4 changed files with 51 additions and 32 deletions
--- a/handlers/application/menuhandler.go
+++ b/handlers/application/menuhandler.go
@ -630,11 +630,21 @@ func (h *MenuHandlers) incrementIncorrectPINAttempts(ctx context.Context, sessio
 // resetIncorrectPINAttempts resets the number of incorrect PIN attempts after a correct PIN entry
 func (h *MenuHandlers) resetIncorrectPINAttempts(ctx context.Context, sessionId string) error {
 	store := h.userdataStore
-	err := store.WriteEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0")))
+	currentWrongPinAttempts, err := store.ReadEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", storedb.DATA_INCORRECT_PIN_ATTEMPTS, "error", err)
+		if db.IsNotFound(err) {
+			return nil
+		}
 		return err
 	}
+	currentWrongPinAttemptsCount, _ := strconv.ParseUint(string(currentWrongPinAttempts), 0, 64)
+	if currentWrongPinAttemptsCount <= uint64(pin.AllowedPINAttempts) {
+		err = store.WriteEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0")))
+		if err != nil {
+			logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", storedb.DATA_INCORRECT_PIN_ATTEMPTS, "value", pin.AllowedPINAttempts, "error", err)
+			return err
+		}
+	}
 	return nil
 }

@ -1361,13 +1371,7 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte)
 	flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin")
 	flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized")
 	flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update")
-
-	pinInput := string(input)
-
-	if !pin.IsValidPIN(pinInput) {
-		res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update)
-		return res, nil
-	}
+	flag_invalid_pin, _ := h.flagManager.GetFlag("flag_invalid_pin")

 	store := h.userdataStore
 	AccountPin, err := store.ReadEntry(ctx, sessionId, storedb.DATA_ACCOUNT_PIN)
@ -1375,28 +1379,40 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte)
 		logg.ErrorCtxf(ctx, "failed to read AccountPin entry with", "key", storedb.DATA_ACCOUNT_PIN, "error", err)
 		return res, err
 	}
-
-	// verify that the user provided the correct PIN
-	if pin.VerifyPIN(string(AccountPin), pinInput) {
-		// set the required flags for a valid PIN
-		res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
-		res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
-
-		err := h.resetIncorrectPINAttempts(ctx, sessionId)
-		if err != nil {
-			return res, err
+	str := string(input)
+	_, err = strconv.Atoi(str)
+	if len(input) == 4 && err == nil {
+		if pin.VerifyPIN(string(AccountPin), string(input)) {
+			if h.st.MatchFlag(flag_account_authorized, false) {
+				res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
+				res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
+				err := h.resetIncorrectPINAttempts(ctx, sessionId)
+				if err != nil {
+					return res, err
+				}
+			} else {
+				res.FlagSet = append(res.FlagSet, flag_allow_update)
+				res.FlagReset = append(res.FlagReset, flag_account_authorized)
+				err := h.resetIncorrectPINAttempts(ctx, sessionId)
+				if err != nil {
+					return res, err
+				}
+			}
+		} else {
+			err = h.incrementIncorrectPINAttempts(ctx, sessionId)
+			if err != nil {
+				return res, err
+			}
+			res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
+			res.FlagReset = append(res.FlagReset, flag_account_authorized)
+			return res, nil
 		}
 	} else {
-		// set the required flags for an incorrect PIN
-		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
-		res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update)
-
-		err = h.incrementIncorrectPINAttempts(ctx, sessionId)
-		if err != nil {
-			return res, err
+		if string(input) != "0" {
+			res.FlagSet = append(res.FlagSet, flag_invalid_pin)
 		}
+		return res, nil
 	}
-
 	return res, nil
 }

--- a/handlers/application/menuhandler_test.go
+++ b/handlers/application/menuhandler_test.go
@ -1116,6 +1116,7 @@ func TestAuthorize(t *testing.T) {
 	flag_incorrect_pin, _ := fm.GetFlag("flag_incorrect_pin")
 	flag_account_authorized, _ := fm.GetFlag("flag_account_authorized")
 	flag_allow_update, _ := fm.GetFlag("flag_allow_update")
+	flag_invalid_pin, _ := fm.GetFlag("flag_invalid_pin")

 	// Set 1234 is the correct account pin
 	accountPIN := "1234"
@ -1133,7 +1134,7 @@ func TestAuthorize(t *testing.T) {
 		expectedResult resource.Result
 	}{
 		{
-			name:  "Test with correct PIN",
+			name:  "Test with correct pin",
 			input: []byte("1234"),
 			expectedResult: resource.Result{
 				FlagReset: []uint32{flag_incorrect_pin},
@ -1141,18 +1142,18 @@ func TestAuthorize(t *testing.T) {
 			},
 		},
 		{
-			name:  "Test with incorrect PIN",
+			name:  "Test with incorrect pin",
 			input: []byte("1235"),
 			expectedResult: resource.Result{
-				FlagReset: []uint32{flag_account_authorized, flag_allow_update},
+				FlagReset: []uint32{flag_account_authorized},
 				FlagSet:   []uint32{flag_incorrect_pin},
 			},
 		},
 		{
-			name:  "Test with PIN that is not a 4 digit",
+			name:  "Test with pin that is not a 4 digit",
 			input: []byte("1235aqds"),
 			expectedResult: resource.Result{
-				FlagReset: []uint32{flag_account_authorized, flag_allow_update},
+				FlagSet: []uint32{flag_invalid_pin},
 			},
 		},
 	}
--- a/services/registration/swap_initiated.vis
+++ b/services/registration/swap_initiated.vis
@ -1,4 +1,5 @@
 LOAD reset_incorrect_pin 6
+CATCH incorrect_pin flag_incorrect_pin 1
 CATCH _ flag_account_authorized 0
 LOAD initiate_swap 0
 HALT
--- a/services/registration/transaction_initiated.vis
+++ b/services/registration/transaction_initiated.vis
@ -1,4 +1,5 @@
 LOAD reset_incorrect_pin 6
+CATCH incorrect_pin flag_incorrect_pin 1
 CATCH _ flag_account_authorized 0
 RELOAD get_amount
 MAP get_amount