implement reset nkode

2024-09-27 13:51:45 -05:00
parent 1b133edd78
commit 57b5308ca9
17 changed files with 489 additions and 88 deletions
--- a/core/aws_ses.go
+++ b/core/aws_ses.go
@@ -0,0 +1,61 @@
+package core
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ses"
+	"github.com/aws/aws-sdk-go-v2/service/ses/types"
+)
+
+func ResetUserEmail(userEmail Email, customerId CustomerId) error {
+	// Load AWS configuration
+	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-east-1"))
+	if err != nil {
+		return errors.New(fmt.Sprintf("unable to load SDK config, %v", err))
+	}
+
+	nkodeResetJwt, err := ResetNKodeToken(userEmail, customerId)
+	if err != nil {
+		return errors.New(fmt.Sprintf("unable to load SDK config, %v", err))
+	}
+	// Create an SES client
+	sesClient := ses.NewFromConfig(cfg)
+
+	// Define sender and recipient
+	sender := "mail@nkode.tech"
+
+	// Define email subject and body
+	subject := "nKode Reset"
+	htmlBody := fmt.Sprintf("<h1>Hello!</h1><p>Click the link to reset your nKode.</p><a href=\"http://%s?token=%s\">Reset nKode</a>", FrontendHost, nkodeResetJwt)
+
+	// Construct the email message
+	input := &ses.SendEmailInput{
+		Destination: &types.Destination{
+			ToAddresses: []string{string(userEmail)},
+		},
+		Message: &types.Message{
+			Body: &types.Body{
+				Html: &types.Content{
+					Data: aws.String(htmlBody),
+				},
+			},
+			Subject: &types.Content{
+				Data: aws.String(subject),
+			},
+		},
+		Source: aws.String(sender),
+	}
+
+	// Send the email
+	resp, err := sesClient.SendEmail(context.TODO(), input)
+	if err != nil {
+		return errors.New(fmt.Sprintf("failed to send email, %v", err))
+	}
+
+	// Output the message ID of the sent email
+	fmt.Printf("Email sent successfully, Message ID: %s\n", *resp.MessageId)
+	return nil
+}
--- a/core/config.go
+++ b/core/config.go
@@ -0,0 +1,6 @@
+package core
+
+const (
+	BackendHost  = "localhost:8080"
+	FrontendHost = "localhost:8090"
+)
--- a/core/in_memory_db.go
+++ b/core/in_memory_db.go
@@ -66,6 +66,10 @@ func (db *InMemoryDb) WriteNewUser(user User) error {
 	return nil
 }

+func (db *InMemoryDb) UpdateUserNKode(user User) error {
+	return errors.ErrUnsupported
+}
+
 func (db *InMemoryDb) UpdateUserInterface(userId UserId, ui UserInterface) error {
 	user, exists := db.Users[userId]
 	if !exists {
--- a/core/jwt_claims.go
+++ b/core/jwt_claims.go
@@ -7,49 +7,57 @@ import (
 	"time"
 )

-type JwtTokens struct {
+type AuthenticationTokens struct {
 	AccessToken  string `json:"access_token"`
 	RefreshToken string `json:"refresh_token"`
 }

+type ResetNKodeClaims struct {
+	Reset bool `json:"reset"`
+	jwt.RegisteredClaims
+}
+
 const (
-	accessTokenExp  = 5 * time.Minute
-	refreshTokenExp = 30 * 24 * time.Hour
+	accessTokenExp     = 5 * time.Minute
+	refreshTokenExp    = 30 * 24 * time.Hour
+	resetNKodeTokenExp = 5 * time.Minute
 )

 var secret = []byte("your-secret-key")

-func NewJwtTokens(username string) (JwtTokens, error) {
-	accessClaims := NewAccessClaim(username)
+func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) {
+	accessClaims := NewAccessClaim(username, customerId)

 	refreshClaims := jwt.RegisteredClaims{
 		Subject:   username,
+		Issuer:    CustomerIdToString(customerId),
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(refreshTokenExp)),
 	}

 	accessJwt, err := EncodeAndSignClaims(accessClaims)
 	if err != nil {
-		return JwtTokens{}, err
+		return AuthenticationTokens{}, err
 	}
 	refreshJwt, err := EncodeAndSignClaims(refreshClaims)

 	if err != nil {
-		return JwtTokens{}, err
+		return AuthenticationTokens{}, err
 	}
-	return JwtTokens{
+	return AuthenticationTokens{
 		AccessToken:  accessJwt,
 		RefreshToken: refreshJwt,
 	}, nil
 }

-func NewAccessClaim(username string) jwt.RegisteredClaims {
+func NewAccessClaim(username string, customerId CustomerId) jwt.RegisteredClaims {
 	return jwt.RegisteredClaims{
 		Subject:   username,
+		Issuer:    CustomerIdToString(customerId),
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(accessTokenExp)),
 	}
 }

-func EncodeAndSignClaims(claims jwt.RegisteredClaims) (string, error) {
+func EncodeAndSignClaims(claims jwt.Claims) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	return token.SignedString(secret)
 }
@@ -91,3 +99,29 @@ func ClaimExpired(claims jwt.RegisteredClaims) error {
 	}
 	return errors.New("claim expired")
 }
+
+func ResetNKodeToken(userEmail Email, customerId CustomerId) (string, error) {
+	resetClaims := ResetNKodeClaims{
+		true,
+		jwt.RegisteredClaims{
+			Subject:   string(userEmail),
+			Issuer:    CustomerIdToString(customerId),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(resetNKodeTokenExp)),
+		},
+	}
+	return EncodeAndSignClaims(resetClaims)
+}
+
+func ParseRestNKodeToken(resetNKodeToken string) (*ResetNKodeClaims, error) {
+	token, err := jwt.ParseWithClaims(resetNKodeToken, &ResetNKodeClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return secret, nil
+	})
+	if err != nil {
+		return nil, fmt.Errorf("error parsing refresh token: %w", err)
+	}
+	claims, ok := token.Claims.(*ResetNKodeClaims)
+	if !ok {
+		return nil, errors.New("unable to parse claims")
+	}
+	return claims, nil
+}
--- a/core/jwt_claims_test.go
+++ b/core/jwt_claims_test.go
@@ -0,0 +1,28 @@
+package core
+
+import (
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestJwtClaims(t *testing.T) {
+	email := "testing@example.com"
+	customerId := CustomerId(uuid.New())
+	authTokens, err := NewAuthenticationTokens(email, customerId)
+	assert.NoError(t, err)
+	accessToken, err := ParseAccessToken(authTokens.AccessToken)
+	assert.NoError(t, err)
+	assert.Equal(t, accessToken.Subject, email)
+	assert.NoError(t, ClaimExpired(*accessToken))
+	refreshToken, err := ParseRefreshToken(authTokens.RefreshToken)
+	assert.NoError(t, err)
+	assert.Equal(t, refreshToken.Subject, email)
+	assert.NoError(t, ClaimExpired(*refreshToken))
+	resetNKode, err := ResetNKodeToken(Email(email), customerId)
+	assert.NoError(t, err)
+	resetToken, err := ParseRestNKodeToken(resetNKode)
+	assert.NoError(t, err)
+	assert.True(t, resetToken.Reset)
+	assert.Equal(t, resetToken.Subject, email)
+}
--- a/core/nkode_api.go
+++ b/core/nkode_api.go
@@ -34,12 +34,12 @@ func (n *NKodeAPI) CreateNewCustomer(nkodePolicy NKodePolicy, id *CustomerId) (*
 	return &newCustomer.Id, nil
 }

-func (n *NKodeAPI) GenerateSignupInterface(userEmail Email, customerId CustomerId, kp KeypadDimension) (*GenerateSignupInterfaceResp, error) {
+func (n *NKodeAPI) GenerateSignupResetInterface(userEmail Email, customerId CustomerId, kp KeypadDimension, reset bool) (*GenerateSignupResetInterfaceResp, error) {
 	svgIdxInterface, err := n.Db.RandomSvgIdxInterface(kp)
 	if err != nil {
 		return nil, err
 	}
-	signupSession, err := NewSignupSession(userEmail, kp, customerId, svgIdxInterface)
+	signupSession, err := NewSignupResetSession(userEmail, kp, customerId, svgIdxInterface, reset)
 	if err != nil {
 		return nil, err
 	}
@@ -48,7 +48,7 @@ func (n *NKodeAPI) GenerateSignupInterface(userEmail Email, customerId CustomerI
 	if err != nil {
 		return nil, err
 	}
-	resp := GenerateSignupInterfaceResp{
+	resp := GenerateSignupResetInterfaceResp{
 		UserIdxInterface: signupSession.SetIdxInterface,
 		SvgInterface:     svgInterface,
 		SessionId:        uuid.UUID(signupSession.Id).String(),
@@ -95,7 +95,11 @@ func (n *NKodeAPI) ConfirmNKode(customerId CustomerId, sessionId SessionId, keyS
 	if err != nil {
 		return err
 	}
-	err = n.Db.WriteNewUser(*user)
+	if session.Reset {
+		err = n.Db.UpdateUserNKode(*user)
+	} else {
+		err = n.Db.WriteNewUser(*user)
+	}
 	delete(n.SignupSessions, session.Id)
 	return err
 }
@@ -105,6 +109,9 @@ func (n *NKodeAPI) GetLoginInterface(userEmail Email, customerId CustomerId) (*G
 	if err != nil {
 		return nil, err
 	}
+	if user == nil {
+		return nil, errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId))
+	}
 	err = user.Interface.PartialInterfaceShuffle()
 	if err != nil {
 		return nil, err
@@ -126,14 +133,17 @@ func (n *NKodeAPI) GetLoginInterface(userEmail Email, customerId CustomerId) (*G
 	return &resp, nil
 }

-func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection KeySelection) (*JwtTokens, error) {
+func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection KeySelection) (*AuthenticationTokens, error) {
 	customer, err := n.Db.GetCustomer(customerId)
 	if err != nil {
 		return nil, err
 	}
 	user, err := n.Db.GetUser(userEmail, customerId)
 	if err != nil {
-		return nil, errors.New(fmt.Sprintf("user dne %s", userEmail))
+		return nil, err
+	}
+	if user == nil {
+		return nil, errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId))
 	}
 	passcode, err := ValidKeyEntry(*user, *customer, keySelection)
 	if err != nil {
@@ -146,7 +156,7 @@ func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection Ke
 			return nil, err
 		}
 	}
-	jwtToken, err := NewJwtTokens(string(user.Email))
+	jwtToken, err := NewAuthenticationTokens(string(user.Email), customerId)
 	if err != nil {
 		return nil, err
 	}
@@ -174,6 +184,9 @@ func (n *NKodeAPI) RefreshToken(userEmail Email, customerId CustomerId, refreshT
 	if err != nil {
 		return "", err
 	}
+	if user == nil {
+		return "", errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId))
+	}
 	if user.RefreshToken != refreshToken {
 		return "", errors.New("refresh token is invalid")
 	}
@@ -184,6 +197,17 @@ func (n *NKodeAPI) RefreshToken(userEmail Email, customerId CustomerId, refreshT
 	if err = ClaimExpired(*refreshClaims); err != nil {
 		return "", err
 	}
-	newAccessClaims := NewAccessClaim(string(userEmail))
+	newAccessClaims := NewAccessClaim(string(userEmail), customerId)
 	return EncodeAndSignClaims(newAccessClaims)
 }
+
+func (n *NKodeAPI) ResetNKode(userEmail Email, customerId CustomerId) error {
+	user, err := n.Db.GetUser(userEmail, customerId)
+	if err != nil {
+		return fmt.Errorf("error getting user in rest nkode %v", err)
+	}
+	if user == nil {
+		return nil
+	}
+	return ResetUserEmail(userEmail, customerId)
+}
--- a/core/nkode_api_test.go
+++ b/core/nkode_api_test.go
@@ -7,21 +7,21 @@ import (
 )

 func TestNKodeAPI(t *testing.T) {
-	db1 := NewInMemoryDb()
-	testNKodeAPI(t, &db1)
+	//db1 := NewInMemoryDb()
+	//testNKodeAPI(t, &db1)

-	//dbFile := "../../test.db"
+	dbFile := "../test.db"

-	//db2 := NewSqliteDB(dbFile)
-	//defer db2.CloseDb()
-	//testNKodeAPI(t, db2)
+	db2 := NewSqliteDB(dbFile)
+	defer db2.CloseDb()
+	testNKodeAPI(t, db2)

-	//	if _, err := os.Stat(dbFile); err == nil {
-	//		err = os.Remove(dbFile)
-	//		assert.NoError(t, err)
-	//	} else {
-	//		assert.NoError(t, err)
-	//	}
+	//if _, err := os.Stat(dbFile); err == nil {
+	//	err = os.Remove(dbFile)
+	//	assert.NoError(t, err)
+	//} else {
+	//	assert.NoError(t, err)
+	//}
 }

 func testNKodeAPI(t *testing.T, db DbAccessor) {
@@ -35,7 +35,7 @@ func testNKodeAPI(t *testing.T, db DbAccessor) {
 		nkodeApi := NewNKodeAPI(db)
 		customerId, err := nkodeApi.CreateNewCustomer(nkodePolicy, nil)
 		assert.NoError(t, err)
-		signupResponse, err := nkodeApi.GenerateSignupInterface(userEmail, *customerId, keypadSize)
+		signupResponse, err := nkodeApi.GenerateSignupResetInterface(userEmail, *customerId, keypadSize, false)
 		assert.NoError(t, err)
 		setInterface := signupResponse.UserIdxInterface
 		sessionIdStr := signupResponse.SessionId
@@ -69,5 +69,31 @@ func testNKodeAPI(t *testing.T, db DbAccessor) {
 		_, err = nkodeApi.Login(*customerId, userEmail, loginKeySelection)
 		assert.NoError(t, err)

+		/// Reset nKode
+		attrsPerKey = 6
+		keypadSize = KeypadDimension{AttrsPerKey: attrsPerKey, NumbOfKeys: numbOfKeys}
+		resetResponse, err := nkodeApi.GenerateSignupResetInterface(userEmail, *customerId, keypadSize, true)
+		assert.NoError(t, err)
+		setInterface = resetResponse.UserIdxInterface
+		sessionIdStr = resetResponse.SessionId
+		sessionId, err = SessionIdFromString(sessionIdStr)
+		assert.NoError(t, err)
+		keypadSize = KeypadDimension{AttrsPerKey: numbOfKeys, NumbOfKeys: numbOfKeys}
+		userPasscode = setInterface[:passcodeLen+1]
+		setKeySelect, err = SelectKeyByAttrIdx(setInterface, userPasscode, keypadSize)
+		assert.NoError(t, err)
+		confirmInterface, err = nkodeApi.SetNKode(*customerId, sessionId, setKeySelect)
+		assert.NoError(t, err)
+		confirmKeySelect, err = SelectKeyByAttrIdx(confirmInterface, userPasscode, keypadSize)
+		err = nkodeApi.ConfirmNKode(*customerId, sessionId, confirmKeySelect)
+		assert.NoError(t, err)
+
+		keypadSize = KeypadDimension{AttrsPerKey: attrsPerKey, NumbOfKeys: numbOfKeys}
+		loginInterface2, err := nkodeApi.GetLoginInterface(userEmail, *customerId)
+		assert.NoError(t, err)
+		loginKeySelection, err = SelectKeyByAttrIdx(loginInterface2.UserIdxInterface, userPasscode, keypadSize)
+		assert.NoError(t, err)
+		_, err = nkodeApi.Login(*customerId, userEmail, loginKeySelection)
+		assert.NoError(t, err)
 	}
 }
--- a/core/nkode_handler.go
+++ b/core/nkode_handler.go
@@ -6,6 +6,7 @@ import (
 	"github.com/google/uuid"
 	"log"
 	"net/http"
+	"strings"
 )

 type NKodeHandler struct {
@@ -13,23 +14,24 @@ type NKodeHandler struct {
 }

 const (
-	CreateNewCustomer       = "/create-new-customer"
-	GenerateSignupInterface = "/generate-signup-interface"
-	SetNKode                = "/set-nkode"
-	ConfirmNKode            = "/confirm-nkode"
-	GetLoginInterface       = "/get-login-interface"
-	Login                   = "/login"
-	RenewAttributes         = "/renew-attributes"
-	RandomSvgInterface      = "/random-svg-interface"
-	RefreshToken            = "/refresh-token"
+	CreateNewCustomer            = "/create-new-customer"
+	GenerateSignupResetInterface = "/generate-signup-reset-interface"
+	SetNKode                     = "/set-nkode"
+	ConfirmNKode                 = "/confirm-nkode"
+	GetLoginInterface            = "/get-login-interface"
+	Login                        = "/login"
+	RenewAttributes              = "/renew-attributes"
+	RandomSvgInterface           = "/random-svg-interface"
+	RefreshToken                 = "/refresh-token"
+	ResetNKode                   = "/reset-nkode"
 )

 func (h *NKodeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch r.URL.Path {
 	case CreateNewCustomer:
 		h.CreateNewCustomerHandler(w, r)
-	case GenerateSignupInterface:
-		h.GenerateSignupInterfaceHandler(w, r)
+	case GenerateSignupResetInterface:
+		h.GenerateSignupResetInterfaceHandler(w, r)
 	case SetNKode:
 		h.SetNKodeHandler(w, r)
 	case ConfirmNKode:
@@ -44,6 +46,8 @@ func (h *NKodeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.RandomSvgInterfaceHandler(w, r)
 	case RefreshToken:
 		h.RefreshTokenHandler(w, r)
+	case ResetNKode:
+		h.ResetNKode(w, r)
 	default:
 		w.WriteHeader(http.StatusNotFound)
 		_, err := w.Write([]byte("404 not found"))
@@ -88,23 +92,22 @@ func (h *NKodeHandler) CreateNewCustomerHandler(w http.ResponseWriter, r *http.R
 	w.WriteHeader(http.StatusOK)
 }

-func (h *NKodeHandler) GenerateSignupInterfaceHandler(w http.ResponseWriter, r *http.Request) {
+func (h *NKodeHandler) GenerateSignupResetInterfaceHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		methodNotAllowed(w)
 		return
 	}
-	log.Print("signup interface")

-	var signupPost GenerateSignupInterfacePost
-	err := decodeJson(w, r, &signupPost)
+	var signupResetPost GenerateSignupRestInterfacePost
+	err := decodeJson(w, r, &signupResetPost)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
 	kp := KeypadDimension{
-		AttrsPerKey: signupPost.AttrsPerKey,
-		NumbOfKeys:  signupPost.NumbOfKeys,
+		AttrsPerKey: signupResetPost.AttrsPerKey,
+		NumbOfKeys:  signupResetPost.NumbOfKeys,
 	}
 	err = kp.IsValidKeypadDimension()
 	if err != nil {
@@ -112,14 +115,19 @@ func (h *NKodeHandler) GenerateSignupInterfaceHandler(w http.ResponseWriter, r *
 		log.Println(err)
 		return
 	}
-	customerId, err := uuid.Parse(signupPost.CustomerId)
+	customerId, err := uuid.Parse(signupResetPost.CustomerId)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	userEmail, err := ParseEmail(signupPost.UserEmail)
-	resp, err := h.Api.GenerateSignupInterface(userEmail, CustomerId(customerId), kp)
+	userEmail, err := ParseEmail(signupResetPost.UserEmail)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	resp, err := h.Api.GenerateSignupResetInterface(userEmail, CustomerId(customerId), kp, signupResetPost.Reset)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
@@ -370,30 +378,29 @@ func (h *NKodeHandler) RandomSvgInterfaceHandler(w http.ResponseWriter, r *http.
 }

 func (h *NKodeHandler) RefreshTokenHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
+	if r.Method != http.MethodGet {
 		methodNotAllowed(w)
 	}
-	var refreshTokenPost RefreshTokenPost
-	err := decodeJson(w, r, &refreshTokenPost)
-
+	refreshToken, err := getBearerToken(r)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	customerId, err := uuid.Parse(refreshTokenPost.CustomerId)
+	refreshClaims, err := ParseRefreshToken(refreshToken)
+	customerId, err := uuid.Parse(refreshClaims.Issuer)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	userEmail, err := ParseEmail(refreshTokenPost.UserEmail)
+	userEmail, err := ParseEmail(refreshClaims.Subject)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	accessToken, err := h.Api.RefreshToken(userEmail, CustomerId(customerId), refreshTokenPost.RefreshToken)
+	accessToken, err := h.Api.RefreshToken(userEmail, CustomerId(customerId), refreshToken)

 	if err != nil {
 		internalServerErrorHandler(w)
@@ -417,6 +424,38 @@ func (h *NKodeHandler) RefreshTokenHandler(w http.ResponseWriter, r *http.Reques
 	w.WriteHeader(http.StatusOK)
 }

+func (h *NKodeHandler) ResetNKode(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		methodNotAllowed(w)
+	}
+	var resetNKodePost ResetNKodePost
+	err := decodeJson(w, r, &resetNKodePost)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println("error decoding reset nkode post: ", err)
+		return
+	}
+	customerId, err := uuid.Parse(resetNKodePost.CustomerId)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	userEmail, err := ParseEmail(resetNKodePost.UserEmail)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	err = h.Api.ResetNKode(userEmail, CustomerId(customerId))
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	w.WriteHeader(http.StatusOK)
+}
+
 func decodeJson(w http.ResponseWriter, r *http.Request, post any) error {
 	if r.Body == nil {
 		invalidJson(w)
@@ -449,3 +488,13 @@ func invalidJson(w http.ResponseWriter) {
 	w.WriteHeader(http.StatusBadRequest)
 	w.Write([]byte("invalid json"))
 }
+
+func getBearerToken(r *http.Request) (string, error) {
+	authHeader := r.Header.Get("Authorization")
+	// Check if the Authorization header is present and starts with "Bearer "
+	if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
+		return "", errors.New("authorization header missing or invalid")
+	}
+	token := strings.TrimPrefix(authHeader, "Bearer ")
+	return token, nil
+}
--- a/core/sqlite_db.go
+++ b/core/sqlite_db.go
@@ -95,9 +95,57 @@ VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)
 	return nil
 }

+func (d *SqliteDB) UpdateUserNKode(u User) error {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err != nil {
+			err = tx.Rollback()
+			if err != nil {
+				log.Fatal(fmt.Sprintf("Write new user won't roll back %+v", err))
+			}
+		}
+	}()
+	updateUser := `
+UPDATE user 
+SET renew = ?, refresh_token = ?, code = ?, mask = ?, attributes_per_key = ?, number_of_keys = ?, alpha_key = ?, set_key = ?, pass_key = ?, mask_key = ?, salt = ?, max_nkode_len = ?, idx_interface = ?, svg_id_interface = ? 
+WHERE username = ? AND customer_id = ?
+`
+	var renew int
+	if u.Renew {
+		renew = 1
+	} else {
+		renew = 0
+	}
+	_, err = tx.Exec(updateUser, renew, u.RefreshToken, u.EncipheredPasscode.Code, u.EncipheredPasscode.Mask, u.Kp.AttrsPerKey, u.Kp.NumbOfKeys, util.Uint64ArrToByteArr(u.CipherKeys.AlphaKey), util.Uint64ArrToByteArr(u.CipherKeys.SetKey), util.Uint64ArrToByteArr(u.CipherKeys.PassKey), util.Uint64ArrToByteArr(u.CipherKeys.MaskKey), u.CipherKeys.Salt, u.CipherKeys.MaxNKodeLen, util.IntArrToByteArr(u.Interface.IdxInterface), util.IntArrToByteArr(u.Interface.SvgId), string(u.Email), uuid.UUID(u.CustomerId))
+
+	if err != nil {
+		return err
+	}
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (d *SqliteDB) GetCustomer(id CustomerId) (*Customer, error) {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if err != nil {
+			err = tx.Rollback()
+			if err != nil {
+				log.Fatal(fmt.Sprintf("Write new user won't roll back %+v", err))
+			}
+		}
+	}()
 	selectCustomer := `SELECT max_nkode_len, min_nkode_len, distinct_sets, distinct_attributes, lock_out, expiration, attribute_values, set_values FROM customer WHERE id = ?`
-	rows, err := d.db.Query(selectCustomer, uuid.UUID(id))
+	rows, err := tx.Query(selectCustomer, uuid.UUID(id))

 	if !rows.Next() {
 		return nil, errors.New(fmt.Sprintf("no new row for customer %s with err %s", id, rows.Err()))
@@ -131,18 +179,26 @@ func (d *SqliteDB) GetCustomer(id CustomerId) (*Customer, error) {
 		},
 		Attributes: NewCustomerAttributesFromBytes(attributeValues, setValues),
 	}
-
+	err = tx.Commit()
+	if err != nil {
+		return nil, fmt.Errorf("read customer won't commit %w", err)
+	}
 	return &customer, nil
 }

 func (d *SqliteDB) GetUser(username Email, customerId CustomerId) (*User, error) {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer tx.Commit()
 	userSelect := `
 SELECT id, renew, refresh_token, code, mask, attributes_per_key, number_of_keys, alpha_key, set_key, pass_key, mask_key, salt, max_nkode_len, idx_interface, svg_id_interface FROM user 
 WHERE user.username = ? AND user.customer_id = ?
 `
-	rows, err := d.db.Query(userSelect, string(username), uuid.UUID(customerId).String())
+	rows, err := tx.Query(userSelect, string(username), uuid.UUID(customerId).String())
 	if !rows.Next() {
-		return nil, errors.New(fmt.Sprintf("no new rows for user %s of customer %s", string(username), uuid.UUID(customerId).String()))
+		return nil, nil
 	}
 	var id string
 	var renewVal int
@@ -246,7 +302,11 @@ UPDATE customer SET attribute_values = ?, set_values = ? WHERE id = ?;
 	userQuery := `
 SELECT id, alpha_key, set_key, attributes_per_key, number_of_keys FROM user WHERE customer_id = ?
 `
-	rows, err := d.db.Query(userQuery, uuid.UUID(id).String())
+	tx, err := d.db.Begin()
+	if err != nil {
+		return err
+	}
+	rows, err := tx.Query(userQuery, uuid.UUID(id).String())
 	for rows.Next() {
 		var userId string
 		var alphaBytes []byte
@@ -283,8 +343,20 @@ SELECT id, alpha_key, set_key, attributes_per_key, number_of_keys FROM user WHER
 	renewExec += `
 COMMIT;
 `
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}

+	tx, err = d.db.Begin()
+	if err != nil {
+		return err
+	}
 	_, err = d.db.Exec(renewExec, renewArgs...)
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}
 	return err
 }

@@ -317,10 +389,15 @@ func (d *SqliteDB) GetSvgStringInterface(idxs SvgIdInterface) ([]string, error)
 }

 func (d *SqliteDB) getSvgsById(ids []int) ([]string, error) {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer tx.Commit()
 	selectId := "SELECT svg FROM svg_icon where id = ?"
 	svgs := make([]string, len(ids))
 	for idx, id := range ids {
-		rows, err := d.db.Query(selectId, id)
+		rows, err := tx.Query(selectId, id)
 		if err != nil {
 			return nil, err
 		}
@@ -336,7 +413,12 @@ func (d *SqliteDB) getSvgsById(ids []int) ([]string, error) {
 }

 func (d *SqliteDB) getRandomIds(count int) ([]int, error) {
-	rows, err := d.db.Query("SELECT COUNT(*) as count FROM svg_icon;")
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer tx.Commit()
+	rows, err := tx.Query("SELECT COUNT(*) as count FROM svg_icon;")
 	if err != nil {
 		return nil, err
 	}
--- a/core/test_helper.go
+++ b/core/test_helper.go
@@ -10,8 +10,11 @@ func SelectKeyByAttrIdx(interfaceUser []int, passcodeIdxs []int, keypadSize Keyp
 	selectedKeys := make([]int, len(passcodeIdxs))
 	for idx := range passcodeIdxs {
 		attrIdx := util.IndexOf[int](interfaceUser, passcodeIdxs[idx])
+		if attrIdx == -1 {
+			return nil, errors.New(fmt.Sprintf("index: %d out of range 0-%d", passcodeIdxs[idx], keypadSize.TotalAttrs()-1))
+		}
 		keyNumb := attrIdx / keypadSize.AttrsPerKey
-		if keyNumb < 0 || keyNumb >= keypadSize.NumbOfKeys {
+		if keyNumb >= keypadSize.NumbOfKeys {
 			return nil, errors.New(fmt.Sprintf("index key number: %d out of range 0-%d", keyNumb, keypadSize.NumbOfKeys-1))
 		}
 		selectedKeys[idx] = keyNumb
--- a/core/type.go
+++ b/core/type.go
@@ -21,11 +21,12 @@ type NewCustomerPost struct {
 	NKodePolicy NKodePolicy `json:"nkode_policy"`
 }

-type GenerateSignupInterfacePost struct {
+type GenerateSignupRestInterfacePost struct {
 	CustomerId  string `json:"customer_id"`
 	AttrsPerKey int    `json:"attrs_per_key"`
 	NumbOfKeys  int    `json:"numb_of_keys"`
 	UserEmail   string `json:"email"`
+	Reset       bool   `json:"reset"`
 }

 type SetNKodePost struct {
@@ -56,16 +57,20 @@ type RenewAttributesPost struct {
 }

 type RefreshTokenPost struct {
-	UserEmail    string `json:"username"`
-	CustomerId   string `json:"customer_id"`
-	RefreshToken string `json:"refresh_token"`
+	UserEmail  string `json:"email"`
+	CustomerId string `json:"customer_id"`
+}
+
+type ResetNKodePost struct {
+	UserEmail  string `json:"email"`
+	CustomerId string `json:"customer_id"`
 }

 type CreateNewCustomerResp struct {
 	CustomerId string `json:"customer_id"`
 }

-type GenerateSignupInterfaceResp struct {
+type GenerateSignupResetInterfaceResp struct {
 	SessionId        string       `json:"session_id"`
 	UserIdxInterface IdxInterface `json:"user_interface"`
 	SvgInterface     []string     `json:"svg_interface"`
@@ -80,6 +85,12 @@ type GetLoginInterfaceResp struct {

 type KeySelection []int
 type CustomerId uuid.UUID
+
+func CustomerIdToString(customerId CustomerId) string {
+	customerUuid := uuid.UUID(customerId)
+	return customerUuid.String()
+}
+
 type SessionId uuid.UUID
 type UserId uuid.UUID

@@ -116,6 +127,7 @@ type DbAccessor interface {
 	GetUser(Email, CustomerId) (*User, error)
 	WriteNewCustomer(Customer) error
 	WriteNewUser(User) error
+	UpdateUserNKode(User) error
 	UpdateUserInterface(UserId, UserInterface) error
 	UpdateUserRefreshToken(UserId, string) error
 	Renew(CustomerId) error
--- a/core/user_signup_session.go
+++ b/core/user_signup_session.go
@@ -18,10 +18,11 @@ type UserSignSession struct {
 	ConfirmIdxInterface IdxInterface
 	SetKeySelection     KeySelection
 	UserEmail           Email
+	Reset               bool
 	Expire              int
 }

-func NewSignupSession(userEmail Email, kp KeypadDimension, customerId CustomerId, svgInterface SvgIdInterface) (*UserSignSession, error) {
+func NewSignupResetSession(userEmail Email, kp KeypadDimension, customerId CustomerId, svgInterface SvgIdInterface, reset bool) (*UserSignSession, error) {
 	loginInterface, err := NewUserInterface(&kp, svgInterface)
 	if err != nil {
 		return nil, err
@@ -39,6 +40,7 @@ func NewSignupSession(userEmail Email, kp KeypadDimension, customerId CustomerId
 		SetKeySelection:     nil,
 		UserEmail:           userEmail,
 		Kp:                  kp,
+		Reset:               reset,
 	}

 	return &session, nil