check header & change address

lib/client/Verifier.js

@@ -55,7 +55,8 @@ Verifier.checkCopayers = function(copayers, walletPrivKey, myXPrivKey, n) {
 
 Verifier.checkTxProposal = function(data, txp) {
   var header = txp.toAddress + '|' + txp.amount + '|' + (txp.message || '');
-  if (!SignUtils.verify(header, txp.proposalSignature, data.signingPubKey)) return false;
+  var signingPubKey = Bitcore.PrivateKey.fromString(data.signingPrivKey).toPublicKey().toString();
+  if (!SignUtils.verify(header, txp.proposalSignature, signingPubKey)) return false;
 
   return Verifier.checkAddress(data, txp.changeAddress);
 };

test/integration/clientApi.js

@@ -9,12 +9,10 @@ var API = Client.API;
 var Bitcore = require('bitcore');
 var TestData = require('./clienttestdata');
 
-describe(' client API ', function() {
-
+describe('client API ', function() {
   var client;
 
   beforeEach(function() {
-
     var fsmock = {};;
     fsmock.readFile = sinon.mock().yields(null, JSON.stringify(TestData.storage.wallet11));
     fsmock.writeFile = sinon.mock().yields();
@@ -27,7 +25,7 @@ describe(' client API ', function() {
     });
   });
 
-  describe(' _tryToComplete ', function() {
+  describe('#_tryToComplete ', function() {
     it('should complete a wallet ', function(done) {
       var request = sinon.stub();
 
@@ -45,7 +43,7 @@ describe(' client API ', function() {
         should.not.exist(err);
         done();
       });
-    })
+    });
 
 
     it('should handle incomple wallets', function(done) {
@@ -62,7 +60,7 @@ describe(' client API ', function() {
         err.should.contain('Incomplete');
         done();
       });
-    })
+    });
 
     it('should reject wallets with bad signatures', function(done) {
       var request = sinon.stub();
@@ -77,7 +75,8 @@ describe(' client API ', function() {
         err.should.contain('verified');
         done();
       });
-    })
+    });
+
     it('should reject wallets with missing signatures ', function(done) {
       var request = sinon.stub();
       // Wallet request
@@ -91,7 +90,7 @@ describe(' client API ', function() {
         err.should.contain('verified');
         done();
       });
-    })
+    });
 
     it('should reject wallets missing caller"s pubkey', function(done) {
       var request = sinon.stub();
@@ -106,13 +105,11 @@ describe(' client API ', function() {
         err.should.contain('verified');
         done();
       });
-    })
-
-
+    });
   });
 
-  describe(' createAddress ', function() {
-    it(' should check address ', function(done) {
+  describe('#createAddress ', function() {
+    it('should check address ', function(done) {
 
       var response = {
         createdOn: 1424105995,
@@ -131,8 +128,9 @@ describe(' client API ', function() {
         x.address.should.equal('2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq');
         done();
       });
-    })
-    it(' should detect fake addresses ', function(done) {
+    });
+
+    it('should detect fake addresses ', function(done) {
       var response = {
         createdOn: 1424105995,
         address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
@@ -148,46 +146,48 @@ describe(' client API ', function() {
         err.message.should.contain('fake address');
         done();
       });
-    })
-  })
-
-  describe(' createAddress ', function() {
-    it(' should check address ', function(done) {
+    });
+  });
 
-      var response = {
-        createdOn: 1424105995,
-        address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
-        path: 'm/2147483647/0/7',
-        publicKeys: ['03f6a5fe8db51bfbaf26ece22a3e3bc242891a47d3048fc70bc0e8c03a071ad76f']
+  describe('#signTxProposal ', function() {
+    it.skip('should sign tx proposal', function(done) {});
+
+    it('should detect fake tx proposal signature', function(done) {
+      var txp = {
+        toAddress: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
+        amount: 100000,
+        message: 'some message',
+        proposalSignature: 'dummy',
+        changeAddress: {
+          address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
+          path: 'm/2147483647/0/7',
+          publicKeys: ['03f6a5fe8db51bfbaf26ece22a3e3bc242891a47d3048fc70bc0e8c03a071ad76f']
+        },
       };
-      var request = sinon.mock().yields(null, {
-        statusCode: 200
-      }, response);
-      client.request = request;
-
-
-      client.createAddress(function(err, x) {
-        should.not.exist(err);
-        x.address.should.equal('2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq');
+      client.signTxProposal(txp, function(err) {
+        err.code.should.equal('SERVERCOMPROMISED');
+        err.message.should.contain('fake transaction proposal');
         done();
       });
-    })
-    it(' should detect fake addresses ', function(done) {
-      var response = {
-        createdOn: 1424105995,
-        address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
-        path: 'm/2147483647/0/8',
-        publicKeys: ['03f6a5fe8db51bfbaf26ece22a3e3bc242891a47d3048fc70bc0e8c03a071ad76f']
+    });
+
+    it('should detect fake tx proposal change address', function(done) {
+      var txp = {
+        toAddress: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
+        amount: 100000,
+        message: 'some message',
+        proposalSignature: '3045022100e2d9ef7ed592217ab2256fdcf9627075f35ecdf431dde8c9a9c9422b7b1fb00f02202bc8ce066db4401bdbafb2492c3138debbc69c4c01db50d8c22a227e744c8906',
+        changeAddress: {
+          address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
+          path: 'm/2147483647/0/8',
+          publicKeys: ['03f6a5fe8db51bfbaf26ece22a3e3bc242891a47d3048fc70bc0e8c03a071ad76f']
+        },
       };
-      var request = sinon.mock().yields(null, {
-        statusCode: 200
-      }, response);
-      client.request = request;
-      client.createAddress(function(err, x) {
+      client.signTxProposal(txp, function(err) {
         err.code.should.equal('SERVERCOMPROMISED');
-        err.message.should.contain('fake address');
+        err.message.should.contain('fake transaction proposal');
         done();
       });
-    })
-  })
+    });
+  });
 });