Add language source and template file generator

Reviewed-on: #242

common/pin.go

@@ -0,0 +1,33 @@
+package common
+
+import (
+	"regexp"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Define the regex pattern as a constant
+const (
+	pinPattern = `^\d{4}$`
+)
+
+// checks whether the given input is a 4 digit number
+func IsValidPIN(pin string) bool {
+	match, _ := regexp.MatchString(pinPattern, pin)
+	return match
+}
+
+// HashPIN uses bcrypt with 8 salt rounds to hash the PIN
+func HashPIN(pin string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(pin), 8)
+	if err != nil {
+		return "", err
+	}
+	return string(hash), nil
+}
+
+// VerifyPIN compareS the hashed PIN with the plaintext PIN
+func VerifyPIN(hashedPIN, pin string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(pin))
+	return err == nil
+}

common/pin_test.go

@@ -0,0 +1,173 @@
+package common
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func TestIsValidPIN(t *testing.T) {
+	tests := []struct {
+		name     string
+		pin      string
+		expected bool
+	}{
+		{
+			name:     "Valid PIN with 4 digits",
+			pin:      "1234",
+			expected: true,
+		},
+		{
+			name:     "Valid PIN with leading zeros",
+			pin:      "0001",
+			expected: true,
+		},
+		{
+			name:     "Invalid PIN with less than 4 digits",
+			pin:      "123",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with more than 4 digits",
+			pin:      "12345",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with letters",
+			pin:      "abcd",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with special characters",
+			pin:      "12@#",
+			expected: false,
+		},
+		{
+			name:     "Empty PIN",
+			pin:      "",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := IsValidPIN(tt.pin)
+			if actual != tt.expected {
+				t.Errorf("IsValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
+			}
+		})
+	}
+}
+
+func TestHashPIN(t *testing.T) {
+	tests := []struct {
+		name string
+		pin  string
+	}{
+		{
+			name: "Valid PIN with 4 digits",
+			pin:  "1234",
+		},
+		{
+			name: "Valid PIN with leading zeros",
+			pin:  "0001",
+		},
+		{
+			name: "Empty PIN",
+			pin:  "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			hashedPIN, err := HashPIN(tt.pin)
+			if err != nil {
+				t.Errorf("HashPIN(%q) returned an error: %v", tt.pin, err)
+				return
+			}
+
+			if hashedPIN == "" {
+				t.Errorf("HashPIN(%q) returned an empty hash", tt.pin)
+			}
+
+			// Ensure the hash can be verified with bcrypt
+			err = bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(tt.pin))
+			if tt.pin != "" && err != nil {
+				t.Errorf("HashPIN(%q) produced a hash that does not match: %v", tt.pin, err)
+			}
+		})
+	}
+}
+
+func TestVerifyMigratedHashPin(t *testing.T) {
+	tests := []struct {
+		pin  string
+		hash string
+	}{
+		{
+			pin:  "1234",
+			hash: "$2b$08$dTvIGxCCysJtdvrSnaLStuylPoOS/ZLYYkxvTeR5QmTFY3TSvPQC6",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.pin, func(t *testing.T) {
+			ok := VerifyPIN(tt.hash, tt.pin)
+			if !ok {
+				t.Errorf("VerifyPIN could not verify migrated PIN: %v", tt.pin)
+			}
+		})
+	}
+}
+
+func TestVerifyPIN(t *testing.T) {
+	tests := []struct {
+		name       string
+		pin        string
+		hashedPIN  string
+		shouldPass bool
+	}{
+		{
+			name:       "Valid PIN verification",
+			pin:        "1234",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: true,
+		},
+		{
+			name:       "Invalid PIN verification with incorrect PIN",
+			pin:        "5678",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with empty PIN",
+			pin:        "",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with invalid hash",
+			pin:        "1234",
+			hashedPIN:  "invalidhash",
+			shouldPass: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := VerifyPIN(tt.hashedPIN, tt.pin)
+			if result != tt.shouldPass {
+				t.Errorf("VerifyPIN(%q, %q) = %v; expected %v", tt.hashedPIN, tt.pin, result, tt.shouldPass)
+			}
+		})
+	}
+}
+
+// Helper function to hash a PIN for testing purposes
+func hashPINHelper(pin string) string {
+	hashedPIN, err := HashPIN(pin)
+	if err != nil {
+		panic("Failed to hash PIN for test setup: " + err.Error())
+	}
+	return hashedPIN
+}

config/config.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"net/url"
+	"strings"
 
 	"git.grassecon.net/urdt/ussd/initializers"
 )
@@ -20,6 +21,7 @@ const (
 
 var (
 	defaultLanguage		   = "eng"
+	languages []string
 )
 
 var (
@@ -39,8 +41,27 @@ var (
 	VoucherDataURL      string
 	CheckAliasURL       string
 	DefaultLanguage	    string
+	Languages	[]string
 )
 
+func setLanguage() error {
+	defaultLanguage = initializers.GetEnv("DEFAULT_LANGUAGE", defaultLanguage)
+	languages = strings.Split(initializers.GetEnv("LANGUAGES", defaultLanguage), ",")
+	haveDefaultLanguage := false
+	for i, v := range(languages) {
+		languages[i] = strings.ReplaceAll(v, " ", "")
+		if languages[i] == defaultLanguage {
+			haveDefaultLanguage = true
+		}
+	}
+
+	if !haveDefaultLanguage {
+		languages = append([]string{defaultLanguage}, languages...)
+	}
+
+	return nil
+}
+
 func setBase() error {
 	var err error
 
@@ -56,8 +77,6 @@ func setBase() error {
 	if err != nil {
 		return err
 	}
-	
-	defaultLanguage = initializers.GetEnv("DEFAULT_LANGUAGE", defaultLanguage)
 	return nil
 }
 
@@ -67,6 +86,10 @@ func LoadConfig() error {
 	if err != nil {
 		return err
 	}
+	err = setLanguage()
+	if err != nil {
+		return err
+	}
 	CreateAccountURL, _ = url.JoinPath(custodialURLBase, createAccountPath)
 	TrackStatusURL, _ = url.JoinPath(custodialURLBase, trackStatusPath)
 	BalanceURL, _ = url.JoinPath(custodialURLBase, balancePathPrefix)
@@ -77,6 +100,7 @@ func LoadConfig() error {
 	VoucherDataURL, _ = url.JoinPath(dataURLBase, voucherDataPathPrefix)
 	CheckAliasURL, _ = url.JoinPath(dataURLBase, AliasPrefix)
 	DefaultLanguage = defaultLanguage
+	Languages = languages
 
 	return nil
 }

devtools/lang/main.go

@@ -0,0 +1,126 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path"
+	"strings"
+
+	"git.defalsify.org/vise.git/logging"
+	"git.defalsify.org/vise.git/lang"
+	"git.grassecon.net/urdt/ussd/config"
+	"git.grassecon.net/urdt/ussd/initializers"
+)
+
+const (
+	
+	changeHeadSrc = `LOAD reset_account_authorized 0
+LOAD reset_incorrect 0
+CATCH incorrect_pin flag_incorrect_pin 1
+CATCH pin_entry flag_account_authorized 0
+` 
+
+	selectSrc = `LOAD set_language 6
+RELOAD set_language
+CATCH terms flag_account_created 0
+MOVE language_changed
+`
+)
+
+var (
+	logg = logging.NewVanilla()
+	mouts string
+	incmps string
+)
+
+func init() {
+	initializers.LoadEnvVariables()
+}
+
+func toLanguageLabel(ln lang.Language) string {
+	s := ln.Name
+	v := strings.Split(s, " (")
+	if len(v) > 1 {
+		s = v[0]
+	}
+	return s
+}
+
+func toLanguageKey(ln lang.Language) string {
+	s := toLanguageLabel(ln)
+	return strings.ToLower(s)
+}
+
+func main() {
+	var srcDir string
+
+	flag.StringVar(&srcDir, "o", ".", "resource dir write to")
+	flag.Parse()
+
+	logg.Infof("start command", "dir", srcDir)
+
+	err := config.LoadConfig()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "config load error: %v", err)
+		os.Exit(1)
+	}
+	logg.Tracef("using languages", "lang", config.Languages)
+
+	for i, v := range(config.Languages) {
+		ln, err := lang.LanguageFromCode(v)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "error parsing language: %s", v)
+			os.Exit(1)
+		}
+		n := i + 1
+		s := toLanguageKey(ln)
+		mouts += fmt.Sprintf("MOUT %s %v\n", s, n)
+		//incmp += fmt.Sprintf("INCMP set_%s %u\n", 
+		v = "set_" + ln.Code
+		incmps += fmt.Sprintf("INCMP %s %v\n", v, n)
+
+		p := path.Join(srcDir, v)
+		w, err := os.OpenFile(p, os.O_WRONLY | os.O_CREATE | os.O_TRUNC, 0600)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed open language set template output: %v", err)
+			os.Exit(1)
+		}
+		s = toLanguageLabel(ln)
+		defer w.Close()
+		_, err = w.Write([]byte(s))
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed write select language vis output: %v", err)
+			os.Exit(1)
+		}
+	}
+	src := mouts + "HALT\n" + incmps
+	src += "INCMP . *\n"
+
+	p := path.Join(srcDir, "select_language.vis")
+	w, err := os.OpenFile(p, os.O_WRONLY | os.O_CREATE | os.O_TRUNC, 0600)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed open select language vis output: %v", err)
+		os.Exit(1)
+	}
+	defer w.Close()
+	_, err = w.Write([]byte(src))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed write select language vis output: %v", err)
+		os.Exit(1)
+	}
+
+	src = changeHeadSrc + src
+	p = path.Join(srcDir, "change_language.vis")
+	w, err = os.OpenFile(p, os.O_WRONLY | os.O_CREATE | os.O_TRUNC, 0600)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed open select language vis output: %v", err)
+		os.Exit(1)
+	}
+	defer w.Close()
+	_, err = w.Write([]byte(src))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed write select language vis output: %v", err)
+		os.Exit(1)
+	}
+}

internal/handlers/ussd/menuhandler.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"path"
-	"regexp"
 	"strconv"
 	"strings"
 
@@ -34,17 +33,6 @@ var (
 	translationDir = path.Join(scriptDir, "locale")
 )
 
-// Define the regex patterns as constants
-const (
-	pinPattern = `^\d{4}$`
-)
-
-// checks whether the given input is a 4 digit number
-func isValidPIN(pin string) bool {
-	match, _ := regexp.MatchString(pinPattern, pin)
-	return match
-}
-
 // FlagManager handles centralized flag management
 type FlagManager struct {
 	parser *asm.FlagParser
@@ -281,7 +269,7 @@ func (h *Handlers) VerifyNewPin(ctx context.Context, sym string, input []byte) (
 	flag_valid_pin, _ := h.flagManager.GetFlag("flag_valid_pin")
 	pinInput := string(input)
 	// Validate that the PIN is a 4-digit number.
-	if isValidPIN(pinInput) {
+	if common.IsValidPIN(pinInput) {
 		res.FlagSet = append(res.FlagSet, flag_valid_pin)
 	} else {
 		res.FlagReset = append(res.FlagReset, flag_valid_pin)
@@ -306,7 +294,7 @@ func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byt
 	accountPIN := string(input)
 
 	// Validate that the PIN is a 4-digit number.
-	if !isValidPIN(accountPIN) {
+	if !common.IsValidPIN(accountPIN) {
 		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
 		return res, nil
 	}
@@ -368,11 +356,20 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 		res.FlagReset = append(res.FlagReset, flag_pin_mismatch)
 	} else {
 		res.FlagSet = append(res.FlagSet, flag_pin_mismatch)
+		return res, nil
 	}
-	// If matched, save the confirmed PIN as the new account PIN
+
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	// save the hashed PIN as the new account PIN
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "hashedPIN value", hashedPIN, "error", err)
 		return res, err
 	}
 	return res, nil
@@ -404,11 +401,19 @@ func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte
 		res.FlagSet = append(res.FlagSet, flag_pin_set)
 	} else {
 		res.FlagSet = []uint32{flag_pin_mismatch}
+		return res, nil
 	}
 
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "value", hashedPIN, "error", err)
 		return res, err
 	}
 
@@ -722,7 +727,7 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
 		return res, err
 	}
 	if len(input) == 4 {
-		if bytes.Equal(input, AccountPin) {
+		if common.VerifyPIN(string(AccountPin), string(input)) {
 			if h.st.MatchFlag(flag_account_authorized, false) {
 				res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
 				res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
@@ -949,7 +954,15 @@ func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte)
 		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
-	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 	if err != nil {
 		return res, nil
 	}
@@ -1400,7 +1413,6 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		defaultValue = "Not Provided"
 	}
 
-
 	sm, _ := h.st.Where()
 	parts := strings.SplitN(sm, "_", 2)
 	filename := parts[1]

internal/handlers/ussd/menuhandler_test.go

@@ -1047,7 +1047,14 @@ func TestAuthorize(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(accountPIN))
+			// Hash the PIN
+			hashedPIN, err := common.HashPIN(accountPIN)
+			if err != nil {
+				logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+				t.Fatal(err)
+			}
+
+			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -1499,59 +1506,6 @@ func TestQuit(t *testing.T) {
 	}
 }
 
-func TestIsValidPIN(t *testing.T) {
-	tests := []struct {
-		name     string
-		pin      string
-		expected bool
-	}{
-		{
-			name:     "Valid PIN with 4 digits",
-			pin:      "1234",
-			expected: true,
-		},
-		{
-			name:     "Valid PIN with leading zeros",
-			pin:      "0001",
-			expected: true,
-		},
-		{
-			name:     "Invalid PIN with less than 4 digits",
-			pin:      "123",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with more than 4 digits",
-			pin:      "12345",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with letters",
-			pin:      "abcd",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with special characters",
-			pin:      "12@#",
-			expected: false,
-		},
-		{
-			name:     "Empty PIN",
-			pin:      "",
-			expected: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			actual := isValidPIN(tt.pin)
-			if actual != tt.expected {
-				t.Errorf("isValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
-			}
-		})
-	}
-}
-
 func TestValidateAmount(t *testing.T) {
 	fm, err := NewFlagManager(flagsPath)
 	if err != nil {

internal/utils/isocode.go

@@ -3,7 +3,7 @@ package utils
 var isoCodes = map[string]bool{
 	"eng":     true, // English
 	"swa":     true, // Swahili
-
+	"default": true, // Default language: English
 }
 
 func IsValidISO639(code string) bool {

services/registration/change_language.vis

@@ -5,6 +5,6 @@ CATCH pin_entry flag_account_authorized 0
 MOUT english 1
 MOUT kiswahili 2
 HALT
-INCMP set_default 1
+INCMP set_eng 1
 INCMP set_swa 2
 INCMP . *

services/registration/set_default.vis

@@ -0,0 +1,4 @@
+LOAD set_language 6
+RELOAD set_language
+CATCH terms flag_account_created 0
+MOVE language_changed