1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-26 12:29:06 +01:00

Ensure that new transactions added are using the selected address

This commit is contained in:
Whymarrh Whitby 2018-10-10 16:11:17 -02:30
parent 3d0ba46f21
commit af43b7d6c9
2 changed files with 30 additions and 4 deletions

View File

@ -166,6 +166,10 @@ class TransactionController extends EventEmitter {
async addUnapprovedTransaction (txParams) { async addUnapprovedTransaction (txParams) {
// validate // validate
const normalizedTxParams = txUtils.normalizeTxParams(txParams) const normalizedTxParams = txUtils.normalizeTxParams(txParams)
// Assert the from address is the selected address
if (normalizedTxParams.from !== this.getSelectedAddress()) {
throw new Error(`Transaction from address isn't valid for this account`)
}
txUtils.validateTxParams(normalizedTxParams) txUtils.validateTxParams(normalizedTxParams)
// construct txMeta // construct txMeta
let txMeta = this.txStateManager.generateTxMeta({ let txMeta = this.txStateManager.generateTxMeta({

View File

@ -158,9 +158,19 @@ describe('Transaction Controller', function () {
}) })
describe('#addUnapprovedTransaction', function () { describe('#addUnapprovedTransaction', function () {
const selectedAddress = '0x1678a085c290ebd122dc42cba69373b5953b831d'
let getSelectedAddress
beforeEach(function () {
getSelectedAddress = sinon.stub(txController, 'getSelectedAddress').returns(selectedAddress)
})
afterEach(function () {
getSelectedAddress.restore()
})
it('should add an unapproved transaction and return a valid txMeta', function (done) { it('should add an unapproved transaction and return a valid txMeta', function (done) {
txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d' }) txController.addUnapprovedTransaction({ from: selectedAddress })
.then((txMeta) => { .then((txMeta) => {
assert(('id' in txMeta), 'should have a id') assert(('id' in txMeta), 'should have a id')
assert(('time' in txMeta), 'should have a time stamp') assert(('time' in txMeta), 'should have a time stamp')
@ -180,25 +190,37 @@ describe('Transaction Controller', function () {
assert(txMetaFromEmit, 'txMeta is falsey') assert(txMetaFromEmit, 'txMeta is falsey')
done() done()
}) })
txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d' }) txController.addUnapprovedTransaction({ from: selectedAddress })
.catch(done) .catch(done)
}) })
it('should fail if recipient is public', function (done) { it('should fail if recipient is public', function (done) {
txController.networkStore = new ObservableStore(1) txController.networkStore = new ObservableStore(1)
txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' }) txController.addUnapprovedTransaction({ from: selectedAddress, to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
.catch((err) => { .catch((err) => {
if (err.message === 'Recipient is a public account') done() if (err.message === 'Recipient is a public account') done()
else done(err) else done(err)
}) })
}) })
it('should fail if the from address isn\'t the selected address', function (done) {
txController.addUnapprovedTransaction({from: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2'})
.then(function () {
assert.fail('transaction should not have been added')
done()
})
.catch(function () {
assert.ok('pass')
done()
})
})
it('should not fail if recipient is public but not on mainnet', function (done) { it('should not fail if recipient is public but not on mainnet', function (done) {
txController.once('newUnapprovedTx', (txMetaFromEmit) => { txController.once('newUnapprovedTx', (txMetaFromEmit) => {
assert(txMetaFromEmit, 'txMeta is falsey') assert(txMetaFromEmit, 'txMeta is falsey')
done() done()
}) })
txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' }) txController.addUnapprovedTransaction({ from: selectedAddress, to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
.catch(done) .catch(done)
}) })
}) })