Merge pull request 'logs-at-sessionid' (#245) from logs-at-sessionid into master

Reviewed-on: #245

cmd/africastalking/main.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"os"
 	"os/signal"
 	"path"
@@ -29,7 +30,7 @@ import (
 )
 
 var (
-	logg          = logging.NewVanilla()
+	logg          = logging.NewVanilla().WithDomain("AfricasTalking").WithContextKey("at-session-id")
 	scriptDir     = path.Join("services", "registration")
 	build         = "dev"
 	menuSeparator = ": "
@@ -39,7 +40,43 @@ func init() {
 	initializers.LoadEnvVariables()
 }
 
-type atRequestParser struct{}
+type atRequestParser struct {
+	context context.Context
+}
+
+func parseQueryParams(query string) map[string]string {
+	params := make(map[string]string)
+
+	queryParams := strings.Split(query, "&")
+	for _, param := range queryParams {
+		// Split each key-value pair by '='
+		parts := strings.SplitN(param, "=", 2)
+		if len(parts) == 2 {
+			params[parts[0]] = parts[1]
+		}
+	}
+	return params
+}
+
+func extractATSessionId(decodedStr string) (string, error) {
+	var data map[string]string
+	err := json.Unmarshal([]byte(decodedStr), &data)
+
+	if err != nil {
+		logg.Errorf("Error unmarshalling JSON: %v", err)
+		return "", nil
+	}
+	decodedBody, err := url.QueryUnescape(data["body"])
+	if err != nil {
+		logg.Errorf("Error URL-decoding body: %v", err)
+		return "", nil
+	}
+	params := parseQueryParams(decodedBody)
+
+	sessionId := params["sessionId"]
+	return sessionId, nil
+
+}
 
 func (arp *atRequestParser) GetSessionId(rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
@@ -63,7 +100,12 @@ func (arp *atRequestParser) GetSessionId(rq any) (string, error) {
 	if err != nil {
 		logg.Warnf("failed to marshal request body", "err", err)
 	} else {
-		logg.Debugf("received request", "bytes", logBytes)
+		decodedStr := string(logBytes)
+		sessionId, err := extractATSessionId(decodedStr)
+		if err != nil {
+			context.WithValue(arp.context, "at-session-id", sessionId)
+		}
+		logg.Debugf("Received request:", decodedStr)
 	}
 
 	if err := rqv.ParseForm(); err != nil {
@@ -191,7 +233,9 @@ func main() {
 	}
 	defer stateStore.Close()
 
-	rp := &atRequestParser{}
+	rp := &atRequestParser{
+		context: ctx,
+	}
 	bsh := handlers.NewBaseSessionHandler(cfg, rs, stateStore, userdataStore, rp, hl)
 	sh := httpserver.NewATSessionHandler(bsh)
 

common/pin.go

@@ -0,0 +1,33 @@
+package common
+
+import (
+	"regexp"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Define the regex pattern as a constant
+const (
+	pinPattern = `^\d{4}$`
+)
+
+// checks whether the given input is a 4 digit number
+func IsValidPIN(pin string) bool {
+	match, _ := regexp.MatchString(pinPattern, pin)
+	return match
+}
+
+// HashPIN uses bcrypt with 8 salt rounds to hash the PIN
+func HashPIN(pin string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(pin), 8)
+	if err != nil {
+		return "", err
+	}
+	return string(hash), nil
+}
+
+// VerifyPIN compareS the hashed PIN with the plaintext PIN
+func VerifyPIN(hashedPIN, pin string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(pin))
+	return err == nil
+}

common/pin_test.go

@@ -0,0 +1,173 @@
+package common
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func TestIsValidPIN(t *testing.T) {
+	tests := []struct {
+		name     string
+		pin      string
+		expected bool
+	}{
+		{
+			name:     "Valid PIN with 4 digits",
+			pin:      "1234",
+			expected: true,
+		},
+		{
+			name:     "Valid PIN with leading zeros",
+			pin:      "0001",
+			expected: true,
+		},
+		{
+			name:     "Invalid PIN with less than 4 digits",
+			pin:      "123",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with more than 4 digits",
+			pin:      "12345",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with letters",
+			pin:      "abcd",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with special characters",
+			pin:      "12@#",
+			expected: false,
+		},
+		{
+			name:     "Empty PIN",
+			pin:      "",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := IsValidPIN(tt.pin)
+			if actual != tt.expected {
+				t.Errorf("IsValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
+			}
+		})
+	}
+}
+
+func TestHashPIN(t *testing.T) {
+	tests := []struct {
+		name string
+		pin  string
+	}{
+		{
+			name: "Valid PIN with 4 digits",
+			pin:  "1234",
+		},
+		{
+			name: "Valid PIN with leading zeros",
+			pin:  "0001",
+		},
+		{
+			name: "Empty PIN",
+			pin:  "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			hashedPIN, err := HashPIN(tt.pin)
+			if err != nil {
+				t.Errorf("HashPIN(%q) returned an error: %v", tt.pin, err)
+				return
+			}
+
+			if hashedPIN == "" {
+				t.Errorf("HashPIN(%q) returned an empty hash", tt.pin)
+			}
+
+			// Ensure the hash can be verified with bcrypt
+			err = bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(tt.pin))
+			if tt.pin != "" && err != nil {
+				t.Errorf("HashPIN(%q) produced a hash that does not match: %v", tt.pin, err)
+			}
+		})
+	}
+}
+
+func TestVerifyMigratedHashPin(t *testing.T) {
+	tests := []struct {
+		pin  string
+		hash string
+	}{
+		{
+			pin:  "1234",
+			hash: "$2b$08$dTvIGxCCysJtdvrSnaLStuylPoOS/ZLYYkxvTeR5QmTFY3TSvPQC6",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.pin, func(t *testing.T) {
+			ok := VerifyPIN(tt.hash, tt.pin)
+			if !ok {
+				t.Errorf("VerifyPIN could not verify migrated PIN: %v", tt.pin)
+			}
+		})
+	}
+}
+
+func TestVerifyPIN(t *testing.T) {
+	tests := []struct {
+		name       string
+		pin        string
+		hashedPIN  string
+		shouldPass bool
+	}{
+		{
+			name:       "Valid PIN verification",
+			pin:        "1234",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: true,
+		},
+		{
+			name:       "Invalid PIN verification with incorrect PIN",
+			pin:        "5678",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with empty PIN",
+			pin:        "",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with invalid hash",
+			pin:        "1234",
+			hashedPIN:  "invalidhash",
+			shouldPass: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := VerifyPIN(tt.hashedPIN, tt.pin)
+			if result != tt.shouldPass {
+				t.Errorf("VerifyPIN(%q, %q) = %v; expected %v", tt.hashedPIN, tt.pin, result, tt.shouldPass)
+			}
+		})
+	}
+}
+
+// Helper function to hash a PIN for testing purposes
+func hashPINHelper(pin string) string {
+	hashedPIN, err := HashPIN(pin)
+	if err != nil {
+		panic("Failed to hash PIN for test setup: " + err.Error())
+	}
+	return hashedPIN
+}

debug/db_debug.go

@@ -11,13 +11,9 @@ import (
 func init() {
 	DebugCap |= 1
 	dbTypStr[db.DATATYPE_STATE] = "internal state"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT] = "account"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT_CREATED] = "account created"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_TRACKING_ID] = "tracking id"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_PUBLIC_KEY] = "public key"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_CUSTODIAL_ID] = "custodial id"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT_PIN] = "account pin"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT_STATUS] = "account status"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_FIRST_NAME] = "first name"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_FAMILY_NAME] = "family name"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_YOB] = "year of birth"

devtools/store/main.go

@@ -11,6 +11,7 @@ import (
 	"git.grassecon.net/urdt/ussd/initializers"
 	"git.grassecon.net/urdt/ussd/internal/storage"
 	"git.grassecon.net/urdt/ussd/debug"
+	"git.defalsify.org/vise.git/db"
 	"git.defalsify.org/vise.git/logging"
 )
 
@@ -47,13 +48,14 @@ func main() {
 
 	store, err := menuStorageService.GetUserdataDb(ctx)
 	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error())
+		fmt.Fprintf(os.Stderr, "get userdata db: %v\n", err.Error())
 		os.Exit(1)
 	}
+	store.SetPrefix(db.DATATYPE_USERDATA)
 
 	d, err := store.Dump(ctx, []byte(sessionId))
 	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error())
+		fmt.Fprintf(os.Stderr, "store dump fail: %v\n", err.Error())
 		os.Exit(1)
 	}
 
@@ -67,7 +69,7 @@ func main() {
 			fmt.Fprintf(os.Stderr, err.Error())
 			os.Exit(1)
 		}
-		fmt.Printf("%vValue: %v\n\n", o, v)
+		fmt.Printf("%vValue: %v\n\n", o, string(v))
 	}
 
 	err = store.Close()

go.mod

@@ -3,7 +3,7 @@ module git.grassecon.net/urdt/ussd
 go 1.23.0
 
 require (
-	git.defalsify.org/vise.git v0.2.1-0.20241212145627-683015d4df80
+	git.defalsify.org/vise.git v0.2.3-0.20250103172917-3e190a44568d
 	github.com/alecthomas/assert/v2 v2.2.2
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/grassrootseconomics/eth-custodial v1.3.0-beta
@@ -11,6 +11,7 @@ require (
 	github.com/joho/godotenv v1.5.1
 	github.com/peteole/testdata-loader v0.3.0
 	github.com/stretchr/testify v1.9.0
+	golang.org/x/crypto v0.27.0
 	gopkg.in/leonelquinteros/gotext.v1 v1.3.1
 )
 
@@ -32,7 +33,6 @@ require (
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/text v0.18.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -1,5 +1,5 @@
-git.defalsify.org/vise.git v0.2.1-0.20241212145627-683015d4df80 h1:GYUVXRUtMpA40T4COeAduoay6CIgXjD5cfDYZOTFIKw=
-git.defalsify.org/vise.git v0.2.1-0.20241212145627-683015d4df80/go.mod h1:jyBMe1qTYUz3mmuoC9JQ/TvFeW0vTanCUcPu3H8p4Ck=
+git.defalsify.org/vise.git v0.2.3-0.20250103172917-3e190a44568d h1:bPAOVZOX4frSGhfOdcj7kc555f8dc9DmMd2YAyC2AMw=
+git.defalsify.org/vise.git v0.2.3-0.20250103172917-3e190a44568d/go.mod h1:jyBMe1qTYUz3mmuoC9JQ/TvFeW0vTanCUcPu3H8p4Ck=
 github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
 github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
 github.com/alecthomas/participle/v2 v2.0.0 h1:Fgrq+MbuSsJwIkw3fEj9h75vDP0Er5JzepJ0/HNHv0g=

internal/handlers/handlerservice.go

@@ -116,7 +116,7 @@ func (ls *LocalHandlerService) GetHandler(accountService remote.AccountServiceIn
 	ls.DbRs.AddLocalFunc("set_voucher", ussdHandlers.SetVoucher)
 	ls.DbRs.AddLocalFunc("get_voucher_details", ussdHandlers.GetVoucherDetails)
 	ls.DbRs.AddLocalFunc("reset_valid_pin", ussdHandlers.ResetValidPin)
-	ls.DbRs.AddLocalFunc("check_pin_mismatch", ussdHandlers.CheckPinMisMatch)
+	ls.DbRs.AddLocalFunc("check_pin_mismatch", ussdHandlers.CheckBlockedNumPinMisMatch)
 	ls.DbRs.AddLocalFunc("validate_blocked_number", ussdHandlers.ValidateBlockedNumber)
 	ls.DbRs.AddLocalFunc("retrieve_blocked_number", ussdHandlers.RetrieveBlockedNumber)
 	ls.DbRs.AddLocalFunc("reset_unregistered_number", ussdHandlers.ResetUnregisteredNumber)

internal/handlers/ussd/menuhandler.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"path"
-	"regexp"
 	"strconv"
 	"strings"
 
@@ -29,22 +28,11 @@ import (
 )
 
 var (
-	logg           = logging.NewVanilla().WithDomain("ussdmenuhandler")
+	logg           = logging.NewVanilla().WithDomain("ussdmenuhandler").WithContextKey("session-id")
 	scriptDir      = path.Join("services", "registration")
 	translationDir = path.Join(scriptDir, "locale")
 )
 
-// Define the regex patterns as constants
-const (
-	pinPattern = `^\d{4}$`
-)
-
-// isValidPIN checks whether the given input is a 4 digit number
-func isValidPIN(pin string) bool {
-	match, _ := regexp.MatchString(pinPattern, pin)
-	return match
-}
-
 // FlagManager handles centralized flag management
 type FlagManager struct {
 	parser *asm.FlagParser
@@ -69,18 +57,19 @@ func (fm *FlagManager) GetFlag(label string) (uint32, error) {
 }
 
 type Handlers struct {
-	pe               *persist.Persister
-	st               *state.State
-	ca               cache.Memory
-	userdataStore    common.DataStore
-	adminstore       *utils.AdminStore
-	flagManager      *asm.FlagParser
-	accountService   remote.AccountServiceInterface
-	prefixDb         storage.PrefixDb
-	profile          *models.Profile
+	pe                   *persist.Persister
+	st                   *state.State
+	ca                   cache.Memory
+	userdataStore        common.DataStore
+	adminstore           *utils.AdminStore
+	flagManager          *asm.FlagParser
+	accountService       remote.AccountServiceInterface
+	prefixDb             storage.PrefixDb
+	profile              *models.Profile
 	ReplaceSeparatorFunc func(string) string
 }
 
+// NewHandlers creates a new instance of the Handlers struct with the provided dependencies.
 func NewHandlers(appFlags *asm.FlagParser, userdataStore db.Db, adminstore *utils.AdminStore, accountService remote.AccountServiceInterface, replaceSeparatorFunc func(string) string) (*Handlers, error) {
 	if userdataStore == nil {
 		return nil, fmt.Errorf("cannot create handler with nil userdata store")
@@ -94,17 +83,18 @@ func NewHandlers(appFlags *asm.FlagParser, userdataStore db.Db, adminstore *util
 	prefixDb := storage.NewSubPrefixDb(userdataStore, prefix)
 
 	h := &Handlers{
-		userdataStore:    userDb,
-		flagManager:      appFlags,
-		adminstore:       adminstore,
-		accountService:   accountService,
-		prefixDb:         prefixDb,
-		profile:          &models.Profile{Max: 6},
+		userdataStore:        userDb,
+		flagManager:          appFlags,
+		adminstore:           adminstore,
+		accountService:       accountService,
+		prefixDb:             prefixDb,
+		profile:              &models.Profile{Max: 6},
 		ReplaceSeparatorFunc: replaceSeparatorFunc,
 	}
 	return h, nil
 }
 
+// WithPersister sets persister instance to the handlers.
 func (h *Handlers) WithPersister(pe *persist.Persister) *Handlers {
 	if h.pe != nil {
 		panic("persister already set")
@@ -113,6 +103,7 @@ func (h *Handlers) WithPersister(pe *persist.Persister) *Handlers {
 	return h
 }
 
+// Init initializes the handler for a new session.
 func (h *Handlers) Init(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var r resource.Result
 	if h.pe == nil {
@@ -126,9 +117,17 @@ func (h *Handlers) Init(ctx context.Context, sym string, input []byte) (resource
 	h.st = h.pe.GetState()
 	h.ca = h.pe.GetMemory()
 
-	sessionId, _ := ctx.Value("SessionId").(string)
-	flag_admin_privilege, _ := h.flagManager.GetFlag("flag_admin_privilege")
+	if len(input) == 0 {
+		// move to the top node
+		h.st.Code = []byte{}
+	}
 
+	sessionId, ok := ctx.Value("SessionId").(string)
+	if ok {
+		context.WithValue(ctx, "session-id", sessionId)
+	}
+
+	flag_admin_privilege, _ := h.flagManager.GetFlag("flag_admin_privilege")
 	isAdmin, _ := h.adminstore.IsAdmin(sessionId)
 
 	if isAdmin {
@@ -151,7 +150,7 @@ func (h *Handlers) Exit() {
 	h.pe = nil
 }
 
-// SetLanguage sets the language across the menu
+// SetLanguage sets the language across the menu.
 func (h *Handlers) SetLanguage(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -175,6 +174,7 @@ func (h *Handlers) SetLanguage(ctx context.Context, sym string, input []byte) (r
 	return res, nil
 }
 
+// handles the account creation when no existing account is present for the session and stores associated data in the user data store.
 func (h *Handlers) createAccountNoExist(ctx context.Context, sessionId string, res *resource.Result) error {
 	flag_account_created, _ := h.flagManager.GetFlag("flag_account_created")
 	r, err := h.accountService.CreateAccount(ctx)
@@ -207,9 +207,9 @@ func (h *Handlers) createAccountNoExist(ctx context.Context, sessionId string, r
 	return nil
 }
 
-// CreateAccount checks if any account exists on the JSON data file, and if not
+// CreateAccount checks if any account exists on the JSON data file, and if not,
 // creates an account on the API,
-// sets the default values and flags
+// sets the default values and flags.
 func (h *Handlers) CreateAccount(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -233,19 +233,22 @@ func (h *Handlers) CreateAccount(ctx context.Context, sym string, input []byte)
 	return res, nil
 }
 
-func (h *Handlers) CheckPinMisMatch(ctx context.Context, sym string, input []byte) (resource.Result, error) {
+// CheckBlockedNumPinMisMatch checks if the provided PIN matches a temporary PIN stored for a blocked number.
+func (h *Handlers) CheckBlockedNumPinMisMatch(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	res := resource.Result{}
 	flag_pin_mismatch, _ := h.flagManager.GetFlag("flag_pin_mismatch")
 	sessionId, ok := ctx.Value("SessionId").(string)
 	if !ok {
 		return res, fmt.Errorf("missing session")
 	}
+	// Get blocked number from storage.
 	store := h.userdataStore
 	blockedNumber, err := store.ReadEntry(ctx, sessionId, common.DATA_BLOCKED_NUMBER)
 	if err != nil {
 		logg.ErrorCtxf(ctx, "failed to read blockedNumber entry with", "key", common.DATA_BLOCKED_NUMBER, "error", err)
 		return res, err
 	}
+	// Get temporary PIN for the blocked number.
 	temporaryPin, err := store.ReadEntry(ctx, string(blockedNumber), common.DATA_TEMPORARY_VALUE)
 	if err != nil {
 		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
@@ -259,6 +262,7 @@ func (h *Handlers) CheckPinMisMatch(ctx context.Context, sym string, input []byt
 	return res, nil
 }
 
+// VerifyNewPin checks if a new PIN meets the required format criteria.
 func (h *Handlers) VerifyNewPin(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	res := resource.Result{}
 	_, ok := ctx.Value("SessionId").(string)
@@ -267,8 +271,8 @@ func (h *Handlers) VerifyNewPin(ctx context.Context, sym string, input []byte) (
 	}
 	flag_valid_pin, _ := h.flagManager.GetFlag("flag_valid_pin")
 	pinInput := string(input)
-	// Validate that the PIN is a 4-digit number
-	if isValidPIN(pinInput) {
+	// Validate that the PIN is a 4-digit number.
+	if common.IsValidPIN(pinInput) {
 		res.FlagSet = append(res.FlagSet, flag_valid_pin)
 	} else {
 		res.FlagReset = append(res.FlagReset, flag_valid_pin)
@@ -277,9 +281,9 @@ func (h *Handlers) VerifyNewPin(ctx context.Context, sym string, input []byte) (
 	return res, nil
 }
 
-// SaveTemporaryPin saves the valid PIN input to the DATA_TEMPORARY_VALUE
+// SaveTemporaryPin saves the valid PIN input to the DATA_TEMPORARY_VALUE,
 // during the account creation process
-// and during the change PIN process
+// and during the change PIN process.
 func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -292,8 +296,8 @@ func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byt
 	flag_incorrect_pin, _ := h.flagManager.GetFlag("flag_incorrect_pin")
 	accountPIN := string(input)
 
-	// Validate that the PIN is a 4-digit number
-	if !isValidPIN(accountPIN) {
+	// Validate that the PIN is a 4-digit number.
+	if !common.IsValidPIN(accountPIN) {
 		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
 		return res, nil
 	}
@@ -308,6 +312,7 @@ func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byt
 	return res, nil
 }
 
+// SaveOthersTemporaryPin allows authorized users to set temporary PINs for blocked numbers.
 func (h *Handlers) SaveOthersTemporaryPin(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -318,12 +323,14 @@ func (h *Handlers) SaveOthersTemporaryPin(ctx context.Context, sym string, input
 		return res, fmt.Errorf("missing session")
 	}
 	temporaryPin := string(input)
+	// First, we retrieve the blocked number associated with this session
 	blockedNumber, err := store.ReadEntry(ctx, sessionId, common.DATA_BLOCKED_NUMBER)
 	if err != nil {
 		logg.ErrorCtxf(ctx, "failed to read blockedNumber entry with", "key", common.DATA_BLOCKED_NUMBER, "error", err)
 		return res, err
 	}
 
+	// Then we save the temporary PIN for that blocked number
 	err = store.WriteEntry(ctx, string(blockedNumber), common.DATA_TEMPORARY_VALUE, []byte(temporaryPin))
 	if err != nil {
 		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "value", temporaryPin, "error", err)
@@ -333,6 +340,7 @@ func (h *Handlers) SaveOthersTemporaryPin(ctx context.Context, sym string, input
 	return res, nil
 }
 
+// ConfirmPinChange validates user's new PIN. If input matches the temporary PIN, saves it as the new account PIN.
 func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)
@@ -351,10 +359,20 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 		res.FlagReset = append(res.FlagReset, flag_pin_mismatch)
 	} else {
 		res.FlagSet = append(res.FlagSet, flag_pin_mismatch)
+		return res, nil
 	}
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	// save the hashed PIN as the new account PIN
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "hashedPIN value", hashedPIN, "error", err)
 		return res, err
 	}
 	return res, nil
@@ -362,7 +380,7 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 
 // VerifyCreatePin checks whether the confirmation PIN is similar to the temporary PIN
 // If similar, it sets the USERFLAG_PIN_SET flag and writes the account PIN allowing the user
-// to access the main menu
+// to access the main menu.
 func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -386,18 +404,26 @@ func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte
 		res.FlagSet = append(res.FlagSet, flag_pin_set)
 	} else {
 		res.FlagSet = []uint32{flag_pin_mismatch}
+		return res, nil
 	}
 
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "value", hashedPIN, "error", err)
 		return res, err
 	}
 
 	return res, nil
 }
 
-// codeFromCtx retrieves language codes from the context that can be used for handling translations
+// retrieves language codes from the context that can be used for handling translations.
 func codeFromCtx(ctx context.Context) string {
 	var code string
 	if ctx.Value("Language") != nil {
@@ -704,7 +730,7 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
 		return res, err
 	}
 	if len(input) == 4 {
-		if bytes.Equal(input, AccountPin) {
+		if common.VerifyPIN(string(AccountPin), string(input)) {
 			if h.st.MatchFlag(flag_account_authorized, false) {
 				res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
 				res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
@@ -731,7 +757,7 @@ func (h *Handlers) ResetIncorrectPin(ctx context.Context, sym string, input []by
 	return res, nil
 }
 
-// Setback sets the flag_back_set flag when the navigation is back
+// Setback sets the flag_back_set flag when the navigation is back.
 func (h *Handlers) SetBack(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	//TODO:
@@ -744,7 +770,7 @@ func (h *Handlers) SetBack(ctx context.Context, sym string, input []byte) (resou
 }
 
 // CheckAccountStatus queries the API using the TrackingId and sets flags
-// based on the account status
+// based on the account status.
 func (h *Handlers) CheckAccountStatus(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -784,7 +810,7 @@ func (h *Handlers) CheckAccountStatus(ctx context.Context, sym string, input []b
 	return res, nil
 }
 
-// Quit displays the Thank you message and exits the menu
+// Quit displays the Thank you message and exits the menu.
 func (h *Handlers) Quit(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -799,7 +825,7 @@ func (h *Handlers) Quit(ctx context.Context, sym string, input []byte) (resource
 	return res, nil
 }
 
-// QuitWithHelp displays helpline information then exits the menu
+// QuitWithHelp displays helpline information then exits the menu.
 func (h *Handlers) QuitWithHelp(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -814,7 +840,7 @@ func (h *Handlers) QuitWithHelp(ctx context.Context, sym string, input []byte) (
 	return res, nil
 }
 
-// VerifyYob verifies the length of the given input
+// VerifyYob verifies the length of the given input.
 func (h *Handlers) VerifyYob(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -836,7 +862,7 @@ func (h *Handlers) VerifyYob(ctx context.Context, sym string, input []byte) (res
 	return res, nil
 }
 
-// ResetIncorrectYob resets the incorrect date format flag after a new attempt
+// ResetIncorrectYob resets the incorrect date format flag after a new attempt.
 func (h *Handlers) ResetIncorrectYob(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -846,7 +872,7 @@ func (h *Handlers) ResetIncorrectYob(ctx context.Context, sym string, input []by
 }
 
 // CheckBalance retrieves the balance of the active voucher and sets
-// the balance as the result content
+// the balance as the result content.
 func (h *Handlers) CheckBalance(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -896,9 +922,12 @@ func (h *Handlers) CheckBalance(ctx context.Context, sym string, input []byte) (
 	return res, nil
 }
 
+// FetchCommunityBalance retrieves and displays the balance for community accounts in user's preferred language.
 func (h *Handlers) FetchCommunityBalance(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
+	// retrieve the language code from the context
 	code := codeFromCtx(ctx)
+	// Initialize the localization system with the appropriate translation directory
 	l := gotext.NewLocale(translationDir, code)
 	l.AddDomain("default")
 	//TODO:
@@ -907,6 +936,10 @@ func (h *Handlers) FetchCommunityBalance(ctx context.Context, sym string, input
 	return res, nil
 }
 
+// ResetOthersPin handles the PIN reset process for other users' accounts by:
+// 1. Retrieving the blocked phone number from the session
+// 2. Fetching the temporary PIN associated with that number
+// 3. Updating the account PIN with the temporary PIN
 func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	store := h.userdataStore
@@ -924,7 +957,15 @@ func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte)
 		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
-	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 	if err != nil {
 		return res, nil
 	}
@@ -932,6 +973,8 @@ func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte)
 	return res, nil
 }
 
+// ResetUnregisteredNumber clears the unregistered number flag in the system,
+// indicating that a number's registration status should no longer be marked as unregistered.
 func (h *Handlers) ResetUnregisteredNumber(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	flag_unregistered_number, _ := h.flagManager.GetFlag("flag_unregistered_number")
@@ -939,6 +982,8 @@ func (h *Handlers) ResetUnregisteredNumber(ctx context.Context, sym string, inpu
 	return res, nil
 }
 
+// ValidateBlockedNumber performs validation of phone numbers, specifically for blocked numbers in the system.
+// It checks phone number format and verifies registration status.
 func (h *Handlers) ValidateBlockedNumber(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -1067,7 +1112,7 @@ func (h *Handlers) ValidateRecipient(ctx context.Context, sym string, input []by
 }
 
 // TransactionReset resets the previous transaction data (Recipient and Amount)
-// as well as the invalid flags
+// as well as the invalid flags.
 func (h *Handlers) TransactionReset(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -1120,7 +1165,7 @@ func (h *Handlers) InviteValidRecipient(ctx context.Context, sym string, input [
 	return res, nil
 }
 
-// ResetTransactionAmount resets the transaction amount and invalid flag
+// ResetTransactionAmount resets the transaction amount and invalid flag.
 func (h *Handlers) ResetTransactionAmount(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -1250,7 +1295,7 @@ func (h *Handlers) RetrieveBlockedNumber(ctx context.Context, sym string, input
 	return res, nil
 }
 
-// GetSender returns the sessionId (phoneNumber)
+// GetSender returns the sessionId (phoneNumber).
 func (h *Handlers) GetSender(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -1264,7 +1309,7 @@ func (h *Handlers) GetSender(ctx context.Context, sym string, input []byte) (res
 	return res, nil
 }
 
-// GetAmount retrieves the amount from teh Gdbm Db
+// GetAmount retrieves the amount from teh Gdbm Db.
 func (h *Handlers) GetAmount(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -1288,7 +1333,7 @@ func (h *Handlers) GetAmount(ctx context.Context, sym string, input []byte) (res
 	return res, nil
 }
 
-// InitiateTransaction calls the TokenTransfer and returns a confirmation based on the result
+// InitiateTransaction calls the TokenTransfer and returns a confirmation based on the result.
 func (h *Handlers) InitiateTransaction(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -1338,9 +1383,12 @@ func (h *Handlers) InitiateTransaction(ctx context.Context, sym string, input []
 	return res, nil
 }
 
+// GetCurrentProfileInfo retrieves specific profile fields based on the current state of the USSD session.
+// Uses flag management system to track profile field status and handle menu navigation.
 func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var profileInfo []byte
+	var defaultValue string
 	var err error
 
 	flag_firstname_set, _ := h.flagManager.GetFlag("flag_firstname_set")
@@ -1357,6 +1405,17 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 	if !ok {
 		return res, fmt.Errorf("missing session")
 	}
+	language, ok := ctx.Value("Language").(lang.Language)
+	if !ok {
+		return res, fmt.Errorf("value for 'Language' is not of type lang.Language")
+	}
+	code := language.Code
+	if code == "swa" {
+		defaultValue = "Haipo"
+	} else {
+		defaultValue = "Not Provided"
+	}
+
 	sm, _ := h.st.Where()
 	parts := strings.SplitN(sm, "_", 2)
 	filename := parts[1]
@@ -1373,7 +1432,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_FIRST_NAME)
 		if err != nil {
 			if db.IsNotFound(err) {
-				res.Content = "Not provided"
+				res.Content = defaultValue
 				break
 			}
 			logg.ErrorCtxf(ctx, "Failed to read first name entry with", "key", "error", common.DATA_FIRST_NAME, err)
@@ -1385,7 +1444,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_FAMILY_NAME)
 		if err != nil {
 			if db.IsNotFound(err) {
-				res.Content = "Not provided"
+				res.Content = defaultValue
 				break
 			}
 			logg.ErrorCtxf(ctx, "Failed to read family name entry with", "key", "error", common.DATA_FAMILY_NAME, err)
@@ -1398,7 +1457,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_GENDER)
 		if err != nil {
 			if db.IsNotFound(err) {
-				res.Content = "Not provided"
+				res.Content = defaultValue
 				break
 			}
 			logg.ErrorCtxf(ctx, "Failed to read gender entry with", "key", "error", common.DATA_GENDER, err)
@@ -1410,7 +1469,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_YOB)
 		if err != nil {
 			if db.IsNotFound(err) {
-				res.Content = "Not provided"
+				res.Content = defaultValue
 				break
 			}
 			logg.ErrorCtxf(ctx, "Failed to read year of birth(yob) entry with", "key", "error", common.DATA_YOB, err)
@@ -1422,7 +1481,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_LOCATION)
 		if err != nil {
 			if db.IsNotFound(err) {
-				res.Content = "Not provided"
+				res.Content = defaultValue
 				break
 			}
 			logg.ErrorCtxf(ctx, "Failed to read location entry with", "key", "error", common.DATA_LOCATION, err)
@@ -1434,7 +1493,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_OFFERINGS)
 		if err != nil {
 			if db.IsNotFound(err) {
-				res.Content = "Not provided"
+				res.Content = defaultValue
 				break
 			}
 			logg.ErrorCtxf(ctx, "Failed to read offerings entry with", "key", "error", common.DATA_OFFERINGS, err)
@@ -1449,6 +1508,7 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 	return res, nil
 }
 
+// GetProfileInfo provides a comprehensive view of a user's profile.
 func (h *Handlers) GetProfileInfo(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var defaultValue string
@@ -1517,7 +1577,7 @@ func (h *Handlers) GetProfileInfo(ctx context.Context, sym string, input []byte)
 }
 
 // SetDefaultVoucher retrieves the current vouchers
-// and sets the first as the default voucher, if no active voucher is set
+// and sets the first as the default voucher, if no active voucher is set.
 func (h *Handlers) SetDefaultVoucher(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var err error
@@ -1602,7 +1662,7 @@ func (h *Handlers) SetDefaultVoucher(ctx context.Context, sym string, input []by
 }
 
 // CheckVouchers retrieves the token holdings from the API using the "PublicKey" and stores
-// them to gdbm
+// them to gdbm.
 func (h *Handlers) CheckVouchers(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)
@@ -1674,7 +1734,7 @@ func (h *Handlers) CheckVouchers(ctx context.Context, sym string, input []byte)
 	return res, nil
 }
 
-// GetVoucherList fetches the list of vouchers and formats them
+// GetVoucherList fetches the list of vouchers and formats them.
 func (h *Handlers) GetVoucherList(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -1693,7 +1753,7 @@ func (h *Handlers) GetVoucherList(ctx context.Context, sym string, input []byte)
 }
 
 // ViewVoucher retrieves the token holding and balance from the subprefixDB
-// and displays it to the user for them to select it
+// and displays it to the user for them to select it.
 func (h *Handlers) ViewVoucher(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)
@@ -1734,7 +1794,7 @@ func (h *Handlers) ViewVoucher(ctx context.Context, sym string, input []byte) (r
 	return res, nil
 }
 
-// SetVoucher retrieves the temp voucher data and sets it as the active data
+// SetVoucher retrieves the temp voucher data and sets it as the active data.
 func (h *Handlers) SetVoucher(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 
@@ -1760,7 +1820,7 @@ func (h *Handlers) SetVoucher(ctx context.Context, sym string, input []byte) (re
 	return res, nil
 }
 
-// GetVoucherDetails retrieves the voucher details
+// GetVoucherDetails retrieves the voucher details.
 func (h *Handlers) GetVoucherDetails(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	store := h.userdataStore
@@ -1792,7 +1852,7 @@ func (h *Handlers) GetVoucherDetails(ctx context.Context, sym string, input []by
 	return res, nil
 }
 
-// CheckTransactions retrieves the transactions from the API using the "PublicKey" and stores to prefixDb
+// CheckTransactions retrieves the transactions from the API using the "PublicKey" and stores to prefixDb.
 func (h *Handlers) CheckTransactions(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)
@@ -1850,7 +1910,7 @@ func (h *Handlers) CheckTransactions(ctx context.Context, sym string, input []by
 	return res, nil
 }
 
-// GetTransactionsList reads the list of transactions from the db and formats them
+// GetTransactionsList fetches the list of transactions and formats them.
 func (h *Handlers) GetTransactionsList(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)
@@ -1916,7 +1976,7 @@ func (h *Handlers) GetTransactionsList(ctx context.Context, sym string, input []
 }
 
 // ViewTransactionStatement retrieves the transaction statement
-// and displays it to the user
+// and displays it to the user.
 func (h *Handlers) ViewTransactionStatement(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)
@@ -1964,6 +2024,7 @@ func (h *Handlers) ViewTransactionStatement(ctx context.Context, sym string, inp
 	return res, nil
 }
 
+// handles bulk updates of profile information.
 func (h *Handlers) insertProfileItems(ctx context.Context, sessionId string, res *resource.Result) error {
 	var err error
 	store := h.userdataStore
@@ -1986,21 +2047,22 @@ func (h *Handlers) insertProfileItems(ctx context.Context, sessionId string, res
 	for index, profileItem := range h.profile.ProfileItems {
 		// Ensure the profileItem is not "0"(is set)
 		if profileItem != "0" {
-			err = store.WriteEntry(ctx, sessionId, profileDataKeys[index], []byte(profileItem))
-			if err != nil {
-				logg.ErrorCtxf(ctx, "failed to write profile entry with", "key", profileDataKeys[index], "value", profileItem, "error", err)
-				return err
-			}
-
-			// Get the flag for the current index
 			flag, _ := h.flagManager.GetFlag(profileFlagNames[index])
-			res.FlagSet = append(res.FlagSet, flag)
+			isProfileItemSet := h.st.MatchFlag(flag, true)
+			if !isProfileItemSet {
+				err = store.WriteEntry(ctx, sessionId, profileDataKeys[index], []byte(profileItem))
+				if err != nil {
+					logg.ErrorCtxf(ctx, "failed to write profile entry with", "key", profileDataKeys[index], "value", profileItem, "error", err)
+					return err
+				}
+				res.FlagSet = append(res.FlagSet, flag)
+			}
 		}
 	}
 	return nil
 }
 
-// UpdateAllProfileItems  is used to persist all the  new profile information and setup  the required profile flags
+// UpdateAllProfileItems  is used to persist all the  new profile information and setup  the required profile flags.
 func (h *Handlers) UpdateAllProfileItems(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	sessionId, ok := ctx.Value("SessionId").(string)

internal/handlers/ussd/menuhandler_test.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	"testing"
 
+	"git.defalsify.org/vise.git/cache"
 	"git.defalsify.org/vise.git/lang"
 	"git.defalsify.org/vise.git/persist"
 	"git.defalsify.org/vise.git/resource"
@@ -15,6 +16,7 @@ import (
 	"git.grassecon.net/urdt/ussd/internal/storage"
 	"git.grassecon.net/urdt/ussd/internal/testutil/mocks"
 	"git.grassecon.net/urdt/ussd/internal/testutil/testservice"
+	"git.grassecon.net/urdt/ussd/internal/utils"
 	"git.grassecon.net/urdt/ussd/models"
 
 	"git.grassecon.net/urdt/ussd/common"
@@ -119,6 +121,102 @@ func TestNewHandlers(t *testing.T) {
 	})
 }
 
+func TestInit(t *testing.T) {
+	sessionId := "session123"
+	ctx, store := InitializeTestStore(t)
+	ctx = context.WithValue(ctx, "SessionId", sessionId)
+
+	fm, err := NewFlagManager(flagsPath)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	adminstore, err := utils.NewAdminStore(ctx, "admin_numbers")
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	st := state.NewState(128)
+	ca := cache.NewCache()
+
+	flag_admin_privilege, _ := fm.GetFlag("flag_admin_privilege")
+
+	tests := []struct {
+		name           string
+		setup          func() (*Handlers, context.Context)
+		input          []byte
+		expectedResult resource.Result
+	}{
+		{
+			name: "Handler not ready",
+			setup: func() (*Handlers, context.Context) {
+				return &Handlers{}, ctx
+			},
+			input:          []byte("1"),
+			expectedResult: resource.Result{},
+		},
+		{
+			name: "State and memory initialization",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession(sessionId).WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				return h, context.WithValue(ctx, "SessionId", sessionId)
+			},
+			input: []byte("1"),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+		{
+			name: "Non-admin session initialization",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession("0712345678").WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				return h, context.WithValue(context.Background(), "SessionId", "0712345678")
+			},
+			input: []byte("1"),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+		{
+			name: "Move to top node on empty input",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession(sessionId).WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				st.Code = []byte("some pending bytecode")
+				return h, context.WithValue(ctx, "SessionId", sessionId)
+			},
+			input: []byte(""),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			h, testCtx := tt.setup()
+			res, err := h.Init(testCtx, "", tt.input)
+
+			assert.NoError(t, err, "Unexpected error occurred")
+			assert.Equal(t, res, tt.expectedResult, "Expected result should match actual result")
+		})
+	}
+}
+
 func TestCreateAccount(t *testing.T) {
 	sessionId := "session123"
 	ctx, store := InitializeTestStore(t)
@@ -949,7 +1047,14 @@ func TestAuthorize(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(accountPIN))
+			// Hash the PIN
+			hashedPIN, err := common.HashPIN(accountPIN)
+			if err != nil {
+				logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+				t.Fatal(err)
+			}
+
+			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -1401,59 +1506,6 @@ func TestQuit(t *testing.T) {
 	}
 }
 
-func TestIsValidPIN(t *testing.T) {
-	tests := []struct {
-		name     string
-		pin      string
-		expected bool
-	}{
-		{
-			name:     "Valid PIN with 4 digits",
-			pin:      "1234",
-			expected: true,
-		},
-		{
-			name:     "Valid PIN with leading zeros",
-			pin:      "0001",
-			expected: true,
-		},
-		{
-			name:     "Invalid PIN with less than 4 digits",
-			pin:      "123",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with more than 4 digits",
-			pin:      "12345",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with letters",
-			pin:      "abcd",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with special characters",
-			pin:      "12@#",
-			expected: false,
-		},
-		{
-			name:     "Empty PIN",
-			pin:      "",
-			expected: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			actual := isValidPIN(tt.pin)
-			if actual != tt.expected {
-				t.Errorf("isValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
-			}
-		})
-	}
-}
-
 func TestValidateAmount(t *testing.T) {
 	fm, err := NewFlagManager(flagsPath)
 	if err != nil {
@@ -1700,7 +1752,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Name: %s\nGender: %s\nAge: %s\nLocation: %s\nYou provide: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},
@@ -1712,7 +1764,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Jina: %s\nJinsia: %s\nUmri: %s\nEneo: %s\nUnauza: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},
@@ -1724,7 +1776,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Name: %s\nGender: %s\nAge: %s\nLocation: %s\nYou provide: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},

internal/http/server.go

@@ -17,8 +17,7 @@ var (
 type DefaultRequestParser struct {
 }
 
-
-func(rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
+func (rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return "", handlers.ErrInvalidRequest
@@ -30,7 +29,7 @@ func(rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
 	return v, nil
 }
 
-func(rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
+func (rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return nil, handlers.ErrInvalidRequest
@@ -53,25 +52,24 @@ func ToSessionHandler(h handlers.RequestHandler) *SessionHandler {
 	}
 }
 
-func(f *SessionHandler) writeError(w http.ResponseWriter, code int, err error) {
+func (f *SessionHandler) writeError(w http.ResponseWriter, code int, err error) {
 	s := err.Error()
 	w.Header().Set("Content-Length", strconv.Itoa(len(s)))
 	w.WriteHeader(code)
-	_, err = w.Write([]byte{})
+	_, err = w.Write([]byte(s))
 	if err != nil {
 		logg.Errorf("error writing error!!", "err", err, "olderr", s)
 		w.WriteHeader(500)
 	}
-	return 
 }
 
-func(f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+func (f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	var code int
 	var err error
 	var perr error
 
 	rqs := handlers.RequestSession{
-		Ctx: req.Context(),
+		Ctx:    req.Context(),
 		Writer: w,
 	}
 

internal/utils/isocode.go

@@ -1,9 +1,9 @@
 package utils
 
 var isoCodes = map[string]bool{
-	"eng": true, // English
-	"swa": true, // Swahili
-
+	"eng":     true, // English
+	"swa":     true, // Swahili
+	"default": true, // Default language: English
 }
 
 func IsValidISO639(code string) bool {

menutraversal_test/group_test.json

@@ -62,10 +62,10 @@
                 },
                 {
                     "input": "1234",
-                    "expectedContent": "Select language:\n0:English\n1:Kiswahili"
+                    "expectedContent": "Select language:\n1:English\n2:Kiswahili"
                 },
                 {
-                    "input": "0",
+                    "input": "1",
                     "expectedContent": "Your language change request was successful.\n0:Back\n9:Quit"
                 },
                 {
@@ -430,7 +430,7 @@
                 },
                 {
                     "input": "1234",
-                    "expectedContent": "My profile:\nName: foo bar\nGender: male\nAge: 84\nLocation: Kilifi\nYou provide: Bananas\n\n0:Back"
+                    "expectedContent": "My profile:\nName: foo bar\nGender: male\nAge: 80\nLocation: Kilifi\nYou provide: Bananas\n\n0:Back\n9:Quit"
                 },
                 {
                     "input": "0",

menutraversal_test/menu_traversal_test.go

@@ -298,9 +298,10 @@ func TestMainMenuSend(t *testing.T) {
 	ctx := context.Background()
 	sessions := testData
 	for _, session := range sessions {
-		groups := driver.FilterGroupsByName(session.Groups, "send_with_invalid_inputs")
+		groups := driver.FilterGroupsByName(session.Groups, "send_with_invite")
 		for _, group := range groups {
-			for _, step := range group.Steps {
+			for index, step := range group.Steps {
+				t.Logf("step %v with input %v", index, step.Input)
 				cont, err := en.Exec(ctx, []byte(step.Input))
 				if err != nil {
 					t.Fatalf("Test case '%s' failed at input '%s': %v", group.Name, step.Input, err)

menutraversal_test/test_setup.json

@@ -7,14 +7,14 @@
                 "steps": [
                     {
                         "input": "",
-                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n0:English\n1:Kiswahili"
+                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n1:English\n2:Kiswahili"
                     },
                     {
-                        "input": "0",
-                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n0:Yes\n1:No"
+                        "input": "1",
+                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n1:Yes\n2:No"
                     },
                     {
-                        "input": "0",
+                        "input": "1",
                         "expectedContent": "Please enter a new four number PIN for your account:\n0:Exit"
                     },
                     {
@@ -40,14 +40,14 @@
                 "steps": [
                     {
                         "input": "",
-                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n0:English\n1:Kiswahili"
-                    },
-                    {
-                        "input": "0",
-                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n0:Yes\n1:No"
+                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n1:English\n2:Kiswahili"
                     },
                     {
                         "input": "1",
+                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n1:Yes\n2:No"
+                    },
+                    {
+                        "input": "2",
                         "expectedContent": "Thank you for using Sarafu. Goodbye!"
                     }
                 ]
@@ -64,8 +64,8 @@
                         "expectedContent": "Enter recipient's phone number/address/alias:\n0:Back"
                     },
                     {
-                        "input": "000",
-                        "expectedContent": "000 is invalid, please try again:\n1:Retry\n9:Quit"
+                        "input": "0@0",
+                        "expectedContent": "0@0 is invalid, please try again:\n1:Retry\n9:Quit"
                     },
                     {
                         "input": "1",

services/registration/balances.vis

@@ -7,3 +7,4 @@ HALT
 INCMP _ 0
 INCMP my_balance 1
 INCMP community_balance 2
+INCMP . * 

services/registration/change_language.vis

@@ -2,9 +2,9 @@ LOAD reset_account_authorized 0
 LOAD reset_incorrect 0
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH pin_entry flag_account_authorized 0
-MOUT english 0
-MOUT kiswahili 1
+MOUT english 1
+MOUT kiswahili 2
 HALT
-INCMP set_default 0
-INCMP set_swa 1
+INCMP set_eng 1
+INCMP set_swa 2
 INCMP . *

services/registration/community_balance.vis

@@ -9,3 +9,4 @@ MOUT quit 9
 HALT
 INCMP _ 0
 INCMP quit 9
+INCMP . * 

services/registration/edit_first_name_swa

@@ -1,2 +1,2 @@
-Jina la kwanza la sasa {{.get_current_profile_info}}
+Jina la kwanza la sasa: {{.get_current_profile_info}}
 Weka majina yako ya kwanza:

services/registration/edit_location_swa

@@ -1,2 +1,2 @@
-Eneo la sasa {{.get_current_profile_info}}
+Eneo la sasa: {{.get_current_profile_info}}
 Weka eneo:

services/registration/edit_offerings.vis

@@ -10,5 +10,4 @@ CATCH _ flag_back_set 1
 RELOAD save_offerings
 INCMP _ 0
 CATCH pin_entry flag_offerings_set 1
-CATCH pin_entry flag_offerings_set 0
 INCMP update_profile_items *

services/registration/edit_profile.vis

@@ -20,3 +20,4 @@ INCMP edit_yob 4
 INCMP edit_location 5
 INCMP edit_offerings 6
 INCMP view_profile 7
+INCMP . * 

services/registration/edit_yob_swa

@@ -1,2 +1,2 @@
-Mwaka wa sasa wa kuzaliwa {{.get_current_profile_info}}
+Mwaka wa sasa wa kuzaliwa: {{.get_current_profile_info}}
 Weka mwaka wa kuzaliwa

services/registration/my_account.vis

@@ -14,3 +14,4 @@ INCMP balances 3
 INCMP check_statement 4
 INCMP pin_management 5
 INCMP address 6
+INCMP . *

services/registration/my_balance.vis

@@ -9,3 +9,4 @@ MOUT quit 9
 HALT
 INCMP _ 0
 INCMP quit 9
+INCMP . * 

services/registration/select_gender.vis

@@ -11,3 +11,4 @@ INCMP _ 0
 INCMP set_male 1
 INCMP set_female 2
 INCMP set_unspecified 3
+INCMP . *

services/registration/select_gender_swa

@@ -1,2 +1,2 @@
-Jinsia ya sasa {{.get_current_profile_info}}
+Jinsia ya sasa: {{.get_current_profile_info}}
 Chagua jinsia

services/registration/select_language.vis

@@ -1,6 +1,6 @@
-MOUT english 0
-MOUT kiswahili 1
+MOUT english 1
+MOUT kiswahili 2
 HALT
-INCMP set_eng 0
-INCMP set_swa 1
+INCMP set_eng 1
+INCMP set_swa 2
 INCMP . *

services/registration/set_default.vis

@@ -0,0 +1,4 @@
+LOAD set_language 6
+RELOAD set_language
+CATCH terms flag_account_created 0
+MOVE language_changed

services/registration/terms.vis

@@ -1,5 +1,5 @@
-MOUT yes 0
-MOUT no 1
+MOUT yes 1
+MOUT no 2
 HALT
-INCMP create_pin 0
+INCMP create_pin 1
 INCMP quit *

services/registration/view_profile.vis

@@ -4,5 +4,8 @@ LOAD reset_incorrect 6
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH pin_entry flag_account_authorized 0
 MOUT back 0
+MOUT quit 9
 HALT
 INCMP _ 0
+INCMP quit 9
+INCMP . *