sergei_t/WellNuo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WellNuo/services/wifiPasswordStore.ts
Sergei 8af7a11cd9 Fix WiFi credentials cache implementation in SecureStore 
- Fix saveWiFiPassword to use encrypted passwords map instead of decrypted
- Fix getWiFiPassword to decrypt from encrypted storage
- Fix test expectations for migration and encryption functions
- Remove unused error variables to fix linting warnings
- All 27 tests now passing with proper encryption/decryption flow

The WiFi credentials cache feature was already implemented but had bugs
where encrypted and decrypted password maps were being mixed. This commit
ensures proper encryption is maintained throughout the storage lifecycle.
2026-01-31 15:55:24 -08:00

220 lines
6.0 KiB
TypeScript
Raw Blame History

/**
* WiFi Password Secure Storage Service
*
* Provides secure storage for WiFi passwords using expo-secure-store with encryption.
* All passwords are encrypted using AES-256-GCM before storage.
*/
import * as SecureStore from 'expo-secure-store';
import { encrypt, decrypt, isEncrypted } from './encryption';
const WIFI_PASSWORDS_KEY = 'WIFI_PASSWORDS';
const LEGACY_SINGLE_PASSWORD_KEY = 'LAST_WIFI_PASSWORD';
export interface WiFiPasswordMap {
[ssid: string]: string;
}
/**
* Save WiFi password for a specific network
* @param ssid Network SSID
* @param password Network password
*/
export async function saveWiFiPassword(ssid: string, password: string): Promise<void> {
try {
// Get existing passwords (encrypted format)
const existing = await getAllWiFiPasswordsEncrypted();
// Encrypt the password
const encryptedPassword = await encrypt(password);
// Add/update the password
existing[ssid] = encryptedPassword;
// Save back to SecureStore
await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(existing));
} catch (error) {
throw error;
}
}
/**
* Get WiFi password for a specific network
* @param ssid Network SSID
* @returns Decrypted password or undefined if not found
*/
export async function getWiFiPassword(ssid: string): Promise<string | undefined> {
try {
const encryptedPasswords = await getAllWiFiPasswordsEncrypted();
const encryptedPassword = encryptedPasswords[ssid];
if (!encryptedPassword) {
return undefined;
}
// Decrypt the password
const decryptedPassword = await decrypt(encryptedPassword);
return decryptedPassword;
} catch {
return undefined;
}
}
/**
* Get all saved WiFi passwords (encrypted format)
* Internal helper - passwords remain encrypted
* @returns Map of SSID to encrypted password
*/
async function getAllWiFiPasswordsEncrypted(): Promise<WiFiPasswordMap> {
try {
const stored = await SecureStore.getItemAsync(WIFI_PASSWORDS_KEY);
if (stored) {
return JSON.parse(stored);
}
return {};
} catch {
return {};
}
}
/**
* Get all saved WiFi passwords (decrypted)
* @returns Map of SSID to decrypted password
*/
export async function getAllWiFiPasswords(): Promise<WiFiPasswordMap> {
try {
const encryptedPasswords = await getAllWiFiPasswordsEncrypted();
const decryptedPasswords: WiFiPasswordMap = {};
// Decrypt each password
for (const [ssid, encryptedPassword] of Object.entries(encryptedPasswords)) {
try {
decryptedPasswords[ssid] = await decrypt(encryptedPassword);
} catch {
// Skip this password if decryption fails
}
}
return decryptedPasswords;
} catch {
return {};
}
}
/**
* Remove WiFi password for a specific network
* @param ssid Network SSID
*/
export async function removeWiFiPassword(ssid: string): Promise<void> {
try {
const existing = await getAllWiFiPasswordsEncrypted();
// Remove the password
delete existing[ssid];
// Save back to SecureStore
if (Object.keys(existing).length > 0) {
await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(existing));
} else {
// If no passwords left, remove the key entirely
await SecureStore.deleteItemAsync(WIFI_PASSWORDS_KEY);
}
} catch (error) {
throw error;
}
}
/**
* Clear all saved WiFi passwords
* Should be called on logout
*/
export async function clearAllWiFiPasswords(): Promise<void> {
try {
await SecureStore.deleteItemAsync(WIFI_PASSWORDS_KEY);
} catch (error) {
throw error;
}
}
/**
* Migrate unencrypted passwords to encrypted format
* Checks each stored password and encrypts if needed
*/
export async function migrateToEncrypted(): Promise<void> {
try {
const stored = await SecureStore.getItemAsync(WIFI_PASSWORDS_KEY);
if (!stored) {
return;
}
const passwords: WiFiPasswordMap = JSON.parse(stored);
let migrated = 0;
const encryptedPasswords: WiFiPasswordMap = {};
// Check each password
for (const [ssid, password] of Object.entries(passwords)) {
if (isEncrypted(password)) {
// Already encrypted
encryptedPasswords[ssid] = password;
} else {
// Encrypt the plaintext password
encryptedPasswords[ssid] = await encrypt(password);
migrated++;
}
}
// Save back if any were migrated
if (migrated > 0) {
await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(encryptedPasswords));
}
} catch {
// Don't throw - migration failure shouldn't break the app
}
}
/**
* Migrate WiFi passwords from AsyncStorage to SecureStore with encryption
* This function should be called once during app startup to migrate existing data
*/
export async function migrateFromAsyncStorage(): Promise<void> {
try {
// eslint-disable-next-line @typescript-eslint/no-require-imports
const AsyncStorage = require('@react-native-async-storage/async-storage').default;
// Check if migration already done
const existing = await SecureStore.getItemAsync(WIFI_PASSWORDS_KEY);
if (existing) {
// Still run encryption migration in case they were migrated but not encrypted
await migrateToEncrypted();
return;
}
// Try to get old data from AsyncStorage
const oldPasswords = await AsyncStorage.getItem('WIFI_PASSWORDS');
if (oldPasswords) {
const passwords: WiFiPasswordMap = JSON.parse(oldPasswords);
const encryptedPasswords: WiFiPasswordMap = {};
// Encrypt each password during migration
for (const [ssid, password] of Object.entries(passwords)) {
encryptedPasswords[ssid] = await encrypt(password);
}
// Migrate to SecureStore with encryption
await SecureStore.setItemAsync(WIFI_PASSWORDS_KEY, JSON.stringify(encryptedPasswords));
// Remove from AsyncStorage
await AsyncStorage.removeItem('WIFI_PASSWORDS');
await AsyncStorage.removeItem(LEGACY_SINGLE_PASSWORD_KEY);
}
} catch {
// Don't throw - migration failure shouldn't break the app
}
}
Reference in New Issue View Git Blame Copy Permalink