Merge pull request 'logs-at-sessionid' (#245) from logs-at-sessionid into master

Reviewed-on: #245

cmd/africastalking/main.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"os"
 	"os/signal"
 	"path"
@@ -29,7 +30,7 @@ import (
 )
 
 var (
-	logg          = logging.NewVanilla()
+	logg          = logging.NewVanilla().WithDomain("AfricasTalking").WithContextKey("at-session-id")
 	scriptDir     = path.Join("services", "registration")
 	build         = "dev"
 	menuSeparator = ": "
@@ -39,7 +40,43 @@ func init() {
 	initializers.LoadEnvVariables()
 }
 
-type atRequestParser struct{}
+type atRequestParser struct {
+	context context.Context
+}
+
+func parseQueryParams(query string) map[string]string {
+	params := make(map[string]string)
+
+	queryParams := strings.Split(query, "&")
+	for _, param := range queryParams {
+		// Split each key-value pair by '='
+		parts := strings.SplitN(param, "=", 2)
+		if len(parts) == 2 {
+			params[parts[0]] = parts[1]
+		}
+	}
+	return params
+}
+
+func extractATSessionId(decodedStr string) (string, error) {
+	var data map[string]string
+	err := json.Unmarshal([]byte(decodedStr), &data)
+
+	if err != nil {
+		logg.Errorf("Error unmarshalling JSON: %v", err)
+		return "", nil
+	}
+	decodedBody, err := url.QueryUnescape(data["body"])
+	if err != nil {
+		logg.Errorf("Error URL-decoding body: %v", err)
+		return "", nil
+	}
+	params := parseQueryParams(decodedBody)
+
+	sessionId := params["sessionId"]
+	return sessionId, nil
+
+}
 
 func (arp *atRequestParser) GetSessionId(rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
@@ -63,7 +100,12 @@ func (arp *atRequestParser) GetSessionId(rq any) (string, error) {
 	if err != nil {
 		logg.Warnf("failed to marshal request body", "err", err)
 	} else {
-		logg.Debugf("received request", "bytes", logBytes)
+		decodedStr := string(logBytes)
+		sessionId, err := extractATSessionId(decodedStr)
+		if err != nil {
+			context.WithValue(arp.context, "at-session-id", sessionId)
+		}
+		logg.Debugf("Received request:", decodedStr)
 	}
 
 	if err := rqv.ParseForm(); err != nil {
@@ -191,7 +233,9 @@ func main() {
 	}
 	defer stateStore.Close()
 
-	rp := &atRequestParser{}
+	rp := &atRequestParser{
+		context: ctx,
+	}
 	bsh := handlers.NewBaseSessionHandler(cfg, rs, stateStore, userdataStore, rp, hl)
 	sh := httpserver.NewATSessionHandler(bsh)
 

common/pin.go

@@ -0,0 +1,33 @@
+package common
+
+import (
+	"regexp"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Define the regex pattern as a constant
+const (
+	pinPattern = `^\d{4}$`
+)
+
+// checks whether the given input is a 4 digit number
+func IsValidPIN(pin string) bool {
+	match, _ := regexp.MatchString(pinPattern, pin)
+	return match
+}
+
+// HashPIN uses bcrypt with 8 salt rounds to hash the PIN
+func HashPIN(pin string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(pin), 8)
+	if err != nil {
+		return "", err
+	}
+	return string(hash), nil
+}
+
+// VerifyPIN compareS the hashed PIN with the plaintext PIN
+func VerifyPIN(hashedPIN, pin string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(pin))
+	return err == nil
+}

common/pin_test.go

@@ -0,0 +1,173 @@
+package common
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func TestIsValidPIN(t *testing.T) {
+	tests := []struct {
+		name     string
+		pin      string
+		expected bool
+	}{
+		{
+			name:     "Valid PIN with 4 digits",
+			pin:      "1234",
+			expected: true,
+		},
+		{
+			name:     "Valid PIN with leading zeros",
+			pin:      "0001",
+			expected: true,
+		},
+		{
+			name:     "Invalid PIN with less than 4 digits",
+			pin:      "123",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with more than 4 digits",
+			pin:      "12345",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with letters",
+			pin:      "abcd",
+			expected: false,
+		},
+		{
+			name:     "Invalid PIN with special characters",
+			pin:      "12@#",
+			expected: false,
+		},
+		{
+			name:     "Empty PIN",
+			pin:      "",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := IsValidPIN(tt.pin)
+			if actual != tt.expected {
+				t.Errorf("IsValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
+			}
+		})
+	}
+}
+
+func TestHashPIN(t *testing.T) {
+	tests := []struct {
+		name string
+		pin  string
+	}{
+		{
+			name: "Valid PIN with 4 digits",
+			pin:  "1234",
+		},
+		{
+			name: "Valid PIN with leading zeros",
+			pin:  "0001",
+		},
+		{
+			name: "Empty PIN",
+			pin:  "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			hashedPIN, err := HashPIN(tt.pin)
+			if err != nil {
+				t.Errorf("HashPIN(%q) returned an error: %v", tt.pin, err)
+				return
+			}
+
+			if hashedPIN == "" {
+				t.Errorf("HashPIN(%q) returned an empty hash", tt.pin)
+			}
+
+			// Ensure the hash can be verified with bcrypt
+			err = bcrypt.CompareHashAndPassword([]byte(hashedPIN), []byte(tt.pin))
+			if tt.pin != "" && err != nil {
+				t.Errorf("HashPIN(%q) produced a hash that does not match: %v", tt.pin, err)
+			}
+		})
+	}
+}
+
+func TestVerifyMigratedHashPin(t *testing.T) {
+	tests := []struct {
+		pin  string
+		hash string
+	}{
+		{
+			pin:  "1234",
+			hash: "$2b$08$dTvIGxCCysJtdvrSnaLStuylPoOS/ZLYYkxvTeR5QmTFY3TSvPQC6",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.pin, func(t *testing.T) {
+			ok := VerifyPIN(tt.hash, tt.pin)
+			if !ok {
+				t.Errorf("VerifyPIN could not verify migrated PIN: %v", tt.pin)
+			}
+		})
+	}
+}
+
+func TestVerifyPIN(t *testing.T) {
+	tests := []struct {
+		name       string
+		pin        string
+		hashedPIN  string
+		shouldPass bool
+	}{
+		{
+			name:       "Valid PIN verification",
+			pin:        "1234",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: true,
+		},
+		{
+			name:       "Invalid PIN verification with incorrect PIN",
+			pin:        "5678",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with empty PIN",
+			pin:        "",
+			hashedPIN:  hashPINHelper("1234"),
+			shouldPass: false,
+		},
+		{
+			name:       "Invalid PIN verification with invalid hash",
+			pin:        "1234",
+			hashedPIN:  "invalidhash",
+			shouldPass: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := VerifyPIN(tt.hashedPIN, tt.pin)
+			if result != tt.shouldPass {
+				t.Errorf("VerifyPIN(%q, %q) = %v; expected %v", tt.hashedPIN, tt.pin, result, tt.shouldPass)
+			}
+		})
+	}
+}
+
+// Helper function to hash a PIN for testing purposes
+func hashPINHelper(pin string) string {
+	hashedPIN, err := HashPIN(pin)
+	if err != nil {
+		panic("Failed to hash PIN for test setup: " + err.Error())
+	}
+	return hashedPIN
+}

debug/db_debug.go

@@ -11,13 +11,9 @@ import (
 func init() {
 	DebugCap |= 1
 	dbTypStr[db.DATATYPE_STATE] = "internal state"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT] = "account"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT_CREATED] = "account created"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_TRACKING_ID] = "tracking id"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_PUBLIC_KEY] = "public key"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_CUSTODIAL_ID] = "custodial id"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT_PIN] = "account pin"
-	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_ACCOUNT_STATUS] = "account status"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_FIRST_NAME] = "first name"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_FAMILY_NAME] = "family name"
 	dbTypStr[db.DATATYPE_USERDATA + 1 + common.DATA_YOB] = "year of birth"

devtools/restart_state/main.go

@@ -1,76 +0,0 @@
-package main
-
-import (
-	"context"
-	"flag"
-	"fmt"
-	"os"
-	"path"
-
-	"git.defalsify.org/vise.git/logging"
-	"git.grassecon.net/urdt/ussd/config"
-	"git.grassecon.net/urdt/ussd/initializers"
-	"git.grassecon.net/urdt/ussd/internal/storage"
-)
-
-var (
-	logg      = logging.NewVanilla()
-	scriptDir = path.Join("services", "registration")
-)
-
-func init() {
-	initializers.LoadEnvVariables()
-}
-
-func main() {
-	config.LoadConfig()
-
-	var dbDir string
-	var sessionId string
-	var database string
-
-	flag.StringVar(&sessionId, "session-id", "075xx2123", "session id")
-	flag.StringVar(&database, "db", "gdbm", "database to be used")
-	flag.StringVar(&dbDir, "dbdir", ".state", "database dir to read from")
-	flag.Parse()
-
-	ctx := context.Background()
-	ctx = context.WithValue(ctx, "SessionId", sessionId)
-	ctx = context.WithValue(ctx, "Database", database)
-
-	resourceDir := scriptDir
-	menuStorageService := storage.NewMenuStorageService(dbDir, resourceDir)
-
-	err := menuStorageService.EnsureDbDir()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error())
-		os.Exit(1)
-	}
-
-	pe, err := menuStorageService.GetPersister(ctx)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error())
-		os.Exit(1)
-	}
-
-	st := pe.GetState()
-
-	if st == nil {
-		logg.ErrorCtxf(ctx, "state fail in devtool", "state", st)
-		fmt.Println("cannot get state")
-		os.Exit(1)
-	}
-
-	fmt.Println("The state:", st)
-
-	// set empty Code to allow the menu to run from the top
-	st.Code = []byte{}
-
-	err = pe.Save(sessionId)
-	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to persist the state and cache", "error", err)
-		os.Exit(1)
-	}
-
-	os.Exit(0)
-}

devtools/store/main.go

@@ -11,6 +11,7 @@ import (
 	"git.grassecon.net/urdt/ussd/initializers"
 	"git.grassecon.net/urdt/ussd/internal/storage"
 	"git.grassecon.net/urdt/ussd/debug"
+	"git.defalsify.org/vise.git/db"
 	"git.defalsify.org/vise.git/logging"
 )
 
@@ -47,13 +48,14 @@ func main() {
 
 	store, err := menuStorageService.GetUserdataDb(ctx)
 	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error())
+		fmt.Fprintf(os.Stderr, "get userdata db: %v\n", err.Error())
 		os.Exit(1)
 	}
+	store.SetPrefix(db.DATATYPE_USERDATA)
 
 	d, err := store.Dump(ctx, []byte(sessionId))
 	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error())
+		fmt.Fprintf(os.Stderr, "store dump fail: %v\n", err.Error())
 		os.Exit(1)
 	}
 
@@ -67,7 +69,7 @@ func main() {
 			fmt.Fprintf(os.Stderr, err.Error())
 			os.Exit(1)
 		}
-		fmt.Printf("%vValue: %v\n\n", o, v)
+		fmt.Printf("%vValue: %v\n\n", o, string(v))
 	}
 
 	err = store.Close()

go.mod

@@ -3,7 +3,7 @@ module git.grassecon.net/urdt/ussd
 go 1.23.0
 
 require (
-	git.defalsify.org/vise.git v0.2.1-0.20241212145627-683015d4df80
+	git.defalsify.org/vise.git v0.2.3-0.20250103172917-3e190a44568d
 	github.com/alecthomas/assert/v2 v2.2.2
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/grassrootseconomics/eth-custodial v1.3.0-beta
@@ -11,6 +11,7 @@ require (
 	github.com/joho/godotenv v1.5.1
 	github.com/peteole/testdata-loader v0.3.0
 	github.com/stretchr/testify v1.9.0
+	golang.org/x/crypto v0.27.0
 	gopkg.in/leonelquinteros/gotext.v1 v1.3.1
 )
 
@@ -32,7 +33,6 @@ require (
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/text v0.18.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -1,5 +1,5 @@
-git.defalsify.org/vise.git v0.2.1-0.20241212145627-683015d4df80 h1:GYUVXRUtMpA40T4COeAduoay6CIgXjD5cfDYZOTFIKw=
-git.defalsify.org/vise.git v0.2.1-0.20241212145627-683015d4df80/go.mod h1:jyBMe1qTYUz3mmuoC9JQ/TvFeW0vTanCUcPu3H8p4Ck=
+git.defalsify.org/vise.git v0.2.3-0.20250103172917-3e190a44568d h1:bPAOVZOX4frSGhfOdcj7kc555f8dc9DmMd2YAyC2AMw=
+git.defalsify.org/vise.git v0.2.3-0.20250103172917-3e190a44568d/go.mod h1:jyBMe1qTYUz3mmuoC9JQ/TvFeW0vTanCUcPu3H8p4Ck=
 github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
 github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
 github.com/alecthomas/participle/v2 v2.0.0 h1:Fgrq+MbuSsJwIkw3fEj9h75vDP0Er5JzepJ0/HNHv0g=

internal/handlers/ussd/menuhandler.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"path"
-	"regexp"
 	"strconv"
 	"strings"
 
@@ -29,22 +28,11 @@ import (
 )
 
 var (
-	logg           = logging.NewVanilla().WithDomain("ussdmenuhandler")
+	logg           = logging.NewVanilla().WithDomain("ussdmenuhandler").WithContextKey("session-id")
 	scriptDir      = path.Join("services", "registration")
 	translationDir = path.Join(scriptDir, "locale")
 )
 
-// Define the regex patterns as constants
-const (
-	pinPattern = `^\d{4}$`
-)
-
-// checks whether the given input is a 4 digit number
-func isValidPIN(pin string) bool {
-	match, _ := regexp.MatchString(pinPattern, pin)
-	return match
-}
-
 // FlagManager handles centralized flag management
 type FlagManager struct {
 	parser *asm.FlagParser
@@ -129,9 +117,17 @@ func (h *Handlers) Init(ctx context.Context, sym string, input []byte) (resource
 	h.st = h.pe.GetState()
 	h.ca = h.pe.GetMemory()
 
-	sessionId, _ := ctx.Value("SessionId").(string)
-	flag_admin_privilege, _ := h.flagManager.GetFlag("flag_admin_privilege")
+	if len(input) == 0 {
+		// move to the top node
+		h.st.Code = []byte{}
+	}
 
+	sessionId, ok := ctx.Value("SessionId").(string)
+	if ok {
+		context.WithValue(ctx, "session-id", sessionId)
+	}
+
+	flag_admin_privilege, _ := h.flagManager.GetFlag("flag_admin_privilege")
 	isAdmin, _ := h.adminstore.IsAdmin(sessionId)
 
 	if isAdmin {
@@ -276,7 +272,7 @@ func (h *Handlers) VerifyNewPin(ctx context.Context, sym string, input []byte) (
 	flag_valid_pin, _ := h.flagManager.GetFlag("flag_valid_pin")
 	pinInput := string(input)
 	// Validate that the PIN is a 4-digit number.
-	if isValidPIN(pinInput) {
+	if common.IsValidPIN(pinInput) {
 		res.FlagSet = append(res.FlagSet, flag_valid_pin)
 	} else {
 		res.FlagReset = append(res.FlagReset, flag_valid_pin)
@@ -301,7 +297,7 @@ func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byt
 	accountPIN := string(input)
 
 	// Validate that the PIN is a 4-digit number.
-	if !isValidPIN(accountPIN) {
+	if !common.IsValidPIN(accountPIN) {
 		res.FlagSet = append(res.FlagSet, flag_incorrect_pin)
 		return res, nil
 	}
@@ -363,11 +359,20 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 		res.FlagReset = append(res.FlagReset, flag_pin_mismatch)
 	} else {
 		res.FlagSet = append(res.FlagSet, flag_pin_mismatch)
+		return res, nil
 	}
-	// If matched, save the confirmed PIN as the new account PIN
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	// save the hashed PIN as the new account PIN
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "hashedPIN value", hashedPIN, "error", err)
 		return res, err
 	}
 	return res, nil
@@ -399,11 +404,19 @@ func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte
 		res.FlagSet = append(res.FlagSet, flag_pin_set)
 	} else {
 		res.FlagSet = []uint32{flag_pin_mismatch}
+		return res, nil
 	}
 
-	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to write DATA_ACCOUNT_PIN entry with", "key", common.DATA_ACCOUNT_PIN, "value", hashedPIN, "error", err)
 		return res, err
 	}
 
@@ -717,7 +730,7 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
 		return res, err
 	}
 	if len(input) == 4 {
-		if bytes.Equal(input, AccountPin) {
+		if common.VerifyPIN(string(AccountPin), string(input)) {
 			if h.st.MatchFlag(flag_account_authorized, false) {
 				res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
 				res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
@@ -944,7 +957,15 @@ func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte)
 		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
-	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
+
+	// Hash the PIN
+	hashedPIN, err := common.HashPIN(string(temporaryPin))
+	if err != nil {
+		logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+		return res, err
+	}
+
+	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 	if err != nil {
 		return res, nil
 	}
@@ -1395,7 +1416,6 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		defaultValue = "Not Provided"
 	}
 
-
 	sm, _ := h.st.Where()
 	parts := strings.SplitN(sm, "_", 2)
 	filename := parts[1]

internal/handlers/ussd/menuhandler_test.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	"testing"
 
+	"git.defalsify.org/vise.git/cache"
 	"git.defalsify.org/vise.git/lang"
 	"git.defalsify.org/vise.git/persist"
 	"git.defalsify.org/vise.git/resource"
@@ -15,6 +16,7 @@ import (
 	"git.grassecon.net/urdt/ussd/internal/storage"
 	"git.grassecon.net/urdt/ussd/internal/testutil/mocks"
 	"git.grassecon.net/urdt/ussd/internal/testutil/testservice"
+	"git.grassecon.net/urdt/ussd/internal/utils"
 	"git.grassecon.net/urdt/ussd/models"
 
 	"git.grassecon.net/urdt/ussd/common"
@@ -119,6 +121,102 @@ func TestNewHandlers(t *testing.T) {
 	})
 }
 
+func TestInit(t *testing.T) {
+	sessionId := "session123"
+	ctx, store := InitializeTestStore(t)
+	ctx = context.WithValue(ctx, "SessionId", sessionId)
+
+	fm, err := NewFlagManager(flagsPath)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	adminstore, err := utils.NewAdminStore(ctx, "admin_numbers")
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	st := state.NewState(128)
+	ca := cache.NewCache()
+
+	flag_admin_privilege, _ := fm.GetFlag("flag_admin_privilege")
+
+	tests := []struct {
+		name           string
+		setup          func() (*Handlers, context.Context)
+		input          []byte
+		expectedResult resource.Result
+	}{
+		{
+			name: "Handler not ready",
+			setup: func() (*Handlers, context.Context) {
+				return &Handlers{}, ctx
+			},
+			input:          []byte("1"),
+			expectedResult: resource.Result{},
+		},
+		{
+			name: "State and memory initialization",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession(sessionId).WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				return h, context.WithValue(ctx, "SessionId", sessionId)
+			},
+			input: []byte("1"),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+		{
+			name: "Non-admin session initialization",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession("0712345678").WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				return h, context.WithValue(context.Background(), "SessionId", "0712345678")
+			},
+			input: []byte("1"),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+		{
+			name: "Move to top node on empty input",
+			setup: func() (*Handlers, context.Context) {
+				pe := persist.NewPersister(store).WithSession(sessionId).WithContent(st, ca)
+				h := &Handlers{
+					flagManager: fm.parser,
+					adminstore:  adminstore,
+					pe:          pe,
+				}
+				st.Code = []byte("some pending bytecode")
+				return h, context.WithValue(ctx, "SessionId", sessionId)
+			},
+			input: []byte(""),
+			expectedResult: resource.Result{
+				FlagReset: []uint32{flag_admin_privilege},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			h, testCtx := tt.setup()
+			res, err := h.Init(testCtx, "", tt.input)
+
+			assert.NoError(t, err, "Unexpected error occurred")
+			assert.Equal(t, res, tt.expectedResult, "Expected result should match actual result")
+		})
+	}
+}
+
 func TestCreateAccount(t *testing.T) {
 	sessionId := "session123"
 	ctx, store := InitializeTestStore(t)
@@ -949,7 +1047,14 @@ func TestAuthorize(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(accountPIN))
+			// Hash the PIN
+			hashedPIN, err := common.HashPIN(accountPIN)
+			if err != nil {
+				logg.ErrorCtxf(ctx, "failed to hash temporaryPin", "error", err)
+				t.Fatal(err)
+			}
+
+			err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(hashedPIN))
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -1401,59 +1506,6 @@ func TestQuit(t *testing.T) {
 	}
 }
 
-func TestIsValidPIN(t *testing.T) {
-	tests := []struct {
-		name     string
-		pin      string
-		expected bool
-	}{
-		{
-			name:     "Valid PIN with 4 digits",
-			pin:      "1234",
-			expected: true,
-		},
-		{
-			name:     "Valid PIN with leading zeros",
-			pin:      "0001",
-			expected: true,
-		},
-		{
-			name:     "Invalid PIN with less than 4 digits",
-			pin:      "123",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with more than 4 digits",
-			pin:      "12345",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with letters",
-			pin:      "abcd",
-			expected: false,
-		},
-		{
-			name:     "Invalid PIN with special characters",
-			pin:      "12@#",
-			expected: false,
-		},
-		{
-			name:     "Empty PIN",
-			pin:      "",
-			expected: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			actual := isValidPIN(tt.pin)
-			if actual != tt.expected {
-				t.Errorf("isValidPIN(%q) = %v; expected %v", tt.pin, actual, tt.expected)
-			}
-		})
-	}
-}
-
 func TestValidateAmount(t *testing.T) {
 	fm, err := NewFlagManager(flagsPath)
 	if err != nil {
@@ -1700,7 +1752,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Name: %s\nGender: %s\nAge: %s\nLocation: %s\nYou provide: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},
@@ -1712,7 +1764,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Jina: %s\nJinsia: %s\nUmri: %s\nEneo: %s\nUnauza: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},
@@ -1724,7 +1776,7 @@ func TestGetProfile(t *testing.T) {
 			result: resource.Result{
 				Content: fmt.Sprintf(
 					"Name: %s\nGender: %s\nAge: %s\nLocation: %s\nYou provide: %s\n",
-					"John Doee", "Male", "48", "Kilifi", "Bananas",
+					"John Doee", "Male", "49", "Kilifi", "Bananas",
 				),
 			},
 		},

internal/http/server.go

@@ -17,8 +17,7 @@ var (
 type DefaultRequestParser struct {
 }
 
-
-func(rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
+func (rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return "", handlers.ErrInvalidRequest
@@ -30,7 +29,7 @@ func(rp *DefaultRequestParser) GetSessionId(rq any) (string, error) {
 	return v, nil
 }
 
-func(rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
+func (rp *DefaultRequestParser) GetInput(rq any) ([]byte, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
 		return nil, handlers.ErrInvalidRequest
@@ -53,25 +52,24 @@ func ToSessionHandler(h handlers.RequestHandler) *SessionHandler {
 	}
 }
 
-func(f *SessionHandler) writeError(w http.ResponseWriter, code int, err error) {
+func (f *SessionHandler) writeError(w http.ResponseWriter, code int, err error) {
 	s := err.Error()
 	w.Header().Set("Content-Length", strconv.Itoa(len(s)))
 	w.WriteHeader(code)
-	_, err = w.Write([]byte{})
+	_, err = w.Write([]byte(s))
 	if err != nil {
 		logg.Errorf("error writing error!!", "err", err, "olderr", s)
 		w.WriteHeader(500)
 	}
-	return 
 }
 
-func(f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+func (f *SessionHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	var code int
 	var err error
 	var perr error
 
 	rqs := handlers.RequestSession{
-		Ctx: req.Context(),
+		Ctx:    req.Context(),
 		Writer: w,
 	}
 

internal/utils/isocode.go

@@ -1,9 +1,9 @@
 package utils
 
 var isoCodes = map[string]bool{
-	"eng": true, // English
-	"swa": true, // Swahili
-
+	"eng":     true, // English
+	"swa":     true, // Swahili
+	"default": true, // Default language: English
 }
 
 func IsValidISO639(code string) bool {

menutraversal_test/group_test.json

@@ -62,10 +62,10 @@
                 },
                 {
                     "input": "1234",
-                    "expectedContent": "Select language:\n0:English\n1:Kiswahili"
+                    "expectedContent": "Select language:\n1:English\n2:Kiswahili"
                 },
                 {
-                    "input": "0",
+                    "input": "1",
                     "expectedContent": "Your language change request was successful.\n0:Back\n9:Quit"
                 },
                 {
@@ -430,7 +430,7 @@
                 },
                 {
                     "input": "1234",
-                    "expectedContent": "My profile:\nName: foo bar\nGender: male\nAge: 79\nLocation: Kilifi\nYou provide: Bananas\n\n0:Back"
+                    "expectedContent": "My profile:\nName: foo bar\nGender: male\nAge: 80\nLocation: Kilifi\nYou provide: Bananas\n\n0:Back\n9:Quit"
                 },
                 {
                     "input": "0",

menutraversal_test/menu_traversal_test.go

@@ -298,9 +298,10 @@ func TestMainMenuSend(t *testing.T) {
 	ctx := context.Background()
 	sessions := testData
 	for _, session := range sessions {
-		groups := driver.FilterGroupsByName(session.Groups, "send_with_invalid_inputs")
+		groups := driver.FilterGroupsByName(session.Groups, "send_with_invite")
 		for _, group := range groups {
-			for _, step := range group.Steps {
+			for index, step := range group.Steps {
+				t.Logf("step %v with input %v", index, step.Input)
 				cont, err := en.Exec(ctx, []byte(step.Input))
 				if err != nil {
 					t.Fatalf("Test case '%s' failed at input '%s': %v", group.Name, step.Input, err)

menutraversal_test/test_setup.json

@@ -7,14 +7,14 @@
                 "steps": [
                     {
                         "input": "",
-                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n0:English\n1:Kiswahili"
+                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n1:English\n2:Kiswahili"
                     },
                     {
-                        "input": "0",
-                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n0:Yes\n1:No"
+                        "input": "1",
+                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n1:Yes\n2:No"
                     },
                     {
-                        "input": "0",
+                        "input": "1",
                         "expectedContent": "Please enter a new four number PIN for your account:\n0:Exit"
                     },
                     {
@@ -40,14 +40,14 @@
                 "steps": [
                     {
                         "input": "",
-                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n0:English\n1:Kiswahili"
-                    },
-                    {
-                        "input": "0",
-                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n0:Yes\n1:No"
+                        "expectedContent": "Welcome to Sarafu Network\nPlease select a language\n1:English\n2:Kiswahili"
                     },
                     {
                         "input": "1",
+                        "expectedContent": "Do you agree to terms and conditions?\nhttps://grassecon.org/pages/terms-and-conditions\n\n1:Yes\n2:No"
+                    },
+                    {
+                        "input": "2",
                         "expectedContent": "Thank you for using Sarafu. Goodbye!"
                     }
                 ]
@@ -64,8 +64,8 @@
                         "expectedContent": "Enter recipient's phone number/address/alias:\n0:Back"
                     },
                     {
-                        "input": "000",
-                        "expectedContent": "000 is invalid, please try again:\n1:Retry\n9:Quit"
+                        "input": "0@0",
+                        "expectedContent": "0@0 is invalid, please try again:\n1:Retry\n9:Quit"
                     },
                     {
                         "input": "1",

services/registration/balances.vis

@@ -7,3 +7,4 @@ HALT
 INCMP _ 0
 INCMP my_balance 1
 INCMP community_balance 2
+INCMP . * 

services/registration/change_language.vis

@@ -2,9 +2,9 @@ LOAD reset_account_authorized 0
 LOAD reset_incorrect 0
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH pin_entry flag_account_authorized 0
-MOUT english 0
-MOUT kiswahili 1
+MOUT english 1
+MOUT kiswahili 2
 HALT
-INCMP set_default 0
-INCMP set_swa 1
+INCMP set_eng 1
+INCMP set_swa 2
 INCMP . *

services/registration/community_balance.vis

@@ -9,3 +9,4 @@ MOUT quit 9
 HALT
 INCMP _ 0
 INCMP quit 9
+INCMP . * 

services/registration/edit_profile.vis

@@ -20,3 +20,4 @@ INCMP edit_yob 4
 INCMP edit_location 5
 INCMP edit_offerings 6
 INCMP view_profile 7
+INCMP . * 

services/registration/my_account.vis

@@ -14,3 +14,4 @@ INCMP balances 3
 INCMP check_statement 4
 INCMP pin_management 5
 INCMP address 6
+INCMP . *

services/registration/my_balance.vis

@@ -9,3 +9,4 @@ MOUT quit 9
 HALT
 INCMP _ 0
 INCMP quit 9
+INCMP . * 

services/registration/select_language.vis

@@ -1,6 +1,6 @@
-MOUT english 0
-MOUT kiswahili 1
+MOUT english 1
+MOUT kiswahili 2
 HALT
-INCMP set_eng 0
-INCMP set_swa 1
+INCMP set_eng 1
+INCMP set_swa 2
 INCMP . *

services/registration/set_default.vis

@@ -0,0 +1,4 @@
+LOAD set_language 6
+RELOAD set_language
+CATCH terms flag_account_created 0
+MOVE language_changed

services/registration/terms.vis

@@ -1,5 +1,5 @@
-MOUT yes 0
-MOUT no 1
+MOUT yes 1
+MOUT no 2
 HALT
-INCMP create_pin 0
+INCMP create_pin 1
 INCMP quit *

services/registration/view_profile.vis

@@ -4,5 +4,8 @@ LOAD reset_incorrect 6
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH pin_entry flag_account_authorized 0
 MOUT back 0
+MOUT quit 9
 HALT
 INCMP _ 0
+INCMP quit 9
+INCMP . *