Validate that the PIN is 4 digits

This commit is contained in:
Alfred Kamanda 2024-08-28 00:17:45 +03:00
parent 37ebc411b5
commit b48760760b
Signed by untrusted user: Alfred-mk
GPG Key ID: 7EA3D01708908703
2 changed files with 14 additions and 0 deletions

View File

@ -107,6 +107,13 @@ func (h *Handlers) SavePin(ctx context.Context, sym string, input []byte) (resou
return res, err return res, err
} }
// Validate that the PIN is a 4-digit number
if !isValidPIN(accountPIN) {
res.FlagSet = append(res.FlagSet, models.USERFLAG_INCORRECTPIN)
return res, nil
}
res.FlagReset = append(res.FlagReset, models.USERFLAG_INCORRECTPIN)
accountData["AccountPIN"] = accountPIN accountData["AccountPIN"] = accountPIN
err = h.accountFileHandler.WriteAccountData(accountData) err = h.accountFileHandler.WriteAccountData(accountData)
@ -136,6 +143,11 @@ func (h *Handlers) VerifyPin(ctx context.Context, sym string, input []byte) (res
return res, nil return res, nil
} }
func isValidPIN(pin string) bool {
match, _ := regexp.MatchString(`^\d{4}$`, pin)
return match
}
func codeFromCtx(ctx context.Context) string { func codeFromCtx(ctx context.Context) string {
var code string var code string
engine.Logg.DebugCtxf(ctx, "in msg", "ctx", ctx, "val", code) engine.Logg.DebugCtxf(ctx, "in msg", "ctx", ctx, "val", code)

View File

@ -3,5 +3,7 @@ CATCH account_creation_failed 22 1
MOUT exit 0 MOUT exit 0
HALT HALT
LOAD save_pin 0 LOAD save_pin 0
RELOAD save_pin
CATCH . 15 1
INCMP quit 0 INCMP quit 0
INCMP confirm_create_pin * INCMP confirm_create_pin *