From 2b557b27cf5bce83941be33022866c566012daab Mon Sep 17 00:00:00 2001
From: alfred-mk <alfredmwaik@gmail.com>
Date: Thu, 3 Jul 2025 16:52:59 +0300
Subject: [PATCH] added authorization.go for authorization related functions

---
 handlers/application/authorization.go | 77 +++++++++++++++++++++++++++
 handlers/application/menuhandler.go   | 68 -----------------------
 2 files changed, 77 insertions(+), 68 deletions(-)
 create mode 100644 handlers/application/authorization.go

diff --git a/handlers/application/authorization.go b/handlers/application/authorization.go
new file mode 100644
index 0000000..2087632
--- /dev/null
+++ b/handlers/application/authorization.go
@@ -0,0 +1,77 @@
+package application
+
+import (
+	"context"
+	"fmt"
+
+	"git.defalsify.org/vise.git/resource"
+	"git.grassecon.net/grassrootseconomics/common/pin"
+	storedb "git.grassecon.net/grassrootseconomics/sarafu-vise/store/db"
+)
+
+// Authorize attempts to unlock the next sequential nodes by verifying the provided PIN against the already set PIN.
+// It sets the required flags that control the flow.
+func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) (resource.Result, error) {
+	var res resource.Result
+	var err error
+	sessionId, ok := ctx.Value("SessionId").(string)
+	if !ok {
+		return res, fmt.Errorf("missing session")
+	}
+	flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin")
+	flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized")
+	flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update")
+
+	pinInput := string(input)
+
+	if !pin.IsValidPIN(pinInput) {
+		res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update)
+		return res, nil
+	}
+
+	store := h.userdataStore
+	AccountPin, err := store.ReadEntry(ctx, sessionId, storedb.DATA_ACCOUNT_PIN)
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to read AccountPin entry with", "key", storedb.DATA_ACCOUNT_PIN, "error", err)
+		return res, err
+	}
+
+	// verify that the user provided the correct PIN
+	if pin.VerifyPIN(string(AccountPin), pinInput) {
+		// set the required flags for a valid PIN
+		res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
+		res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
+
+		err := h.resetIncorrectPINAttempts(ctx, sessionId)
+		if err != nil {
+			return res, err
+		}
+	} else {
+		// set the required flags for an incorrect PIN
+		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
+		res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update)
+
+		err = h.incrementIncorrectPINAttempts(ctx, sessionId)
+		if err != nil {
+			return res, err
+		}
+	}
+
+	return res, nil
+}
+
+// ResetAllowUpdate resets the allowupdate flag that allows a user to update  profile data.
+func (h *MenuHandlers) ResetAllowUpdate(ctx context.Context, sym string, input []byte) (resource.Result, error) {
+	var res resource.Result
+	flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update")
+	res.FlagReset = append(res.FlagReset, flag_allow_update)
+	return res, nil
+}
+
+// ResetAccountAuthorized resets the account authorization flag after a successful PIN entry.
+func (h *MenuHandlers) ResetAccountAuthorized(ctx context.Context, sym string, input []byte) (resource.Result, error) {
+	var res resource.Result
+	flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized")
+	res.FlagReset = append(res.FlagReset, flag_account_authorized)
+	return res, nil
+}
diff --git a/handlers/application/menuhandler.go b/handlers/application/menuhandler.go
index 648cc76..084facd 100644
--- a/handlers/application/menuhandler.go
+++ b/handlers/application/menuhandler.go
@@ -16,7 +16,6 @@ import (
 	"git.defalsify.org/vise.git/persist"
 	"git.defalsify.org/vise.git/resource"
 	"git.defalsify.org/vise.git/state"
-	"git.grassecon.net/grassrootseconomics/common/pin"
 	"git.grassecon.net/grassrootseconomics/sarafu-api/remote"
 	"git.grassecon.net/grassrootseconomics/sarafu-vise/internal/sms"
 	"git.grassecon.net/grassrootseconomics/sarafu-vise/profile"
@@ -243,22 +242,6 @@ func (h *MenuHandlers) ResetUnregisteredNumber(ctx context.Context, sym string,
 	return res, nil
 }
 
-// ResetAllowUpdate resets the allowupdate flag that allows a user to update  profile data.
-func (h *MenuHandlers) ResetAllowUpdate(ctx context.Context, sym string, input []byte) (resource.Result, error) {
-	var res resource.Result
-	flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update")
-	res.FlagReset = append(res.FlagReset, flag_allow_update)
-	return res, nil
-}
-
-// ResetAccountAuthorized resets the account authorization flag after a successful PIN entry.
-func (h *MenuHandlers) ResetAccountAuthorized(ctx context.Context, sym string, input []byte) (resource.Result, error) {
-	var res resource.Result
-	flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized")
-	res.FlagReset = append(res.FlagReset, flag_account_authorized)
-	return res, nil
-}
-
 // CheckIdentifier retrieves the Public key from the userdatastore under the key: DATA_PUBLIC_KEY and triggers an sms that
 // will be sent to the associated session id
 func (h *MenuHandlers) CheckIdentifier(ctx context.Context, sym string, input []byte) (resource.Result, error) {
@@ -287,57 +270,6 @@ func (h *MenuHandlers) CheckIdentifier(ctx context.Context, sym string, input []
 	return res, nil
 }
 
-// Authorize attempts to unlock the next sequential nodes by verifying the provided PIN against the already set PIN.
-// It sets the required flags that control the flow.
-func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) (resource.Result, error) {
-	var res resource.Result
-	var err error
-	sessionId, ok := ctx.Value("SessionId").(string)
-	if !ok {
-		return res, fmt.Errorf("missing session")
-	}
-	flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin")
-	flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized")
-	flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update")
-
-	pinInput := string(input)
-
-	if !pin.IsValidPIN(pinInput) {
-		res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update)
-		return res, nil
-	}
-
-	store := h.userdataStore
-	AccountPin, err := store.ReadEntry(ctx, sessionId, storedb.DATA_ACCOUNT_PIN)
-	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read AccountPin entry with", "key", storedb.DATA_ACCOUNT_PIN, "error", err)
-		return res, err
-	}
-
-	// verify that the user provided the correct PIN
-	if pin.VerifyPIN(string(AccountPin), pinInput) {
-		// set the required flags for a valid PIN
-		res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
-		res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
-
-		err := h.resetIncorrectPINAttempts(ctx, sessionId)
-		if err != nil {
-			return res, err
-		}
-	} else {
-		// set the required flags for an incorrect PIN
-		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
-		res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update)
-
-		err = h.incrementIncorrectPINAttempts(ctx, sessionId)
-		if err != nil {
-			return res, err
-		}
-	}
-
-	return res, nil
-}
-
 // Setback sets the flag_back_set flag when the navigation is back.
 func (h *MenuHandlers) SetBack(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result