diff --git a/lib/server.js b/lib/server.js index de7d8fa..08431ec 100644 --- a/lib/server.js +++ b/lib/server.js @@ -567,6 +567,12 @@ WalletService.prototype.joinWallet = function(opts, cb) { if (_.isEmpty(opts.name)) return cb(new ClientError('Invalid copayer name')); + try { + Bitcore.HDPublicKey(opts.xPubKey); + } catch (ex) { + return cb(new ClientError('Invalid extended public key')); + } + opts.supportBIP44AndP2PKH = _.isBoolean(opts.supportBIP44AndP2PKH) ? opts.supportBIP44AndP2PKH : true; self.walletId = opts.walletId; @@ -1275,7 +1281,7 @@ WalletService.prototype.createTx = function(opts, cb) { if (!canCreate) return cb(Errors.TX_CANNOT_CREATE); if (type != Model.TxProposal.Types.EXTERNAL) { - var validationError = self._validateOutputs(opts, wallet); + var validationError = self._validateOutputs(opts, wallet); if (validationError) { return cb(validationError); } diff --git a/test/integration/server.js b/test/integration/server.js index fcdc364..2d3a9db 100644 --- a/test/integration/server.js +++ b/test/integration/server.js @@ -450,6 +450,21 @@ describe('Wallet service', function() { }); }); + it('should fail to join with invalid xPubKey', function(done) { + var copayerOpts = helpers.getSignedCopayerOpts({ + walletId: walletId, + name: 'copayer 1', + xPubKey: 'invalid', + requestPubKey: TestData.copayers[0].pubKey_1H_0, + }); + server.joinWallet(copayerOpts, function(err, result) { + should.not.exist(result); + should.exist(err); + err.message.should.contain('extended public key'); + done(); + }); + }); + it('should fail to join with null signature', function(done) { var copayerOpts = { walletId: walletId, @@ -2215,7 +2230,7 @@ describe('Wallet service', function() { should.not.exist(err); var inputs = [utxos[0], utxos[2]]; var txOpts = helpers.createExternalProposalOpts('18PzpUFkFZE8zKWUPvfykkTxmB9oMR8qP7', 2.5, - TestData.copayers[0].privKey_1H_0, inputs); + TestData.copayers[0].privKey_1H_0, inputs); server.createTx(txOpts, function(err, tx) { should.not.exist(err); should.exist(tx);