diff --git a/internal/handlers/ussd/menuhandler.go b/internal/handlers/ussd/menuhandler.go index 53c5fe8..6279838 100644 --- a/internal/handlers/ussd/menuhandler.go +++ b/internal/handlers/ussd/menuhandler.go @@ -107,6 +107,13 @@ func (h *Handlers) SavePin(ctx context.Context, sym string, input []byte) (resou return res, err } + // Validate that the PIN is a 4-digit number + if !isValidPIN(accountPIN) { + res.FlagSet = append(res.FlagSet, models.USERFLAG_INCORRECTPIN) + return res, nil + } + + res.FlagReset = append(res.FlagReset, models.USERFLAG_INCORRECTPIN) accountData["AccountPIN"] = accountPIN err = h.accountFileHandler.WriteAccountData(accountData) @@ -136,6 +143,11 @@ func (h *Handlers) VerifyPin(ctx context.Context, sym string, input []byte) (res return res, nil } +func isValidPIN(pin string) bool { + match, _ := regexp.MatchString(`^\d{4}$`, pin) + return match +} + func codeFromCtx(ctx context.Context) string { var code string engine.Logg.DebugCtxf(ctx, "in msg", "ctx", ctx, "val", code) diff --git a/services/registration/create_pin.vis b/services/registration/create_pin.vis index 3ecc474..4994863 100644 --- a/services/registration/create_pin.vis +++ b/services/registration/create_pin.vis @@ -3,5 +3,7 @@ CATCH account_creation_failed 22 1 MOUT exit 0 HALT LOAD save_pin 0 +RELOAD save_pin +CATCH . 15 1 INCMP quit 0 INCMP confirm_create_pin *