From 20954d287ba347b19f00e709c5daa5178844f81a Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Thu, 29 May 2025 09:59:41 +0300 Subject: [PATCH 1/9] store the DATA_POOL_TO_BALANCES --- handlers/application/menuhandler.go | 1 + 1 file changed, 1 insertion(+) diff --git a/handlers/application/menuhandler.go b/handlers/application/menuhandler.go index 0093279..e001918 100644 --- a/handlers/application/menuhandler.go +++ b/handlers/application/menuhandler.go @@ -2789,6 +2789,7 @@ func (h *MenuHandlers) LoadSwapToList(ctx context.Context, sym string, input []b // Store all swap_to tokens data dataMap := map[storedb.DataTyp]string{ storedb.DATA_POOL_TO_SYMBOLS: data.Symbols, + storedb.DATA_POOL_TO_BALANCES: data.Balances, storedb.DATA_POOL_TO_DECIMALS: data.Decimals, storedb.DATA_POOL_TO_ADDRESSES: data.Addresses, } -- 2.45.2 From 71b4eff35ef70720f30b67df0d18501ad795162d Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Thu, 29 May 2025 10:00:44 +0300 Subject: [PATCH 2/9] add a catch for api failures --- services/registration/swap_to_list.vis | 1 + 1 file changed, 1 insertion(+) diff --git a/services/registration/swap_to_list.vis b/services/registration/swap_to_list.vis index 47e6577..e966fee 100644 --- a/services/registration/swap_to_list.vis +++ b/services/registration/swap_to_list.vis @@ -7,6 +7,7 @@ MOUT back 0 HALT LOAD swap_max_limit 64 RELOAD swap_max_limit +CATCH api_failure flag_api_call_error 1 CATCH . flag_incorrect_voucher 1 CATCH low_swap_amount flag_low_swap_amount 1 INCMP _ 0 -- 2.45.2 From b30e15caa5bde39f312568a52382e230451cae8b Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Thu, 29 May 2025 10:01:48 +0300 Subject: [PATCH 3/9] remove additional RELOAD --- services/registration/swap_limit.vis | 2 -- 1 file changed, 2 deletions(-) diff --git a/services/registration/swap_limit.vis b/services/registration/swap_limit.vis index a9fa737..b0ffb9b 100644 --- a/services/registration/swap_limit.vis +++ b/services/registration/swap_limit.vis @@ -1,5 +1,3 @@ -RELOAD swap_max_limit -CATCH api_failure flag_api_call_error 1 MAP swap_max_limit MOUT back 0 HALT -- 2.45.2 From 4f02924cbd913ae1439c38875a87cbef220275cf Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Fri, 30 May 2025 04:57:32 +0300 Subject: [PATCH 4/9] refactor the Authorize function to prevent double PIN requests --- handlers/application/menuhandler.go | 56 +++++++++++++---------------- 1 file changed, 25 insertions(+), 31 deletions(-) diff --git a/handlers/application/menuhandler.go b/handlers/application/menuhandler.go index e001918..6e7a6f8 100644 --- a/handlers/application/menuhandler.go +++ b/handlers/application/menuhandler.go @@ -1371,7 +1371,13 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin") flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized") flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update") - flag_invalid_pin, _ := h.flagManager.GetFlag("flag_invalid_pin") + + pinInput := string(input) + + if !pin.IsValidPIN(pinInput) { + res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update) + return res, nil + } store := h.userdataStore AccountPin, err := store.ReadEntry(ctx, sessionId, storedb.DATA_ACCOUNT_PIN) @@ -1379,40 +1385,28 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) logg.ErrorCtxf(ctx, "failed to read AccountPin entry with", "key", storedb.DATA_ACCOUNT_PIN, "error", err) return res, err } - str := string(input) - _, err = strconv.Atoi(str) - if len(input) == 4 && err == nil { - if pin.VerifyPIN(string(AccountPin), string(input)) { - if h.st.MatchFlag(flag_account_authorized, false) { - res.FlagReset = append(res.FlagReset, flag_incorrect_pin) - res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized) - err := h.resetIncorrectPINAttempts(ctx, sessionId) - if err != nil { - return res, err - } - } else { - res.FlagSet = append(res.FlagSet, flag_allow_update) - res.FlagReset = append(res.FlagReset, flag_account_authorized) - err := h.resetIncorrectPINAttempts(ctx, sessionId) - if err != nil { - return res, err - } - } - } else { - err = h.incrementIncorrectPINAttempts(ctx, sessionId) - if err != nil { - return res, err - } - res.FlagSet = append(res.FlagSet, flag_incorrect_pin) - res.FlagReset = append(res.FlagReset, flag_account_authorized) - return res, nil + + // verify that the user provided the correct PIN + if pin.VerifyPIN(string(AccountPin), pinInput) { + // set the required flags for a valid PIN + res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized) + res.FlagReset = append(res.FlagReset, flag_incorrect_pin) + + err := h.resetIncorrectPINAttempts(ctx, sessionId) + if err != nil { + return res, err } } else { - if string(input) != "0" { - res.FlagSet = append(res.FlagSet, flag_invalid_pin) + // set the required flags for an incorrect PIN + res.FlagSet = append(res.FlagSet, flag_incorrect_pin) + res.FlagReset = append(res.FlagReset, flag_account_authorized, flag_allow_update) + + err = h.incrementIncorrectPINAttempts(ctx, sessionId) + if err != nil { + return res, err } - return res, nil } + return res, nil } -- 2.45.2 From 6a4b59cedfa500b7108e6bf4e1e85760e7025343 Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Fri, 30 May 2025 04:58:20 +0300 Subject: [PATCH 5/9] update the Authorize test --- handlers/application/menuhandler_test.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/handlers/application/menuhandler_test.go b/handlers/application/menuhandler_test.go index d07e0cc..a608b7d 100644 --- a/handlers/application/menuhandler_test.go +++ b/handlers/application/menuhandler_test.go @@ -1116,7 +1116,6 @@ func TestAuthorize(t *testing.T) { flag_incorrect_pin, _ := fm.GetFlag("flag_incorrect_pin") flag_account_authorized, _ := fm.GetFlag("flag_account_authorized") flag_allow_update, _ := fm.GetFlag("flag_allow_update") - flag_invalid_pin, _ := fm.GetFlag("flag_invalid_pin") // Set 1234 is the correct account pin accountPIN := "1234" @@ -1134,7 +1133,7 @@ func TestAuthorize(t *testing.T) { expectedResult resource.Result }{ { - name: "Test with correct pin", + name: "Test with correct PIN", input: []byte("1234"), expectedResult: resource.Result{ FlagReset: []uint32{flag_incorrect_pin}, @@ -1142,18 +1141,18 @@ func TestAuthorize(t *testing.T) { }, }, { - name: "Test with incorrect pin", + name: "Test with incorrect PIN", input: []byte("1235"), expectedResult: resource.Result{ - FlagReset: []uint32{flag_account_authorized}, + FlagReset: []uint32{flag_account_authorized, flag_allow_update}, FlagSet: []uint32{flag_incorrect_pin}, }, }, { - name: "Test with pin that is not a 4 digit", + name: "Test with PIN that is not a 4 digit", input: []byte("1235aqds"), expectedResult: resource.Result{ - FlagSet: []uint32{flag_invalid_pin}, + FlagReset: []uint32{flag_account_authorized, flag_allow_update}, }, }, } -- 2.45.2 From 7f9da1ec107b51ba9ad0136cfdae903e756ac9d3 Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Fri, 30 May 2025 04:58:55 +0300 Subject: [PATCH 6/9] remove unused CATCH statement --- services/registration/transaction_initiated.vis | 1 - 1 file changed, 1 deletion(-) diff --git a/services/registration/transaction_initiated.vis b/services/registration/transaction_initiated.vis index 33ce092..bc524ce 100644 --- a/services/registration/transaction_initiated.vis +++ b/services/registration/transaction_initiated.vis @@ -1,5 +1,4 @@ LOAD reset_incorrect_pin 6 -CATCH incorrect_pin flag_incorrect_pin 1 CATCH _ flag_account_authorized 0 RELOAD get_amount MAP get_amount -- 2.45.2 From 9891a51f905db8544fea9acd7e87ad0e4cd5255f Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Fri, 30 May 2025 05:01:58 +0300 Subject: [PATCH 7/9] update the resetIncorrectPINAttempts to cater for edge cases with more than 3 invalid attempts --- handlers/application/menuhandler.go | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/handlers/application/menuhandler.go b/handlers/application/menuhandler.go index 6e7a6f8..a0a6eec 100644 --- a/handlers/application/menuhandler.go +++ b/handlers/application/menuhandler.go @@ -630,21 +630,11 @@ func (h *MenuHandlers) incrementIncorrectPINAttempts(ctx context.Context, sessio // resetIncorrectPINAttempts resets the number of incorrect PIN attempts after a correct PIN entry func (h *MenuHandlers) resetIncorrectPINAttempts(ctx context.Context, sessionId string) error { store := h.userdataStore - currentWrongPinAttempts, err := store.ReadEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS) + err := store.WriteEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0"))) if err != nil { - if db.IsNotFound(err) { - return nil - } + logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", storedb.DATA_INCORRECT_PIN_ATTEMPTS, "error", err) return err } - currentWrongPinAttemptsCount, _ := strconv.ParseUint(string(currentWrongPinAttempts), 0, 64) - if currentWrongPinAttemptsCount <= uint64(pin.AllowedPINAttempts) { - err = store.WriteEntry(ctx, sessionId, storedb.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0"))) - if err != nil { - logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", storedb.DATA_INCORRECT_PIN_ATTEMPTS, "value", pin.AllowedPINAttempts, "error", err) - return err - } - } return nil } @@ -1371,7 +1361,7 @@ func (h *MenuHandlers) Authorize(ctx context.Context, sym string, input []byte) flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin") flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized") flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update") - + pinInput := string(input) if !pin.IsValidPIN(pinInput) { -- 2.45.2 From 3075070e14e45370185384933206277af906edae Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Fri, 30 May 2025 05:06:29 +0300 Subject: [PATCH 8/9] remove unused CATCH statement for the flag_incorrect_pin --- services/registration/swap_initiated.vis | 1 - 1 file changed, 1 deletion(-) diff --git a/services/registration/swap_initiated.vis b/services/registration/swap_initiated.vis index eaa7907..4faa7ba 100644 --- a/services/registration/swap_initiated.vis +++ b/services/registration/swap_initiated.vis @@ -1,5 +1,4 @@ LOAD reset_incorrect_pin 6 -CATCH incorrect_pin flag_incorrect_pin 1 CATCH _ flag_account_authorized 0 LOAD initiate_swap 0 HALT -- 2.45.2 From a96802f10f55dd172c3569a08a253e855057f880 Mon Sep 17 00:00:00 2001 From: alfred-mk Date: Fri, 30 May 2025 05:09:27 +0300 Subject: [PATCH 9/9] use a single FlagReset append statement --- handlers/application/menuhandler.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/handlers/application/menuhandler.go b/handlers/application/menuhandler.go index a0a6eec..86f70b7 100644 --- a/handlers/application/menuhandler.go +++ b/handlers/application/menuhandler.go @@ -2803,8 +2803,7 @@ func (h *MenuHandlers) SwapMaxLimit(ctx context.Context, sym string, input []byt flag_api_error, _ := h.flagManager.GetFlag("flag_api_error") flag_low_swap_amount, _ := h.flagManager.GetFlag("flag_low_swap_amount") - res.FlagReset = append(res.FlagReset, flag_incorrect_voucher) - res.FlagReset = append(res.FlagSet, flag_low_swap_amount) + res.FlagReset = append(res.FlagReset, flag_incorrect_voucher, flag_low_swap_amount) inputStr := string(input) if inputStr == "0" { -- 2.45.2