@oxyhq/services 5.15.9 → 5.16.1

package/src/ui/context/hooks/useAuthOperations.ts

@@ -26,14 +26,17 @@ export interface UseAuthOperationsOptions {
   loginFailure: (message: string) => void;
   logoutStore: () => void;
   setAuthState: (state: Partial<AuthState>) => void;
+  // Identity sync store actions
+  setIdentitySynced: (synced: boolean) => void;
+  setSyncing: (syncing: boolean) => void;
   logger?: (message: string, error?: unknown) => void;
 }
 
 export interface UseAuthOperationsResult {
-  /** Create a new identity and register with the server */
-  createIdentity: (username: string, email?: string) => Promise<{ user: User; recoveryPhrase: string[] }>;
+  /** Create a new identity locally (offline-first) and optionally sync with server */
+  createIdentity: () => Promise<{ recoveryPhrase: string[]; synced: boolean }>;
   /** Import an existing identity from recovery phrase */
-  importIdentity: (phrase: string, username?: string, email?: string) => Promise<User>;
+  importIdentity: (phrase: string) => Promise<{ synced: boolean }>;
   /** Sign in with existing identity on device */
   signIn: (deviceName?: string) => Promise<User>;
   /** Logout from current session */
@@ -44,6 +47,10 @@ export interface UseAuthOperationsResult {
   hasIdentity: () => Promise<boolean>;
   /** Get the public key of the stored identity */
   getPublicKey: () => Promise<string | null>;
+  /** Check if identity is synced with server */
+  isIdentitySynced: () => Promise<boolean>;
+  /** Sync local identity with server (when online) */
+  syncIdentity: () => Promise<User>;
 }
 
 const LOGIN_ERROR_CODE = 'LOGIN_ERROR';
@@ -71,103 +78,12 @@ export const useAuthOperations = ({
   loginSuccess,
   loginFailure,
   logoutStore,
-  setAuthState,
-  logger,
+    setAuthState,
+    setIdentitySynced,
+    setSyncing,
+    logger,
 }: UseAuthOperationsOptions): UseAuthOperationsResult => {
   
-  /**
-   * Create a new identity with recovery phrase
-   */
-  const createIdentity = useCallback(
-    async (username: string, email?: string): Promise<{ user: User; recoveryPhrase: string[] }> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Generate new identity with recovery phrase
-        const { phrase, words, publicKey } = await RecoveryPhraseService.generateIdentityWithRecovery();
-
-        // Create registration signature
-        const { signature, timestamp } = await SignatureService.createRegistrationSignature(username, email);
-
-        // Register with server
-        const { user } = await oxyServices.register(publicKey, username, signature, timestamp, email);
-
-        // Now sign in to create a session
-        const fullUser = await performSignIn(publicKey);
-
-        return {
-          user: fullUser,
-          recoveryPhrase: words,
-        };
-      } catch (error) {
-        // Clean up identity if registration failed
-        await KeyManager.deleteIdentity().catch(() => {});
-        
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to create identity',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-      }
-    },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger],
-  );
-
-  /**
-   * Import identity from recovery phrase
-   */
-  const importIdentity = useCallback(
-    async (phrase: string, username?: string, email?: string): Promise<User> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Restore identity from phrase
-        const publicKey = await RecoveryPhraseService.restoreFromPhrase(phrase);
-
-        // Check if this identity is already registered
-        const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
-
-        if (registered) {
-          // Identity exists, just sign in
-          return await performSignIn(publicKey);
-        } else {
-          // Need to register this identity
-          if (!username) {
-            throw new Error('Username is required for new registration');
-          }
-
-          const { signature, timestamp } = await SignatureService.createRegistrationSignature(username, email);
-          await oxyServices.register(publicKey, username, signature, timestamp, email);
-          
-          return await performSignIn(publicKey);
-        }
-      } catch (error) {
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to import identity',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-      }
-    },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger],
-  );
-
   /**
    * Internal function to perform challenge-response sign in
    */
@@ -181,6 +97,10 @@ export const useAuthOperations = ({
       // Request challenge
       const { challenge } = await oxyServices.requestChallenge(publicKey);
 
+      // Note: Biometric authentication check should be handled by the app layer
+      // (e.g., accounts app) before calling signIn. The biometric preference is stored
+      // in local storage as 'oxy_biometric_enabled' and can be checked there.
+
       // Sign the challenge
       const { challenge: signature, timestamp } = await SignatureService.signChallenge(challenge);
 
@@ -261,6 +181,198 @@ export const useAuthOperations = ({
     ],
   );
 
+  /**
+   * Create a new identity with recovery phrase (offline-first)
+   * Identity is purely cryptographic - no username or email required
+   */
+  const createIdentity = useCallback(
+    async (): Promise<{ recoveryPhrase: string[]; synced: boolean }> => {
+      if (!storage) throw new Error('Storage not initialized');
+
+      setAuthState({ isLoading: true, error: null });
+
+      try {
+        // Generate new identity with recovery phrase (works offline)
+        const { phrase, words, publicKey } = await RecoveryPhraseService.generateIdentityWithRecovery();
+
+        // Mark as not synced
+        await storage.setItem('oxy_identity_synced', 'false');
+        setIdentitySynced(false);
+
+        // Try to sync with server (will succeed if online)
+        try {
+          const { signature, timestamp } = await SignatureService.createRegistrationSignature();
+          await oxyServices.register(publicKey, signature, timestamp);
+          
+          // Mark as synced (Zustand store + storage)
+          await storage.setItem('oxy_identity_synced', 'true');
+          setIdentitySynced(true);
+
+          return {
+            recoveryPhrase: words,
+            synced: true,
+          };
+        } catch (syncError) {
+          // Offline or server error - identity is created locally but not synced
+          if (__DEV__) {
+            console.log('[Auth] Identity created locally, will sync when online:', syncError);
+          }
+          
+          return {
+            recoveryPhrase: words,
+            synced: false,
+          };
+        }
+      } catch (error) {
+        // Clean up identity if generation failed
+        await KeyManager.deleteIdentity().catch(() => {});
+        await storage.removeItem('oxy_identity_synced').catch(() => {});
+        setIdentitySynced(true);
+        
+        const message = handleAuthError(error, {
+          defaultMessage: 'Failed to create identity',
+          code: REGISTER_ERROR_CODE,
+          onError,
+          setAuthError: (msg) => setAuthState({ error: msg }),
+          logger,
+        });
+        loginFailure(message);
+        throw error;
+      } finally {
+        setAuthState({ isLoading: false });
+      }
+    },
+    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
+  );
+
+  /**
+   * Check if identity is synced with server (reads from storage for persistence)
+   */
+  const isIdentitySyncedFn = useCallback(async (): Promise<boolean> => {
+    if (!storage) return true;
+    const synced = await storage.getItem('oxy_identity_synced');
+    const isSynced = synced !== 'false';
+    setIdentitySynced(isSynced);
+    return isSynced;
+  }, [storage, setIdentitySynced]);
+
+  /**
+   * Sync local identity with server (call when online)
+   */
+  const syncIdentity = useCallback(
+    async (): Promise<User> => {
+      if (!storage) throw new Error('Storage not initialized');
+
+      setAuthState({ isLoading: true, error: null });
+      setSyncing(true);
+
+      try {
+        const publicKey = await KeyManager.getPublicKey();
+        if (!publicKey) {
+          throw new Error('No identity found on this device');
+        }
+
+        // Check if already synced
+        const alreadySynced = await storage.getItem('oxy_identity_synced');
+        if (alreadySynced === 'true') {
+          // Already synced, just sign in
+          setIdentitySynced(true);
+          return await performSignIn(publicKey);
+        }
+
+        // Check if already registered on server
+        const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
+
+        if (!registered) {
+          // Register with server (identity is just the publicKey)
+          const { signature, timestamp } = await SignatureService.createRegistrationSignature();
+          await oxyServices.register(publicKey, signature, timestamp);
+        }
+
+        // Mark as synced (Zustand store + storage)
+        await storage.setItem('oxy_identity_synced', 'true');
+        setIdentitySynced(true);
+
+        // Sign in
+        return await performSignIn(publicKey);
+      } catch (error) {
+        const message = handleAuthError(error, {
+          defaultMessage: 'Failed to sync identity',
+          code: REGISTER_ERROR_CODE,
+          onError,
+          setAuthError: (msg) => setAuthState({ error: msg }),
+          logger,
+        });
+        loginFailure(message);
+        throw error;
+      } finally {
+        setAuthState({ isLoading: false });
+        setSyncing(false);
+      }
+    },
+    [oxyServices, storage, setAuthState, performSignIn, loginFailure, onError, logger, setSyncing, setIdentitySynced],
+  );
+
+  /**
+   * Import identity from recovery phrase (offline-first)
+   */
+  const importIdentity = useCallback(
+    async (phrase: string): Promise<{ synced: boolean }> => {
+      if (!storage) throw new Error('Storage not initialized');
+
+      setAuthState({ isLoading: true, error: null });
+
+      try {
+        // Restore identity from phrase (works offline)
+        const publicKey = await RecoveryPhraseService.restoreFromPhrase(phrase);
+
+        // Mark as not synced
+        await storage.setItem('oxy_identity_synced', 'false');
+        setIdentitySynced(false);
+
+        // Try to sync with server
+        try {
+          // Check if this identity is already registered
+          const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
+
+          if (registered) {
+            // Identity exists, mark as synced
+            await storage.setItem('oxy_identity_synced', 'true');
+            setIdentitySynced(true);
+            return { synced: true };
+          } else {
+            // Need to register this identity (identity is just the publicKey)
+            const { signature, timestamp } = await SignatureService.createRegistrationSignature();
+            await oxyServices.register(publicKey, signature, timestamp);
+            
+            await storage.setItem('oxy_identity_synced', 'true');
+            setIdentitySynced(true);
+            return { synced: true };
+          }
+        } catch (syncError) {
+          // Offline - identity restored locally but not synced
+          if (__DEV__) {
+            console.log('[Auth] Identity imported locally, will sync when online:', syncError);
+          }
+          return { synced: false };
+        }
+      } catch (error) {
+        const message = handleAuthError(error, {
+          defaultMessage: 'Failed to import identity',
+          code: REGISTER_ERROR_CODE,
+          onError,
+          setAuthError: (msg) => setAuthState({ error: msg }),
+          logger,
+        });
+        loginFailure(message);
+        throw error;
+      } finally {
+        setAuthState({ isLoading: false });
+      }
+    },
+    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
+  );
+
   /**
    * Sign in with existing identity on device
    */
@@ -396,5 +508,7 @@ export const useAuthOperations = ({
     logoutAll,
     hasIdentity,
     getPublicKey,
+    isIdentitySynced: isIdentitySyncedFn,
+    syncIdentity,
   };
 };

package/src/ui/screens/AccountSettingsScreen.tsx

@@ -36,10 +36,8 @@ import { EditEmailModal } from '../components/profile/EditEmailModal';
 import { EditBioModal } from '../components/profile/EditBioModal';
 import { EditLocationModal } from '../components/profile/EditLocationModal';
 import { EditLinksModal } from '../components/profile/EditLinksModal';
-import { TwoFactorSetupModal } from '../components/profile/TwoFactorSetupModal';
 import { getDisplayName } from '../utils/user-utils';
 import { TTLCache, registerCacheForCleanup } from '../../utils/cache';
-import QRCode from 'react-native-qrcode-svg';
 import { useOxy } from '../context/OxyContext';
 import {
     SCREEN_PADDING_HORIZONTAL,
@@ -102,13 +100,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
     const [quickActionsSectionY, setQuickActionsSectionY] = useState<number | null>(null);
     const [securitySectionY, setSecuritySectionY] = useState<number | null>(null);
 
-    // Two-Factor (TOTP) state
-    const [totpSetupUrl, setTotpSetupUrl] = useState<string | null>(null);
-    const [totpCode, setTotpCode] = useState('');
-    const [isTotpBusy, setIsTotpBusy] = useState(false);
-    const [showRecoveryModal, setShowRecoveryModal] = useState(false);
-    const [generatedBackupCodes, setGeneratedBackupCodes] = useState<string[] | null>(null);
-    const [generatedRecoveryKey, setGeneratedRecoveryKey] = useState<string | null>(null);
 
     // Animation refs
     const saveButtonScale = useRef(new Animated.Value(1)).current;
@@ -130,7 +121,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
     const [showEditBioModal, setShowEditBioModal] = useState(false);
     const [showEditLocationModal, setShowEditLocationModal] = useState(false);
     const [showEditLinksModal, setShowEditLinksModal] = useState(false);
-    const [showTwoFactorModal, setShowTwoFactorModal] = useState(false);
 
     // Location and links state (for display only - modals handle editing)
     const [locations, setLocations] = useState<Array<{
@@ -342,9 +332,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
             case 'links':
                 setTempLinksWithMetadata([...linksMetadata]);
                 break;
-            case 'twoFactor':
-                // No temp state needed for twoFactor
-                break;
         }
     }, [displayName, lastName, username, email, bio, locations, linksMetadata]);
 
@@ -423,8 +410,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
                 return bio;
             case 'location':
             case 'links':
-            case 'twoFactor':
-                return '';
             default:
                 return '';
         }
@@ -529,7 +514,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
     const handleOpenBioModal = useCallback(() => setShowEditBioModal(true), []);
     const handleOpenLocationModal = useCallback(() => setShowEditLocationModal(true), []);
     const handleOpenLinksModal = useCallback(() => setShowEditLinksModal(true), []);
-    const handleOpenTwoFactorModal = useCallback(() => setShowTwoFactorModal(true), []);
 
     // Handler to refresh data after modal saves
     // Note: Access user directly from store when invoked to get latest value,
@@ -611,9 +595,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
                         case 'links':
                             setShowEditLinksModal(true);
                             break;
-                        case 'twoFactor':
-                            setShowTwoFactorModal(true);
-                            break;
                     }
                 }, 300);
             }
@@ -760,135 +741,9 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
     // Memoize display name for avatar
     const displayNameForAvatar = useMemo(() => getDisplayName(user), [user]);
 
-    // Legacy renderEditingField function (still used for twoFactor and fallback)
+    // Legacy renderEditingField function (fallback)
     const renderEditingField = (type: string | null) => {
         if (!type) return null;
-
-        if (type === 'twoFactor') {
-            const enabled = !!user?.privacySettings?.twoFactorEnabled;
-            return (
-                <View style={[styles.editingFieldContainer, { backgroundColor: colors.background }]}>
-                    <View style={styles.editingFieldContent}>
-                        <View style={styles.newValueSection}>
-                            <View style={styles.editingFieldHeader}>
-                                <Text style={[styles.editingFieldLabel, { color: colors.text }]}>Two‑Factor Authentication (TOTP)</Text>
-                            </View>
-
-                            {!enabled ? (
-                                <>
-                                    <Text style={styles.editingFieldDescription}>
-                                        Protect your account with a 6‑digit code from an authenticator app. Scan the QR code then enter the code to enable.
-                                    </Text>
-                                    {!totpSetupUrl ? (
-                                        <TouchableOpacity
-                                            style={[styles.primaryButton, { backgroundColor: colors.iconSecurity }]}
-                                            disabled={isTotpBusy}
-                                            onPress={async () => {
-                                                if (!activeSessionId) { toast.error(t('editProfile.toasts.noActiveSession') || 'No active session'); return; }
-                                                setIsTotpBusy(true);
-                                                try {
-                                                    const { otpauthUrl } = await oxyServices.startTotpEnrollment(activeSessionId);
-                                                    setTotpSetupUrl(otpauthUrl);
-                                                } catch (e: any) {
-                                                    toast.error(e?.message || (t('editProfile.toasts.totpStartFailed') || 'Failed to start TOTP enrollment'));
-                                                } finally {
-                                                    setIsTotpBusy(false);
-                                                }
-                                            }}
-                                        >
-                                            <Ionicons name="shield-checkmark" size={18} color="#fff" />
-                                            <Text style={styles.primaryButtonText}>Generate QR Code</Text>
-                                        </TouchableOpacity>
-                                    ) : (
-                                        <View style={{ alignItems: 'center', gap: 16 }}>
-                                            <View style={{ padding: 16, backgroundColor: '#fff', borderRadius: 16 }}>
-                                                <QRCode value={totpSetupUrl} size={180} />
-                                            </View>
-                                            <View>
-                                                <Text style={styles.editingFieldLabel}>Enter 6‑digit code</Text>
-                                                <TextInput
-                                                    style={styles.editingFieldInput}
-                                                    keyboardType="number-pad"
-                                                    placeholder="123456"
-                                                    value={totpCode}
-                                                    onChangeText={setTotpCode}
-                                                    maxLength={6}
-                                                />
-                                            </View>
-                                            <TouchableOpacity
-                                                style={[styles.primaryButton, { backgroundColor: colors.iconSecurity }]}
-                                                disabled={isTotpBusy || totpCode.length !== 6}
-                                                onPress={async () => {
-                                                    if (!activeSessionId) { toast.error(t('editProfile.toasts.noActiveSession') || 'No active session'); return; }
-                                                    setIsTotpBusy(true);
-                                                    try {
-                                                        const result = await oxyServices.verifyTotpEnrollment(activeSessionId, totpCode);
-                                                        await updateUser({ privacySettings: { twoFactorEnabled: true } }, oxyServices);
-                                                        if (result?.backupCodes || result?.recoveryKey) {
-                                                            setGeneratedBackupCodes(result.backupCodes || null);
-                                                            setGeneratedRecoveryKey(result.recoveryKey || null);
-                                                            setShowRecoveryModal(true);
-                                                        } else {
-                                                            toast.success(t('editProfile.toasts.twoFactorEnabled') || 'Two‑Factor Authentication enabled');
-                                                            setEditingField(null);
-                                                        }
-                                                    } catch (e: any) {
-                                                        toast.error(e?.message || (t('editProfile.toasts.invalidCode') || 'Invalid code'));
-                                                    } finally {
-                                                        setIsTotpBusy(false);
-                                                    }
-                                                }}
-                                            >
-                                                <Ionicons name="checkmark-circle" size={18} color="#fff" />
-                                                <Text style={styles.primaryButtonText}>Verify & Enable</Text>
-                                            </TouchableOpacity>
-                                        </View>
-                                    )}
-                                </>
-                            ) : (
-                                <>
-                                    <Text style={styles.editingFieldDescription}>
-                                        Two‑Factor Authentication is currently enabled. To disable, enter a code from your authenticator app.
-                                    </Text>
-                                    <View>
-                                        <Text style={styles.editingFieldLabel}>Enter 6‑digit code</Text>
-                                        <TextInput
-                                            style={styles.editingFieldInput}
-                                            keyboardType="number-pad"
-                                            placeholder="123456"
-                                            value={totpCode}
-                                            onChangeText={setTotpCode}
-                                            maxLength={6}
-                                        />
-                                    </View>
-                                    <TouchableOpacity
-                                        style={[styles.primaryButton, { backgroundColor: colors.sidebarIconSharing }]}
-                                        disabled={isTotpBusy || totpCode.length !== 6}
-                                        onPress={async () => {
-                                            if (!activeSessionId) { toast.error(t('editProfile.toasts.noActiveSession') || 'No active session'); return; }
-                                            setIsTotpBusy(true);
-                                            try {
-                                                await oxyServices.disableTotp(activeSessionId, totpCode);
-                                                await updateUser({ privacySettings: { twoFactorEnabled: false } }, oxyServices);
-                                                toast.success(t('editProfile.toasts.twoFactorDisabled') || 'Two‑Factor Authentication disabled');
-                                                setEditingField(null);
-                                            } catch (e: any) {
-                                                toast.error(e?.message || t('editProfile.toasts.disableFailed') || 'Failed to disable');
-                                            } finally {
-                                                setIsTotpBusy(false);
-                                            }
-                                        }}
-                                    >
-                                        <Ionicons name="close-circle" size={18} color="#fff" />
-                                        <Text style={styles.primaryButtonText}>Disable 2FA</Text>
-                                    </TouchableOpacity>
-                                </>
-                            )}
-                        </View>
-                    </View>
-                </View>
-            );
-        }
         if (type === 'displayName') {
             return (
                 <View style={[styles.editingFieldContainer, { backgroundColor: colors.background }]}>
@@ -1368,41 +1223,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
                             </Text>
                         </View>
 
-                        {showRecoveryModal && (
-                            <View style={{ position: 'absolute', top: 0, left: 0, right: 0, bottom: 0, backgroundColor: 'rgba(0,0,0,0.6)', zIndex: 50, padding: 16, justifyContent: 'center' }}>
-                                <View style={{ backgroundColor: '#fff', borderRadius: 20, padding: 20, maxHeight: '80%' }}>
-                                    <Text style={{ fontSize: 18, fontWeight: '700', marginBottom: 12 }}>Save These Codes Now</Text>
-                                    <Text style={{ fontSize: 14, color: '#444', marginBottom: 12 }}>
-                                        Backup codes and your Recovery Key are shown only once. Store them securely (paper or password manager).
-                                    </Text>
-                                    {generatedBackupCodes && generatedBackupCodes.length > 0 && (
-                                        <View style={{ marginBottom: 12 }}>
-                                            <Text style={{ fontSize: 16, fontWeight: '600', marginBottom: 8 }}>Backup Codes</Text>
-                                            <View style={{ backgroundColor: '#F8F9FA', borderRadius: 12, padding: 12 }}>
-                                                {generatedBackupCodes.map((c, idx) => (
-                                                    <Text key={idx} style={{ fontFamily: Platform.OS === 'web' ? 'monospace' as any : 'monospace', fontSize: 14, marginBottom: 4 }}>{c}</Text>
-                                                ))}
-                                            </View>
-                                        </View>
-                                    )}
-                                    {generatedRecoveryKey && (
-                                        <View style={{ marginBottom: 12 }}>
-                                            <Text style={{ fontSize: 16, fontWeight: '600', marginBottom: 8 }}>Recovery Key</Text>
-                                            <View style={{ backgroundColor: '#F8F9FA', borderRadius: 12, padding: 12 }}>
-                                                <Text style={{ fontFamily: Platform.OS === 'web' ? 'monospace' as any : 'monospace', fontSize: 14 }}>{generatedRecoveryKey}</Text>
-                                            </View>
-                                        </View>
-                                    )}
-                                    <TouchableOpacity
-                                        style={[styles.primaryButton, { backgroundColor: colors.iconSecurity, alignSelf: 'flex-end', marginTop: 8 }]}
-                                        onPress={() => { setShowRecoveryModal(false); setEditingField(null); toast.success(t('editProfile.toasts.twoFactorEnabled') || 'Two‑Factor Authentication enabled'); }}
-                                    >
-                                        <Ionicons name="checkmark" size={18} color="#fff" />
-                                        <Text style={styles.primaryButtonText}>I saved them</Text>
-                                    </TouchableOpacity>
-                                </View>
-                            </View>
-                        )}
                         {/* Profile Picture Section */}
                         <View
                             ref={(ref) => {
@@ -1634,20 +1454,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
                                 {t('editProfile.sections.security') || 'SECURITY'}
                             </Text>
                             <View style={styles.groupedSectionWrapper}>
-                                <GroupedSection
-                                    items={[
-                                        {
-                                            id: 'two-factor',
-                                            icon: 'shield-lock',
-                                            iconColor: colors.sidebarIconSecurity,
-                                            title: t('editProfile.items.twoFactor.title') || 'Two‑Factor Authentication',
-                                            subtitle: user?.privacySettings?.twoFactorEnabled
-                                                ? (t('editProfile.items.twoFactor.enabled') || 'Enabled')
-                                                : (t('editProfile.items.twoFactor.disabled') || 'Disabled (recommended)'),
-                                            onPress: handleOpenTwoFactorModal,
-                                        },
-                                    ]}
-                                />
                             </View>
                         </View>
                     </>
@@ -1698,12 +1504,6 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
                 theme={normalizedTheme}
                 onSave={handleModalSave}
             />
-            <TwoFactorSetupModal
-                visible={showTwoFactorModal}
-                onClose={() => setShowTwoFactorModal(false)}
-                isEnabled={!!user?.privacySettings?.twoFactorEnabled}
-                theme={normalizedTheme}
-            />
         </View>
     );
 };