Merge branch 'master' into lash/purify-max
This commit is contained in:
lash
@@ -1,4 +1,4 @@
|
||||
package ussd
|
||||
package application
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@@ -734,11 +734,23 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
|
||||
if h.st.MatchFlag(flag_account_authorized, false) {
|
||||
res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
|
||||
res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
|
||||
err := h.resetIncorrectPINAttempts(ctx, sessionId)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
} else {
|
||||
res.FlagSet = append(res.FlagSet, flag_allow_update)
|
||||
res.FlagReset = append(res.FlagReset, flag_account_authorized)
|
||||
err := h.resetIncorrectPINAttempts(ctx, sessionId)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
err := h.incrementIncorrectPINAttempts(ctx, sessionId)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
|
||||
res.FlagReset = append(res.FlagReset, flag_account_authorized)
|
||||
return res, nil
|
||||
@@ -752,8 +764,34 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
|
||||
// ResetIncorrectPin resets the incorrect pin flag after a new PIN attempt.
|
||||
func (h *Handlers) ResetIncorrectPin(ctx context.Context, sym string, input []byte) (resource.Result, error) {
|
||||
var res resource.Result
|
||||
store := h.userdataStore
|
||||
|
||||
flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin")
|
||||
flag_account_blocked, _ := h.flagManager.GetFlag("flag_account_blocked")
|
||||
|
||||
sessionId, ok := ctx.Value("SessionId").(string)
|
||||
if !ok {
|
||||
return res, fmt.Errorf("missing session")
|
||||
}
|
||||
|
||||
res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
|
||||
|
||||
currentWrongPinAttempts, err := store.ReadEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS)
|
||||
if err != nil {
|
||||
if !db.IsNotFound(err) {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
pinAttemptsValue, _ := strconv.ParseUint(string(currentWrongPinAttempts), 0, 64)
|
||||
remainingPINAttempts := common.AllowedPINAttempts - uint8(pinAttemptsValue)
|
||||
if remainingPINAttempts == 0 {
|
||||
res.FlagSet = append(res.FlagSet, flag_account_blocked)
|
||||
return res, nil
|
||||
}
|
||||
if remainingPINAttempts < common.AllowedPINAttempts {
|
||||
res.Content = strconv.Itoa(int(remainingPINAttempts))
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
@@ -835,11 +873,21 @@ func (h *Handlers) QuitWithHelp(ctx context.Context, sym string, input []byte) (
|
||||
l := gotext.NewLocale(translationDir, code)
|
||||
l.AddDomain("default")
|
||||
|
||||
res.Content = l.Get("For more help,please call: 0757628885")
|
||||
res.Content = l.Get("For more help, please call: 0757628885")
|
||||
res.FlagReset = append(res.FlagReset, flag_account_authorized)
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// ShowBlockedAccount displays a message after an account has been blocked and how to reach support.
|
||||
func (h *Handlers) ShowBlockedAccount(ctx context.Context, sym string, input []byte) (resource.Result, error) {
|
||||
var res resource.Result
|
||||
code := codeFromCtx(ctx)
|
||||
l := gotext.NewLocale(translationDir, code)
|
||||
l.AddDomain("default")
|
||||
res.Content = l.Get("Your account has been locked. For help on how to unblock your account, contact support at: 0757628885")
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// VerifyYob verifies the length of the given input.
|
||||
func (h *Handlers) VerifyYob(ctx context.Context, sym string, input []byte) (resource.Result, error) {
|
||||
var res resource.Result
|
||||
@@ -2075,3 +2123,53 @@ func (h *Handlers) UpdateAllProfileItems(ctx context.Context, sym string, input
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// incrementIncorrectPINAttempts keeps track of the number of incorrect PIN attempts
|
||||
func (h *Handlers) incrementIncorrectPINAttempts(ctx context.Context, sessionId string) error {
|
||||
var pinAttemptsCount uint8
|
||||
store := h.userdataStore
|
||||
|
||||
currentWrongPinAttempts, err := store.ReadEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS)
|
||||
if err != nil {
|
||||
if db.IsNotFound(err) {
|
||||
//First time Wrong PIN attempt: initialize with a count of 1
|
||||
pinAttemptsCount = 1
|
||||
err = store.WriteEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS, []byte(strconv.Itoa(int(pinAttemptsCount))))
|
||||
if err != nil {
|
||||
logg.ErrorCtxf(ctx, "failed to write incorrect PIN attempts ", "key", common.DATA_INCORRECT_PIN_ATTEMPTS, "value", currentWrongPinAttempts, "error", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
pinAttemptsValue, _ := strconv.ParseUint(string(currentWrongPinAttempts), 0, 64)
|
||||
pinAttemptsCount = uint8(pinAttemptsValue) + 1
|
||||
|
||||
err = store.WriteEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS, []byte(strconv.Itoa(int(pinAttemptsCount))))
|
||||
if err != nil {
|
||||
logg.ErrorCtxf(ctx, "failed to write incorrect PIN attempts ", "key", common.DATA_INCORRECT_PIN_ATTEMPTS, "value", pinAttemptsCount, "error", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// resetIncorrectPINAttempts resets the number of incorrect PIN attempts after a correct PIN entry
|
||||
func (h *Handlers) resetIncorrectPINAttempts(ctx context.Context, sessionId string) error {
|
||||
store := h.userdataStore
|
||||
currentWrongPinAttempts, err := store.ReadEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS)
|
||||
if err != nil {
|
||||
if db.IsNotFound(err) {
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
currentWrongPinAttemptsCount, _ := strconv.ParseUint(string(currentWrongPinAttempts), 0, 64)
|
||||
if currentWrongPinAttemptsCount <= uint64(common.AllowedPINAttempts) {
|
||||
err = store.WriteEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("0")))
|
||||
if err != nil {
|
||||
logg.ErrorCtxf(ctx, "failed to reset incorrect PIN attempts ", "key", common.DATA_INCORRECT_PIN_ATTEMPTS, "value", common.AllowedPINAttempts, "error", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -1,10 +1,11 @@
|
||||
package ussd
|
||||
package application
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"log"
|
||||
"path"
|
||||
"strconv"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
@@ -907,37 +908,79 @@ func TestResetAccountAuthorized(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestIncorrectPinReset(t *testing.T) {
|
||||
sessionId := "session123"
|
||||
ctx, store := InitializeTestStore(t)
|
||||
fm, err := NewFlagManager(flagsPath)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
flag_incorrect_pin, _ := fm.parser.GetFlag("flag_incorrect_pin")
|
||||
flag_account_blocked, _ := fm.parser.GetFlag("flag_account_blocked")
|
||||
|
||||
ctx = context.WithValue(ctx, "SessionId", sessionId)
|
||||
|
||||
// Define test cases
|
||||
tests := []struct {
|
||||
name string
|
||||
input []byte
|
||||
attempts uint8
|
||||
expectedResult resource.Result
|
||||
}{
|
||||
{
|
||||
name: "Test incorrect pin reset",
|
||||
name: "Test when incorrect PIN attempts is 2",
|
||||
input: []byte(""),
|
||||
expectedResult: resource.Result{
|
||||
FlagReset: []uint32{flag_incorrect_pin},
|
||||
Content: "1", //Expected remaining PIN attempts
|
||||
},
|
||||
attempts: 2,
|
||||
},
|
||||
{
|
||||
name: "Test incorrect pin reset when incorrect PIN attempts is 1",
|
||||
input: []byte(""),
|
||||
expectedResult: resource.Result{
|
||||
FlagReset: []uint32{flag_incorrect_pin},
|
||||
Content: "2", //Expected remaining PIN attempts
|
||||
},
|
||||
attempts: 1,
|
||||
},
|
||||
{
|
||||
name: "Test incorrect pin reset when incorrect PIN attempts is 1",
|
||||
input: []byte(""),
|
||||
expectedResult: resource.Result{
|
||||
FlagReset: []uint32{flag_incorrect_pin},
|
||||
Content: "2", //Expected remaining PIN attempts
|
||||
},
|
||||
attempts: 1,
|
||||
},
|
||||
{
|
||||
name: "Test incorrect pin reset when incorrect PIN attempts is 3(account expected to be blocked)",
|
||||
input: []byte(""),
|
||||
expectedResult: resource.Result{
|
||||
FlagReset: []uint32{flag_incorrect_pin},
|
||||
FlagSet: []uint32{flag_account_blocked},
|
||||
},
|
||||
attempts: 3,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
||||
if err := store.WriteEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS, []byte(strconv.Itoa(int(tt.attempts)))); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Create the Handlers instance with the mock flag manager
|
||||
h := &Handlers{
|
||||
flagManager: fm.parser,
|
||||
flagManager: fm.parser,
|
||||
userdataStore: store,
|
||||
}
|
||||
|
||||
// Call the method
|
||||
res, err := h.ResetIncorrectPin(context.Background(), "reset_incorrect_pin", tt.input)
|
||||
res, err := h.ResetIncorrectPin(ctx, "reset_incorrect_pin", tt.input)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
@@ -2190,3 +2233,55 @@ func TestGetVoucherDetails(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, expectedResult, res)
|
||||
}
|
||||
|
||||
func TestCountIncorrectPINAttempts(t *testing.T) {
|
||||
ctx, store := InitializeTestStore(t)
|
||||
sessionId := "session123"
|
||||
ctx = context.WithValue(ctx, "SessionId", sessionId)
|
||||
attempts := uint8(2)
|
||||
|
||||
h := &Handlers{
|
||||
userdataStore: store,
|
||||
}
|
||||
err := store.WriteEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS, []byte(strconv.Itoa(int(attempts))))
|
||||
if err != nil {
|
||||
t.Logf(err.Error())
|
||||
}
|
||||
err = h.incrementIncorrectPINAttempts(ctx, sessionId)
|
||||
if err != nil {
|
||||
t.Logf(err.Error())
|
||||
}
|
||||
|
||||
attemptsAfterCount, err := store.ReadEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS)
|
||||
if err != nil {
|
||||
t.Logf(err.Error())
|
||||
}
|
||||
pinAttemptsValue, _ := strconv.ParseUint(string(attemptsAfterCount), 0, 64)
|
||||
pinAttemptsCount := uint8(pinAttemptsValue)
|
||||
expectedAttempts := attempts + 1
|
||||
assert.Equal(t, pinAttemptsCount, expectedAttempts)
|
||||
|
||||
}
|
||||
|
||||
func TestResetIncorrectPINAttempts(t *testing.T) {
|
||||
ctx, store := InitializeTestStore(t)
|
||||
sessionId := "session123"
|
||||
ctx = context.WithValue(ctx, "SessionId", sessionId)
|
||||
|
||||
err := store.WriteEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS, []byte(string("2")))
|
||||
if err != nil {
|
||||
t.Logf(err.Error())
|
||||
}
|
||||
|
||||
h := &Handlers{
|
||||
userdataStore: store,
|
||||
}
|
||||
h.resetIncorrectPINAttempts(ctx, sessionId)
|
||||
incorrectAttempts, err := store.ReadEntry(ctx, sessionId, common.DATA_INCORRECT_PIN_ATTEMPTS)
|
||||
|
||||
if err != nil {
|
||||
t.Logf(err.Error())
|
||||
}
|
||||
assert.Equal(t, "0", string(incorrectAttempts))
|
||||
|
||||
}
|
||||
@@ -41,6 +41,7 @@ func NewAuther(ctx context.Context, keyStore *SshKeyStore) *auther {
|
||||
}
|
||||
|
||||
func(a *auther) Check(conn ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
|
||||
logg.TraceCtxf(a.Ctx, "looking for publickey", "pubkey", fmt.Sprintf("%x", pubKey))
|
||||
va, err := a.keyStore.Get(a.Ctx, pubKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -203,6 +204,7 @@ func(s *SshRunner) GetEngine(sessionId string) (engine.Engine, func(), error) {
|
||||
|
||||
// adapted example from crypto/ssh package, NewServerConn doc
|
||||
func(s *SshRunner) Run(ctx context.Context, keyStore *SshKeyStore) {
|
||||
s.Ctx = ctx
|
||||
running := true
|
||||
|
||||
// TODO: waitgroup should probably not be global
|
||||
|
||||
Reference in New Issue
Block a user