From 650b02ddcc20266acbb658b6ad669caf99f6aa74 Mon Sep 17 00:00:00 2001
From: Matthias Nott <mnott@mnsoft.org>
Date: Wed, 25 Mar 2026 14:50:59 +0100
Subject: [PATCH] feat: TOFU cert pinning - trust on first use with reset in settings

---
 lib/screens/settings_screen.dart |   39 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 39 insertions(+), 0 deletions(-)

diff --git a/lib/screens/settings_screen.dart b/lib/screens/settings_screen.dart
index 2a41067..f4b36e3 100644
--- a/lib/screens/settings_screen.dart
+++ b/lib/screens/settings_screen.dart
@@ -1,5 +1,6 @@
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:shared_preferences/shared_preferences.dart';
 
 import '../models/server_config.dart';
 import '../providers/providers.dart';
@@ -249,6 +250,44 @@
                 label: const Text('Wake Mac'),
               ),
               const SizedBox(height: 12),
+
+              // Reset TLS Trust button
+              OutlinedButton.icon(
+                onPressed: () async {
+                  final confirmed = await showDialog<bool>(
+                    context: context,
+                    builder: (ctx) => AlertDialog(
+                      title: const Text('Reset Server Trust?'),
+                      content: const Text(
+                        'This clears the saved server certificate fingerprint. '
+                        'Use this if you reinstalled AIBroker or changed servers. '
+                        'The app will trust the next server it connects to.',
+                      ),
+                      actions: [
+                        TextButton(
+                          onPressed: () => Navigator.pop(ctx, false),
+                          child: const Text('Cancel'),
+                        ),
+                        TextButton(
+                          onPressed: () => Navigator.pop(ctx, true),
+                          child: const Text('Reset', style: TextStyle(color: AppColors.error)),
+                        ),
+                      ],
+                    ),
+                  );
+                  if (confirmed == true && mounted) {
+                    // Access MqttService through the provider and reset trust
+                    final prefs = await SharedPreferences.getInstance();
+                    await prefs.remove('trustedCertFingerprint');
+                    ScaffoldMessenger.of(context).showSnackBar(
+                      const SnackBar(content: Text('Server trust reset. Reconnect to trust the new server.')),
+                    );
+                  }
+                },
+                icon: const Icon(Icons.shield_outlined),
+                label: const Text('Reset Server Trust'),
+              ),
+              const SizedBox(height: 12),
             ],
           ),
         ),

--
Gitblit v1.3.1