stored password and encrypts if needed
 */
export async function migrateToEncrypted(): Promise<void> {
  try {
    const stored = await SecureStore.getItemAsync(WIFI_PASSWORDS_KEY);
 
    if (!stored) {
      return;
    }
 
    const passwords: WiFiPasswordMap = JSON.parse(stored);
    let migrated = 0;
    const encryptedPasswords: WiFiPasswordMap = {};
 
    // Check each password
    for (const [ssid, password] of Object.entries(passwords)) {
      if (isEncrypted(password)) {
        // Already encrypted
        encryptedPasswords[ssid] = password;
      } else {
        // Encrypt the plaintext password
        encryptedPasswords[ssid] = await encrypt(password);
        migrated++;
      }
    }
 
    // Save back if any were migrated
    if (migrated > 0) {
      await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(encryptedPasswords));
    }
  } catch {
    // Don't throw - migration failure shouldn't break the app
  }
}
 
/**
 * Migrate WiFi passwords from AsyncStorage to SecureStore with encryption
 * This function should be called once during app startup to migrate existing data
 */
export async function migrateFromAsyncStorage(): Promise<void> {
  try {
    // eslint-disable-next-line @typescript-eslint/no-require-imports
    const AsyncStorage = require('@react-native-async-storage/async-storage').default;
 
    // Check if migration already done
    const existing = await SecureStore.getItemAsync(WIFI_PASSWORDS_KEY);
    if (existing) {
      // Still run encryption migration in case they were migrated but not encrypted
      await migrateToEncrypted();
      return;
    }
 
    // Try to get old data from AsyncStorage
    const oldPasswords = await AsyncStorage.getItem('WIFI_PASSWORDS');
 
    if (oldPasswords) {
      const passwords: WiFiPasswordMap = JSON.parse(oldPasswords);
      const encryptedPasswords: WiFiPasswordMap = {};
 
      // Encrypt each password during migration
      for (const [ssid, password] of Object.entries(passwords)) {
        encryptedPasswords[ssid] = await encrypt(password);
      }
 
      // Migrate to SecureStore with encryption
      await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(encryptedPasswords));
 
      // Remove from AsyncStorage
      await AsyncStorage.removeItem('WIFI_PASSWORDS');
      await AsyncStorage.removeItem(LEGACY_SINGLE_PASSWORD_KEY);
    }
  } catch {
    // Don't throw - migration failure shouldn't break the app
  }
}