Ensure that new transactions added are using the selected address

6 years ago · af43b7d6c9
parent 3d0ba46f21
commit af43b7d6c9
2 changed files with 30 additions and 4 deletions
--- a/app/scripts/controllers/transactions/index.js
+++ b/app/scripts/controllers/transactions/index.js
@ -166,6 +166,10 @@ class TransactionController extends EventEmitter {
  async addUnapprovedTransaction (txParams) {
    // validate
    const normalizedTxParams = txUtils.normalizeTxParams(txParams)
+    // Assert the from address is the selected address
+    if (normalizedTxParams.from !== this.getSelectedAddress()) {
+      throw new Error(`Transaction from address isn't valid for this account`)
+    }
    txUtils.validateTxParams(normalizedTxParams)
    // construct txMeta
    let txMeta = this.txStateManager.generateTxMeta({
--- a/test/unit/app/controllers/transactions/tx-controller-test.js
+++ b/test/unit/app/controllers/transactions/tx-controller-test.js
@ -158,9 +158,19 @@ describe('Transaction Controller', function () {
  })

  describe('#addUnapprovedTransaction', function () {
+    const selectedAddress = '0x1678a085c290ebd122dc42cba69373b5953b831d'
+
+    let getSelectedAddress
+    beforeEach(function () {
+      getSelectedAddress = sinon.stub(txController, 'getSelectedAddress').returns(selectedAddress)
+    })
+
+    afterEach(function () {
+      getSelectedAddress.restore()
+    })

    it('should add an unapproved transaction and return a valid txMeta', function (done) {
-      txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d' })
+      txController.addUnapprovedTransaction({ from: selectedAddress })
      .then((txMeta) => {
        assert(('id' in txMeta), 'should have a id')
        assert(('time' in txMeta), 'should have a time stamp')
@ -180,25 +190,37 @@ describe('Transaction Controller', function () {
        assert(txMetaFromEmit, 'txMeta is falsey')
        done()
      })
-      txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d' })
+      txController.addUnapprovedTransaction({ from: selectedAddress })
      .catch(done)
    })

    it('should fail if recipient is public', function (done) {
      txController.networkStore = new ObservableStore(1)
-      txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
+      txController.addUnapprovedTransaction({ from: selectedAddress, to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
      .catch((err) => {
        if (err.message === 'Recipient is a public account') done()
        else done(err)
      })
    })

+    it('should fail if the from address isn\'t the selected address', function (done) {
+      txController.addUnapprovedTransaction({from: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2'})
+        .then(function () {
+          assert.fail('transaction should not have been added')
+          done()
+        })
+        .catch(function () {
+          assert.ok('pass')
+          done()
+        })
+    })
+
    it('should not fail if recipient is public but not on mainnet', function (done) {
      txController.once('newUnapprovedTx', (txMetaFromEmit) => {
        assert(txMetaFromEmit, 'txMeta is falsey')
        done()
      })
-      txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
+      txController.addUnapprovedTransaction({ from: selectedAddress, to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
      .catch(done)
    })
  })