diff --git a/handlers/application/menuhandler.go b/handlers/application/menuhandler.go index 0093279..86f70b7 100644 --- a/handlers/application/menuhandler.go +++ b/handlers/application/menuhandler.go @@ -630,21 +630,11 @@ func (h *MenuHandlers) incrementIncorrectPINAttempts(ctx context.Context, sessio // resetIncorrectPINAttempts resets the number of incorrect PIN attempts after a correct PIN entry func (h *MenuHandlers) resetIncorrectPINAttempts(ctx context.Context, sessionId string) error { store := h.userdataStore - currentWrongPinAttempts, err := store.ReadEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS) + err := store.WriteEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0"))) if err != nil { - if db.IsNotFound(err) { - return nil - } + logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", storedb.DATA_INCORRECT_PIN_ATTEMPTS, "error", err) return err } - currentWrongPinAttemptsCount, _ := strconv.ParseUint(string(currentWrongPinAttempts), 0, 64) - if currentWrongPinAttemptsCount <= uint64(pin.AllowedPINAttempts) { - err = store.WriteEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0"))) - if err != nil { - logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", storedb.DATA_INCORRECT_PIN_ATTEMPTS, "value", pin.AllowedPINAttempts, "error", err) - return err - } - } return nil } @@ -1371,7 +1361,13 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin") flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized") flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update") - flag_invalid_pin, _ := h.flagManager.GetFlag("flag_invalid_pin") + + pinInput := string(input) + + if !pin.IsValidPIN(pinInput) { + res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update) + return res, nil + } store := h.userdataStore AccountPin, err := store.ReadEntry(ctx, sessionId, storedb.DATA_ACCOUNT_PIN) @@ -1379,40 +1375,28 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) logg.ErrorCtxf(ctx, "failed to read AccountPin entry with", "key", storedb.DATA_ACCOUNT_PIN, "error", err) return res, err } - str := string(input) - _, err = strconv.Atoi(str) - if len(input) == 4 && err == nil { - if pin.VerifyPIN(string(AccountPin), string(input)) { - if h.st.MatchFlag(flag_account_authorized, false) { - res.FlagReset = append(res.FlagReset, flag_incorrect_pin) - res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized) - err := h.resetIncorrectPINAttempts(ctx, sessionId) - if err != nil { - return res, err - } - } else { - res.FlagSet = append(res.FlagSet, flag_allow_update) - res.FlagReset = append(res.FlagReset, flag_account_authorized) - err := h.resetIncorrectPINAttempts(ctx, sessionId) - if err != nil { - return res, err - } - } - } else { - err = h.incrementIncorrectPINAttempts(ctx, sessionId) - if err != nil { - return res, err - } - res.FlagSet = append(res.FlagSet, flag_incorrect_pin) - res.FlagReset = append(res.FlagReset, flag_account_authorized) - return res, nil + + // verify that the user provided the correct PIN + if pin.VerifyPIN(string(AccountPin), pinInput) { + // set the required flags for a valid PIN + res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized) + res.FlagReset = append(res.FlagReset, flag_incorrect_pin) + + err := h.resetIncorrectPINAttempts(ctx, sessionId) + if err != nil { + return res, err } } else { - if string(input) != "0" { - res.FlagSet = append(res.FlagSet, flag_invalid_pin) + // set the required flags for an incorrect PIN + res.FlagSet = append(res.FlagSet, flag_incorrect_pin) + res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update) + + err = h.incrementIncorrectPINAttempts(ctx, sessionId) + if err != nil { + return res, err } - return res, nil } + return res, nil } @@ -2789,6 +2773,7 @@ func (h *MenuHandlers) LoadSwapToList(ctx context.Context, sym string, input []b // Store all swap_to tokens data dataMap := map[storedb.DataTyp]string{ storedb.DATA_POOL_TO_SYMBOLS: data.Symbols, + storedb.DATA_POOL_TO_BALANCES: data.Balances, storedb.DATA_POOL_TO_DECIMALS: data.Decimals, storedb.DATA_POOL_TO_ADDRESSES: data.Addresses, } @@ -2818,8 +2803,7 @@ func (h *MenuHandlers) SwapMaxLimit(ctx context.Context, sym string, input []byt flag_api_error, _ := h.flagManager.GetFlag("flag_api_error") flag_low_swap_amount, _ := h.flagManager.GetFlag("flag_low_swap_amount") - res.FlagReset = append(res.FlagReset, flag_incorrect_voucher) - res.FlagReset = append(res.FlagSet, flag_low_swap_amount) + res.FlagReset = append(res.FlagReset, flag_incorrect_voucher, flag_low_swap_amount) inputStr := string(input) if inputStr == "0" { diff --git a/handlers/application/menuhandler_test.go b/handlers/application/menuhandler_test.go index d07e0cc..a608b7d 100644 --- a/handlers/application/menuhandler_test.go +++ b/handlers/application/menuhandler_test.go @@ -1116,7 +1116,6 @@ func TestAuthorize(t *testing.T) { flag_incorrect_pin, _ := fm.GetFlag("flag_incorrect_pin") flag_account_authorized, _ := fm.GetFlag("flag_account_authorized") flag_allow_update, _ := fm.GetFlag("flag_allow_update") - flag_invalid_pin, _ := fm.GetFlag("flag_invalid_pin") // Set 1234 is the correct account pin accountPIN := "1234" @@ -1134,7 +1133,7 @@ func TestAuthorize(t *testing.T) { expectedResult resource.Result }{ { - name: "Test with correct pin", + name: "Test with correct PIN", input: []byte("1234"), expectedResult: resource.Result{ FlagReset: []uint32{flag_incorrect_pin}, @@ -1142,18 +1141,18 @@ func TestAuthorize(t *testing.T) { }, }, { - name: "Test with incorrect pin", + name: "Test with incorrect PIN", input: []byte("1235"), expectedResult: resource.Result{ - FlagReset: []uint32{flag_account_authorized}, + FlagReset: []uint32{flag_account_authorized, flag_allow_update}, FlagSet: []uint32{flag_incorrect_pin}, }, }, { - name: "Test with pin that is not a 4 digit", + name: "Test with PIN that is not a 4 digit", input: []byte("1235aqds"), expectedResult: resource.Result{ - FlagSet: []uint32{flag_invalid_pin}, + FlagReset: []uint32{flag_account_authorized, flag_allow_update}, }, }, } diff --git a/services/registration/swap_initiated.vis b/services/registration/swap_initiated.vis index eaa7907..4faa7ba 100644 --- a/services/registration/swap_initiated.vis +++ b/services/registration/swap_initiated.vis @@ -1,5 +1,4 @@ LOAD reset_incorrect_pin 6 -CATCH incorrect_pin flag_incorrect_pin 1 CATCH _ flag_account_authorized 0 LOAD initiate_swap 0 HALT diff --git a/services/registration/swap_limit.vis b/services/registration/swap_limit.vis index a9fa737..b0ffb9b 100644 --- a/services/registration/swap_limit.vis +++ b/services/registration/swap_limit.vis @@ -1,5 +1,3 @@ -RELOAD swap_max_limit -CATCH api_failure flag_api_call_error 1 MAP swap_max_limit MOUT back 0 HALT diff --git a/services/registration/swap_to_list.vis b/services/registration/swap_to_list.vis index 47e6577..e966fee 100644 --- a/services/registration/swap_to_list.vis +++ b/services/registration/swap_to_list.vis @@ -7,6 +7,7 @@ MOUT back 0 HALT LOAD swap_max_limit 64 RELOAD swap_max_limit +CATCH api_failure flag_api_call_error 1 CATCH . flag_incorrect_voucher 1 CATCH low_swap_amount flag_low_swap_amount 1 INCMP _ 0 diff --git a/services/registration/transaction_initiated.vis b/services/registration/transaction_initiated.vis index 33ce092..bc524ce 100644 --- a/services/registration/transaction_initiated.vis +++ b/services/registration/transaction_initiated.vis @@ -1,5 +1,4 @@ LOAD reset_incorrect_pin 6 -CATCH incorrect_pin flag_incorrect_pin 1 CATCH _ flag_account_authorized 0 RELOAD get_amount MAP get_amount