diff --git a/lib/model/txproposal.js b/lib/model/txproposal.js index f2b0f12..c102339 100644 --- a/lib/model/txproposal.js +++ b/lib/model/txproposal.js @@ -131,6 +131,18 @@ TxProposal.prototype.getActors = function() { }; +/** + * getApprovers + * + * @return {String[]} copayerIds that approved the tx proposal (accept) + */ +TxProposal.prototype.getApprovers = function() { + return _.pluck( + _.filter(this.actions, { + type: 'accept' + }), 'copayerId'); +}; + /** * getActionBy * diff --git a/lib/server.js b/lib/server.js index 13f7831..b4bfc46 100644 --- a/lib/server.js +++ b/lib/server.js @@ -868,11 +868,11 @@ WalletService.prototype.removePendingTx = function(opts, cb) { var now = Math.floor(Date.now() / 1000); if (now - txp.createdOn < WalletService.lockTimeoutHours * 3600) { - var actors = txp.getActors(); if (txp.creatorId !== self.copayerId) return cb(new ClientError('Only creators can remove pending proposals during locktime')); - if (actors.length > 1 || (actors.length == 1 && actors[0] !== self.copayerId)) + var approvers = txp.getApprovers(); + if (approvers.length > 1 || (approvers.length == 1 && approvers[0] !== self.copayerId)) return cb(new ClientError('TXACTIONED', 'Cannot remove a proposal signed/rejected by other copayers during locktime')); } diff --git a/test/integration/server.js b/test/integration/server.js index 2d82fe8..558907d 100644 --- a/test/integration/server.js +++ b/test/integration/server.js @@ -2774,6 +2774,25 @@ describe('Wallet service', function() { }); }); + it('should allow creator copayer to remove a TX rejected by other copayer, in less than 24hrs', function(done) { + helpers.getAuthServer(wallet.copayers[1].id, function(server2) { + var signatures = helpers.clientSign(txp, TestData.copayers[1].xPrivKey); + server2.rejectTx({ + txProposalId: txp.id, + signatures: signatures, + }, function(err) { + should.not.exist(err); + server.removePendingTx({ + txProposalId: txp.id + }, function(err) { + should.not.exist(err); + done(); + }); + }); + }); + }); + + it('should allow creator copayer to remove a TX signed by other copayer, after 24hrs', function(done) { helpers.getAuthServer(wallet.copayers[1].id, function(server2) {