GLEECBTC
diff --git a/‎assets/translations/en.json‎
Lines changed: 42 additions & 3 deletions b/‎assets/translations/en.json‎
Lines changed: 42 additions & 3 deletions
diff --git a/‎lib/bloc/security_settings/security_settings_bloc.dart‎
Lines changed: 221 additions & 21 deletions b/‎lib/bloc/security_settings/security_settings_bloc.dart‎
Lines changed: 221 additions & 21 deletions
@@ -334,7 +334,7 @@
   "viewSeedPhrase": "View seed phrase",
   "backupSeedPhrase": "Backup seed phrase",
   "seedOr": "OR",
-  "seedDownload": "Download seed phrase file",
+  "seedDownload": "Download seed phrase",
   "seedSaveAndRemember": "Save and remember",
   "seedIntroWarning": "This phrase is the main access to your\nassets, save and never share this phrase",
   "seedSettings": "Seed phrase",
@@ -517,6 +517,23 @@
   "logs": "Logs",
   "resetActivatedCoinsTitle": "Reset Activated Coins",
   "privateKeys": "Private Keys",
+  "exportPrivateKeys": "Export Private Keys",
+  "exportPrivateKeysDescription": "Export private keys for your activated coins to import into other wallets",
+  "privateKeyExportTitle": "Private Keys Export",
+  "privateKeyExportDescription": "Your private keys provide full control over your funds. Handle with extreme caution.",
+  "showPrivateKeys": "Show Private Keys",
+  "copyAllKeys": "Copy All Keys",
+  "downloadAllKeys": "Download All Keys",
+  "shareAllKeys": "Share All Keys",
+  "confirmPrivateKeyBackup": "Confirm Private Key Backup",
+  "confirmPrivateKeyBackupDescription": "Please confirm you have securely saved your private keys before proceeding.",
+  "importantSecurityNotice": "Important Security Notice",
+  "privateKeySecurityWarning": "Your private keys provide complete control over your funds. Keep them secure and never share them with anyone. Store them in a safe place offline.",
+  "privateKeyBackupConfirmation": "I have securely saved my private keys in a safe location and understand that anyone with access to these keys can control my funds.",
+  "confirmBackupComplete": "Confirm Backup Complete",
+  "privateKeyExportSuccessTitle": "Private Keys Exported Successfully",
+  "privateKeyExportSuccessDescription": "Your private keys have been exported and confirmed as backed up. Keep them secure and never share them with anyone.",
+  "iHaveSavedMyPrivateKeys": "I've Saved My Private Keys",
   "copyWarning": "Your clipboard isn't a safe place for your private key! Copying the seed phrase or private keys can make them vulnerable to clipboard hacks. Please handle with caution and only copy if absolutely necessary.",
   "seedConfirmTitle": "Let's double check your seed phrase",
   "seedConfirmDescription": "Your seed phrase is the only way to access Your funds. That's why we want to ensure you saved it safely. Please input your seed phrase into text filed below.",
@@ -682,6 +699,7 @@
   "amountFieldCheckboxListTile": "Send maximum amount",
   "customFeeToggleTitle": "Custom fee",
   "priceChartCenterText": "Select an interval to load data",
+  "priceHistorySparklineTooltip": "24-hour price trend chart",
   "statistics": "Statistics",
   "ibcTransferFieldTitle": "IBC Transfer",
   "ibcTransferFieldSubtitle": "Send to another Cosmos chain",
@@ -697,5 +715,26 @@
   "searchAddresses": "Search addresses",
   "trend7d": "7d trend",
   "tradingDisabledTooltip": "Trading features are currently disabled",
-  "tradingDisabled": "Trading unavailable in your location"
-}
+  "tradingDisabled": "Trading unavailable in your location",
+  "unbanPubkeysResults": "Unban Pubkeys Results",
+  "unbannedPubkeys": {
+    "zero": "{} Unbanned Pubkeys",
+    "one": "{} Unbanned Pubkey",
+    "two": "{} Unbanned Pubkeys",
+    "many": "{} Unbanned Pubkeys",
+    "few": "{} Unbanned Pubkeys",
+    "other": "{} Unbanned Pubkeys"
+  },
+  "stillBannedPubkeys": "Still Banned Pubkeys",
+  "wereNotBannedPubkeys": "Were Not Banned Pubkeys",
+  "reason": "Reason",
+  "unbanPubkeys": "Unban Pubkeys",
+  "unbanPubkeysDescription": "Unban public keys that were previously banned due to failed transactions or security concerns.",
+  "noBannedPubkeys": "No banned pubkeys found",
+  "unbanPubkeysFailed": "Failed to unban pubkeys",
+  "privateKeyRetrievalFailed": "Failed to retrieve private keys. Please try again.",
+  "fetchingPrivateKeysTitle": "Fetching Private Keys...",
+  "fetchingPrivateKeysMessage": "Please wait while we securely fetch your private keys...",
+  "pubkeyType": "Type",
+  "securitySettings": "Security Settings"
+}
@@ -1,39 +1,70 @@
 import 'dart:async';
 
 import 'package:bloc/bloc.dart';
+import 'package:komodo_defi_sdk/komodo_defi_sdk.dart';
+import 'package:komodo_defi_rpc_methods/komodo_defi_rpc_methods.dart';
 import 'package:web_dex/bloc/security_settings/security_settings_event.dart';
 import 'package:web_dex/bloc/security_settings/security_settings_state.dart';
 
+/// BLoC for managing security settings flow and authentication.
+///
+/// **Security Architecture**: This BLoC follows a hybrid approach for maximum security:
+/// - **Non-sensitive operations** (authentication, loading states, navigation) are managed here
+/// - **Sensitive data** (actual private keys) are handled directly in the UI layer
+/// - This minimizes the lifetime and scope of sensitive data in memory
+///
+/// The BLoC authenticates users and manages the flow, but never stores private keys.
+/// Private key retrieval and storage happens in the UI layer after authentication succeeds.
 class SecuritySettingsBloc
     extends Bloc<SecuritySettingsEvent, SecuritySettingsState> {
-  SecuritySettingsBloc(super.state) {
+  /// Creates a new SecuritySettingsBloc.
+  ///
+  /// [initialState] The initial state for the bloc.
+  /// [kdfSdk] The Komodo DeFi SDK instance for authentication operations.
+  SecuritySettingsBloc(super.initialState, {required KomodoDefiSdk? kdfSdk})
+    : _kdfSdk = kdfSdk {
+    // Seed phrase events
     on<ResetEvent>(_onReset);
     on<ShowSeedEvent>(_onShowSeed);
     on<SeedConfirmEvent>(_onSeedConfirm);
     on<SeedConfirmedEvent>(_onSeedConfirmed);
     on<ShowSeedWordsEvent>(_onShowSeedWords);
-    on<PasswordUpdateEvent>(_onPasswordUpdate);
     on<ShowSeedCopiedEvent>(_onSeedCopied);
+    on<PasswordUpdateEvent>(_onPasswordUpdate);
+
+    // Private key events - hybrid security approach
+    on<AuthenticateForPrivateKeysEvent>(_onAuthenticateForPrivateKeys);
+    on<ShowPrivateKeysEvent>(_onShowPrivateKeys);
+    on<ShowPrivateKeysWordsEvent>(_onShowPrivateKeysWords);
+    on<ShowPrivateKeysCopiedEvent>(_onPrivateKeysCopied);
+    on<PrivateKeysDownloadRequestedEvent>(_onPrivateKeysDownloadRequested);
+    on<ClearAuthenticationErrorEvent>(_onClearAuthenticationError);
+
+    // Unban pubkeys events
+    on<UnbanPubkeysEvent>(_onUnbanPubkeys);
+    on<UnbanPubkeysCompletedEvent>(_onUnbanPubkeysCompleted);
+    on<UnbanPubkeysFailedEvent>(_onUnbanPubkeysFailed);
   }
 
-  void _onReset(
-    ResetEvent event,
-    Emitter<SecuritySettingsState> emit,
-  ) {
+  /// The Komodo DeFi SDK instance for authentication operations.
+  /// This is optional to support testing scenarios.
+  final KomodoDefiSdk? _kdfSdk;
+
+  /// Handles resetting the security settings to initial state.
+  void _onReset(ResetEvent event, Emitter<SecuritySettingsState> emit) {
     emit(SecuritySettingsState.initialState());
   }
 
-  void _onShowSeed(
-    ShowSeedEvent event,
-    Emitter<SecuritySettingsState> emit,
-  ) {
+  /// Handles showing the seed phrase backup screen.
+  void _onShowSeed(ShowSeedEvent event, Emitter<SecuritySettingsState> emit) {
     final newState = state.copyWith(
       step: SecuritySettingsStep.seedShow,
       showSeedWords: false,
     );
     emit(newState);
   }
 
+  /// Handles toggling seed word visibility and tracking if user has viewed them.
   Future<void> _onShowSeedWords(
     ShowSeedWordsEvent event,
     Emitter<SecuritySettingsState> emit,
@@ -46,17 +77,7 @@ class SecuritySettingsBloc
     emit(newState);
   }
 
-  void _onPasswordUpdate(
-    PasswordUpdateEvent event,
-    Emitter<SecuritySettingsState> emit,
-  ) {
-    final newState = state.copyWith(
-      step: SecuritySettingsStep.passwordUpdate,
-      showSeedWords: false,
-    );
-    emit(newState);
-  }
-
+  /// Handles proceeding to seed phrase confirmation.
   void _onSeedConfirm(
     SeedConfirmEvent event,
     Emitter<SecuritySettingsState> emit,
@@ -68,6 +89,7 @@ class SecuritySettingsBloc
     emit(newState);
   }
 
+  /// Handles successful seed phrase confirmation.
   Future<void> _onSeedConfirmed(
     SeedConfirmedEvent event,
     Emitter<SecuritySettingsState> emit,
@@ -79,10 +101,188 @@ class SecuritySettingsBloc
     emit(newState);
   }
 
+  /// Handles seed phrase being copied to clipboard.
   Future<void> _onSeedCopied(
     ShowSeedCopiedEvent event,
     Emitter<SecuritySettingsState> emit,
   ) async {
     emit(state.copyWith(isSeedSaved: true));
   }
+
+  /// Handles showing the password update screen.
+  void _onPasswordUpdate(
+    PasswordUpdateEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) {
+    final newState = state.copyWith(
+      step: SecuritySettingsStep.passwordUpdate,
+      showSeedWords: false,
+    );
+    emit(newState);
+  }
+
+  /// Handles authentication for private key access.
+  ///
+  /// **Security Note**: This method only validates that a user is authenticated.
+  /// It does NOT store or handle actual private keys. After successful
+  /// authentication, the UI layer is responsible for fetching and managing
+  /// private keys directly to minimize their memory exposure.
+  ///
+  /// The authentication success state triggers the UI to safely retrieve
+  /// private keys using the SecurityManager.
+  Future<void> _onAuthenticateForPrivateKeys(
+    AuthenticateForPrivateKeysEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) async {
+    emit(state.copyWith(isAuthenticating: true, clearAuthError: true));
+
+    try {
+      // Verify user is authenticated without handling sensitive data
+      if (_kdfSdk == null) {
+        throw Exception('SDK not available');
+      }
+
+      final currentUser = await _kdfSdk.auth.currentUser;
+      if (currentUser == null) {
+        emit(
+          state.copyWith(
+            isAuthenticating: false,
+            authError: 'User not authenticated',
+          ),
+        );
+        return;
+      }
+
+      // Authentication successful - signal UI to fetch private keys
+      emit(
+        state.copyWith(
+          isAuthenticating: false,
+          privateKeyAuthenticationSuccess: true,
+        ),
+      );
+    } catch (e) {
+      emit(
+        state.copyWith(
+          isAuthenticating: false,
+          authError: 'Authentication failed: ${e.toString()}',
+        ),
+      );
+    }
+  }
+
+  /// Handles showing the private keys screen.
+  ///
+  /// **Security Note**: This only manages UI flow state. Actual private
+  /// key data is handled in the UI layer for security reasons.
+  void _onShowPrivateKeys(
+    ShowPrivateKeysEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) {
+    final newState = state.copyWith(
+      step: SecuritySettingsStep.privateKeyShow,
+      showPrivateKeys: false,
+      // Reset authentication success flag after use
+      privateKeyAuthenticationSuccess: false,
+    );
+    emit(newState);
+  }
+
+  /// Handles toggling private key visibility in the UI.
+  ///
+  /// **Security Note**: This only controls UI visibility state.
+  /// The actual private key data remains in the UI layer.
+  Future<void> _onShowPrivateKeysWords(
+    ShowPrivateKeysWordsEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) async {
+    final newState = state.copyWith(
+      step: SecuritySettingsStep.privateKeyShow,
+      showPrivateKeys: event.isShow,
+      arePrivateKeysSaved: state.arePrivateKeysSaved || event.isShow,
+    );
+    emit(newState);
+  }
+
+  /// Handles private keys being copied to clipboard.
+  Future<void> _onPrivateKeysCopied(
+    ShowPrivateKeysCopiedEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) async {
+    emit(state.copyWith(arePrivateKeysSaved: true));
+  }
+
+  /// Handles private keys being downloaded to a file.
+  Future<void> _onPrivateKeysDownloadRequested(
+    PrivateKeysDownloadRequestedEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) async {
+    emit(state.copyWith(arePrivateKeysSaved: true));
+  }
+
+  /// Handles clearing authentication errors.
+  void _onClearAuthenticationError(
+    ClearAuthenticationErrorEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) {
+    emit(state.copyWith(clearAuthError: true));
+  }
+
+  /// Handles unbanning all banned public keys.
+  ///
+  /// This method directly calls the SDK to unban pubkeys without requiring
+  /// password authentication, as it's considered a non-destructive operation
+  /// that improves wallet functionality.
+  Future<void> _onUnbanPubkeys(
+    UnbanPubkeysEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) async {
+    if (_kdfSdk == null) {
+      add(const UnbanPubkeysFailedEvent('SDK not available'));
+      return;
+    }
+
+    emit(
+      state.copyWith(
+        isUnbanningPubkeys: true,
+        unbanError: null,
+        clearUnbanError: true,
+      ),
+    );
+
+    try {
+      final result = await _kdfSdk.pubkeys.unbanPubkeys(UnbanBy.all());
+      add(UnbanPubkeysCompletedEvent(result));
+    } catch (e) {
+      add(UnbanPubkeysFailedEvent(e.toString()));
+    }
+  }
+
+  /// Handles successful completion of pubkey unbanning.
+  void _onUnbanPubkeysCompleted(
+    UnbanPubkeysCompletedEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) {
+    emit(
+      state.copyWith(
+        isUnbanningPubkeys: false,
+        unbanResult: event.result,
+        unbanError: null,
+        clearUnbanError: true,
+      ),
+    );
+  }
+
+  /// Handles failed pubkey unbanning.
+  void _onUnbanPubkeysFailed(
+    UnbanPubkeysFailedEvent event,
+    Emitter<SecuritySettingsState> emit,
+  ) {
+    emit(
+      state.copyWith(
+        isUnbanningPubkeys: false,
+        unbanError: event.error,
+        unbanResult: null,
+      ),
+    );
+  }
 }