point to the correct ./devtools/admin_numbers directory

Reviewed-on: urdt/ussd#232

common/pin.go

@@ -0,0 +1,33 @@
+package common
+
+import (
+	"regexp"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Define the regex pattern as a constant
+const (
+	pinPattern = `^\d{4}$`
+)
+
+// checks whether the given input is a 4 digit number
+func IsValidPIN(pin string) bool {
+	match, _ := regexp.MatchString(pinPattern, pin)
+	return match
+}
+
+// HashPIN uses bcrypt with 8 salt rounds to hash the PIN
+func HashPIN(pin string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(pin), 8)
+	if err != nil {
+		return "", err
+	}
+	return string(hash), nil
+}
+
+// VerifyPIN compareS the hashed PIN with the plaintext PIN
+func VerifyPIN(hashedPIN, pin string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(pin))
+	return err == nil
+}

common/pin_test.go

@@ -0,0 +1,152 @@
+package common
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func TestIsValidPIN(t *testing.T) {
+	tests := []struct {
+		name     string
+		pin      string
+		expected bool
+	}{
+		{
+			name:     "Valid PIN with 4 digits",
+			pin:      "1234",
+			expected: true,
+		},
+		{
+			name:     "Valid PIN with leading zeros",
+			pin:      "0001",
+			expected: true,
+		},
+		{
+			name:     "Invalid PIN with less than 4 digits",
+			pin:      "123",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with more than 4 digits",
+			pin:      "12345",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with letters",
+			pin:      "abcd",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with special characters",
+			pin:      "12@#",
+			expected: false,
+		},
+		{
+			name:     "Empty PIN",
+			pin:      "",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := IsValidPIN(tt.pin)
+			if actual != tt.expected {
+				t.Errorf("IsValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
+			}
+		})
+	}
+}
+
+func TestHashPIN(t *testing.T) {
+	tests := []struct {
+		name string
+		pin  string
+	}{
+		{
+			name: "Valid PIN with 4 digits",
+			pin:  "1234",
+		},
+		{
+			name: "Valid PIN with leading zeros",
+			pin:  "0001",
+		},
+		{
+			name: "Empty PIN",
+			pin:  "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			hashedPIN, err := HashPIN(tt.pin)
+			if err != nil {
+				t.Errorf("HashPIN(%q) returned an error: %v", tt.pin, err)
+				return
+			}
+
+			if hashedPIN == "" {
+				t.Errorf("HashPIN(%q) returned an empty hash", tt.pin)
+			}
+
+			// Ensure the hash can be verified with bcrypt
+			err = bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(tt.pin))
+			if tt.pin != "" && err != nil {
+				t.Errorf("HashPIN(%q) produced a hash that does not match: %v", tt.pin, err)
+			}
+		})
+	}
+}
+
+func TestVerifyPIN(t *testing.T) {
+	tests := []struct {
+		name       string
+		pin        string
+		hashedPIN  string
+		shouldPass bool
+	}{
+		{
+			name:       "Valid PIN verification",
+			pin:        "1234",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: true,
+		},
+		{
+			name:       "Invalid PIN verification with incorrect PIN",
+			pin:        "5678",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with empty PIN",
+			pin:        "",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with invalid hash",
+			pin:        "1234",
+			hashedPIN:  "invalidhash",
+			shouldPass: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := VerifyPIN(tt.hashedPIN, tt.pin)
+			if result != tt.shouldPass {
+				t.Errorf("VerifyPIN(%q, %q) = %v; expected %v", tt.hashedPIN, tt.pin, result, tt.shouldPass)
+			}
+		})
+	}
+}
+
+// Helper function to hash a PIN for testing purposes
+func hashPINHelper(pin string) string {
+	hashedPIN, err := HashPIN(pin)
+	if err != nil {
+		panic("Failed to hash PIN for test setup: " + err.Error())
+	}
+	return hashedPIN
+}

internal/handlers/handlerservice.go

@@ -43,7 +43,7 @@ func NewLocalHandlerService(ctx context.Context, fp string, debug bool, dbResour
 	if err != nil {
 		return nil, err
 	}
-	adminstore, err := utils.NewAdminStore(ctx, "admin_numbers")
+	adminstore, err := utils.NewAdminStore(ctx, "./devtools/admin_numbers")
 	if err != nil {
 		return nil, err
 	}

internal/handlers/ussd/menuhandler.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"path"
-	"regexp"
 	"strconv"
 	"strings"
 
@@ -34,17 +33,6 @@ var (
 	translationDir = path.Join(scriptDir, "locale")
 )
 
-// Define the regex patterns as constants
-const (
-	pinPattern = `^\d{4}$`
-)
-
-// checks whether the given input is a 4 digit number
-func isValidPIN(pin string) bool {
-	match, _ := regexp.MatchString(pinPattern, pin)
-	return match
-}
-
 // FlagManager handles centralized flag management
 type FlagManager struct {
 	parser *asm.FlagParser
@@ -129,6 +117,11 @@ func (h *Handlers) Init(ctx context.Context, sym string, input []byte) (resource
 	h.st = h.pe.GetState()
 	h.ca = h.pe.GetMemory()
 
+	if len(input) == 0 {
+		// move to the top node
+		h.st.Code = []byte{}
+	}
+
 	sessionId, _ := ctx.Value("SessionId").(string)
 	flag_admin_privilege, _ := h.flagManager.GetFlag("flag_admin_privilege")
 
@@ -276,7 +269,7 @@ func (h *Handlers) VerifyNewPin(ctx context.Context, sym string, input []byte) (
 	flag_valid_pin, _ := h.flagManager.GetFlag("flag_valid_pin")
 	pinInput := string(input)
 	// Validate that the PIN is a 4-digit number.
-	if isValidPIN(pinInput) {
+	if common.IsValidPIN(pinInput) {
 		res.FlagSet = append(res.FlagSet, flag_valid_pin)
 	} else {
 		res.FlagReset = append(res.FlagReset, flag_valid_pin)
@@ -301,7 +294,7 @@ func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byt
 	accountPIN := string(input)
 
 	// Validate that the PIN is a 4-digit number.
-	if !isValidPIN(accountPIN) {
+	if !common.IsValidPIN(accountPIN) {
 		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
 		return res, nil
 	}
@@ -363,11 +356,20 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 		res.FlagReset = append(res.FlagReset, flag_pin_mismatch)
 	} else {
 		res.FlagSet = append(res.FlagSet, flag_pin_mismatch)
+		return res, nil
 	}
-	// If matched, save the confirmed PIN as the new account PIN
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	// save the hashed PIN as the new account PIN
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "hashedPIN value", hashedPIN, "error", err)
 		return res, err
 	}
 	return res, nil
@@ -399,11 +401,19 @@ func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte
 		res.FlagSet = append(res.FlagSet, flag_pin_set)
 	} else {
 		res.FlagSet = []uint32{flag_pin_mismatch}
+		return res, nil
 	}
 
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "value", hashedPIN, "error", err)
 		return res, err
 	}
 
@@ -717,7 +727,7 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
 		return res, err
 	}
 	if len(input) == 4 {
-		if bytes.Equal(input, AccountPin) {
+		if common.VerifyPIN(string(AccountPin), string(input)) {
 			if h.st.MatchFlag(flag_account_authorized, false) {
 				res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
 				res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
@@ -944,7 +954,15 @@ func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte)
 		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
-	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 	if err != nil {
 		return res, nil
 	}
@@ -1395,7 +1413,6 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		defaultValue = "Not Provided"
 	}
 
-
 	sm, _ := h.st.Where()
 	parts := strings.SplitN(sm, "_", 2)
 	filename := parts[1]

internal/handlers/ussd/menuhandler_test.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	"testing"
 
+	"git.defalsify.org/vise.git/cache"
 	"git.defalsify.org/vise.git/lang"
 	"git.defalsify.org/vise.git/persist"
 	"git.defalsify.org/vise.git/resource"
@@ -15,6 +16,7 @@ import (
 	"git.grassecon.net/urdt/ussd/internal/storage"
 	"git.grassecon.net/urdt/ussd/internal/testutil/mocks"
 	"git.grassecon.net/urdt/ussd/internal/testutil/testservice"
+	"git.grassecon.net/urdt/ussd/internal/utils"
 	"git.grassecon.net/urdt/ussd/models"
 
 	"git.grassecon.net/urdt/ussd/common"
@@ -119,6 +121,102 @@ func TestNewHandlers(t *testing.T) {
 	})
 }
 
+func TestInit(t *testing.T) {
+	sessionId := "session123"
+	ctx, store := InitializeTestStore(t)
+	ctx = context.WithValue(ctx, "SessionId", sessionId)
+
+	fm, err := NewFlagManager(flagsPath)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	adminstore, err := utils.NewAdminStore(ctx, "admin_numbers")
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	st := state.NewState(128)
+	ca := cache.NewCache()
+
+	flag_admin_privilege, _ := fm.GetFlag("flag_admin_privilege")
+
+	tests := []struct {
+		name           string
+		setup          func() (*Handlers, context.Context)
+		input          []byte
+		expectedResult resource.Result
+	}{
+		{
+			name: "Handler not ready",
+			setup: func() (*Handlers, context.Context) {
+				return &Handlers{}, ctx
+			},
+			input:          []byte("1"),
+			expectedResult: resource.Result{},
+		},
+		{
+			name: "State and memory initialization",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession(sessionId).WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				return h, context.WithValue(ctx, "SessionId", sessionId)
+			},
+			input: []byte("1"),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+		{
+			name: "Non-admin session initialization",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession("0712345678").WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				return h, context.WithValue(context.Background(), "SessionId", "0712345678")
+			},
+			input: []byte("1"),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+		{
+			name: "Move to top node on empty input",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession(sessionId).WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				st.Code = []byte("some pending bytecode")
+				return h, context.WithValue(ctx, "SessionId", sessionId)
+			},
+			input: []byte(""),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			h, testCtx := tt.setup()
+			res, err := h.Init(testCtx, "", tt.input)
+
+			assert.NoError(t, err, "Unexpected error occurred")
+			assert.Equal(t, res, tt.expectedResult, "Expected result should match actual result")
+		})
+	}
+}
+
 func TestCreateAccount(t *testing.T) {
 	sessionId := "session123"
 	ctx, store := InitializeTestStore(t)
@@ -949,7 +1047,14 @@ func TestAuthorize(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(accountPIN))
+			// Hash the PIN
+			hashedPIN, err := common.HashPIN(accountPIN)
+			if err != nil {
+				logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+				t.Fatal(err)
+			}
+
+			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -1401,59 +1506,6 @@ func TestQuit(t *testing.T) {
 	}
 }
 
-func TestIsValidPIN(t *testing.T) {
-	tests := []struct {
-		name     string
-		pin      string
-		expected bool
-	}{
-		{
-			name:     "Valid PIN with 4 digits",
-			pin:      "1234",
-			expected: true,
-		},
-		{
-			name:     "Valid PIN with leading zeros",
-			pin:      "0001",
-			expected: true,
-		},
-		{
-			name:     "Invalid PIN with less than 4 digits",
-			pin:      "123",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with more than 4 digits",
-			pin:      "12345",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with letters",
-			pin:      "abcd",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with special characters",
-			pin:      "12@#",
-			expected: false,
-		},
-		{
-			name:     "Empty PIN",
-			pin:      "",
-			expected: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			actual := isValidPIN(tt.pin)
-			if actual != tt.expected {
-				t.Errorf("isValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
-			}
-		})
-	}
-}
-
 func TestValidateAmount(t *testing.T) {
 	fm, err := NewFlagManager(flagsPath)
 	if err != nil {
@@ -1700,7 +1752,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Name: %s\nGender: %s\nAge: %s\nLocation: %s\nYou provide: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},
@@ -1712,7 +1764,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Jina: %s\nJinsia: %s\nUmri: %s\nEneo: %s\nUnauza: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},
@@ -1724,7 +1776,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Name: %s\nGender: %s\nAge: %s\nLocation: %s\nYou provide: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},

internal/http/server.go

@@ -17,8 +17,7 @@ var (
 type DefaultRequestParser struct {
 }
 
-
-func(rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
+func (rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return "", handlers.ErrInvalidRequest
@@ -30,7 +29,7 @@ func(rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
 	return v, nil
 }
 
-func(rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
+func (rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return nil, handlers.ErrInvalidRequest
@@ -53,25 +52,24 @@ func ToSessionHandler(h handlers.RequestHandler) *SessionHandler {
 	}
 }
 
-func(f *SessionHandler) writeError(w http.ResponseWriter, code int, err error) {
+func (f *SessionHandler) writeError(w http.ResponseWriter, code int, err error) {
 	s := err.Error()
 	w.Header().Set("Content-Length", strconv.Itoa(len(s)))
 	w.WriteHeader(code)
-	_, err = w.Write([]byte{})
+	_, err = w.Write([]byte(s))
 	if err != nil {
 		logg.Errorf("error writing error!!", "err", err, "olderr", s)
 		w.WriteHeader(500)
 	}
-	return 
 }
 
-func(f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+func (f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	var code int
 	var err error
 	var perr error
 
 	rqs := handlers.RequestSession{
-		Ctx: req.Context(),
+		Ctx:    req.Context(),
 		Writer: w,
 	}
 

menutraversal_test/group_test.json

@@ -430,7 +430,7 @@
                 },
                 {
                     "input": "1234",
-                    "expectedContent": "My profile:\nName: foo bar\nGender: male\nAge: 79\nLocation: Kilifi\nYou provide: Bananas\n\n0:Back"
+                    "expectedContent": "My profile:\nName: foo bar\nGender: male\nAge: 80\nLocation: Kilifi\nYou provide: Bananas\n\n0:Back"
                 },
                 {
                     "input": "0",

menutraversal_test/menu_traversal_test.go

@@ -298,9 +298,10 @@ func TestMainMenuSend(t *testing.T) {
 	ctx := context.Background()
 	sessions := testData
 	for _, session := range sessions {
-		groups := driver.FilterGroupsByName(session.Groups, "send_with_invalid_inputs")
+		groups := driver.FilterGroupsByName(session.Groups, "send_with_invite")
 		for _, group := range groups {
-			for _, step := range group.Steps {
+			for index, step := range group.Steps {
+				t.Logf("step %v with input %v", index, step.Input)
 				cont, err := en.Exec(ctx, []byte(step.Input))
 				if err != nil {
 					t.Fatalf("Test case '%s' failed at input '%s': %v", group.Name, step.Input, err)

menutraversal_test/test_setup.json

@@ -64,8 +64,8 @@
                         "expectedContent": "Enter recipient's phone number/address/alias:\n0:Back"
                     },
                     {
-                        "input": "000",
-                        "expectedContent": "000 is invalid, please try again:\n1:Retry\n9:Quit"
+                        "input": "0@0",
+                        "expectedContent": "0@0 is invalid, please try again:\n1:Retry\n9:Quit"
                     },
                     {
                         "input": "1",