From 086650c88a451ca9910d811c6a248e8f60c0d02c Mon Sep 17 00:00:00 2001
From: escouade-bot <escouade-bot@lacompagniemaximus.com>
Date: Thu, 9 Apr 2026 06:02:15 -0400
Subject: [PATCH] fix: make legacy PIN rehash non-blocking in verify_pin (#54)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace hash_pin(pin)? with hash_pin(pin).ok() so that a rehash
failure does not propagate as an error. The user can now switch
profiles even if the Argon2id re-hashing step fails — the PIN
is still correctly verified, and the legacy hash remains until
the next successful login.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src-tauri/src/commands/profile_commands.rs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src-tauri/src/commands/profile_commands.rs b/src-tauri/src/commands/profile_commands.rs
index 28e8507..fb9a0de 100644
--- a/src-tauri/src/commands/profile_commands.rs
+++ b/src-tauri/src/commands/profile_commands.rs
@@ -191,9 +191,10 @@ pub fn verify_pin(pin: String, stored_hash: String) -> Result<VerifyPinResult, S
     let valid: bool = result.as_slice().ct_eq(&expected_hash).into();
 
     if valid {
-        // Re-hash with Argon2id so this legacy PIN is upgraded
-        let new_hash = hash_pin(pin)?;
-        Ok(VerifyPinResult { valid: true, rehashed: Some(new_hash) })
+        // Re-hash with Argon2id so this legacy PIN is upgraded.
+        // If rehash fails, still allow login — don't block the user.
+        let rehashed = hash_pin(pin).ok();
+        Ok(VerifyPinResult { valid: true, rehashed })
     } else {
         Ok(VerifyPinResult { valid: false, rehashed: None })
     }