Fix #15: PCI-DSS compliance - remove persistent CVV storage from Flutter apps

2026-06-17 07:26:27 +03:00
parent 16331bd35d
commit 0e28814e7d
7 changed files with 16 additions and 39 deletions
--- a/siro_rider/lib/controller/functions/log_out.dart
+++ b/siro_rider/lib/controller/functions/log_out.dart
@@ -20,6 +20,7 @@ import 'package:siro_rider/controller/home/map/ride_lifecycle_controller.dart';
 import 'package:siro_rider/controller/home/map/ui_interactions_controller.dart';
 import 'package:siro_rider/controller/home/menu_controller.dart';
 import 'package:siro_rider/controller/home/points_for_rider_controller.dart';
+import 'package:siro_rider/controller/functions/secure_storage.dart';

 class LogOutController extends GetxController {
  TextEditingController checkTxtController = TextEditingController();
@@ -116,6 +117,11 @@ class LogOutController extends GetxController {
                  box.remove(BoxName.apiKeyRun);
                  box.remove(BoxName.countryCode);

+                  SecureStorage().deleteData(BoxName.cardNumber);
+                  SecureStorage().deleteData(BoxName.cvvCode);
+                  SecureStorage().deleteData(BoxName.cardHolderName);
+                  SecureStorage().deleteData(BoxName.expiryDate);
+
                  box.remove(BoxName.passengerWalletTotal);
                  box.remove(BoxName.isVerified);
                  Get.delete<MapSocketController>(force: true);
--- a/siro_rider/lib/controller/functions/secure_storage.dart
+++ b/siro_rider/lib/controller/functions/secure_storage.dart
@@ -19,6 +19,10 @@ class SecureStorage {
    final String? value = await storage.read(key: boxName);
    return value.toString();
  }
+
+  Future<void> deleteData(String key) async {
+    await storage.delete(key: key);
+  }
 }

 class AppInitializer {