From 0931024e23fec40573165c367640669441c0505e Mon Sep 17 00:00:00 2001
From: Gustavo Cortez <cmgustavo83@gmail.com>
Date: Mon, 7 Jul 2014 17:38:17 -0300
Subject: [PATCH] Fixes: verify addressbook method

---
 index.html               |  3 +--
 js/controllers/send.js   | 13 +------------
 js/models/core/Wallet.js | 11 ++++++-----
 test/test.Wallet.js      | 35 +++++++++++++++++++++++++----------
 4 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/index.html b/index.html
index 8d0085f87..40bb5f18c 100644
--- a/index.html
+++ b/index.html
@@ -758,8 +758,7 @@
               </thead>
               <tbody>
               <tr 
-                ng-repeat="(addr, info) in $root.wallet.addressBook track by $index" 
-                ng-if="info.copayerId != -1"
+                ng-repeat="(addr, info) in $root.wallet.addressBook
                 ng-class="{'addressbook-disabled': info.hidden}">
                 <td><a ng-click="copyAddress(addr)" title="Copy address">{{info.label}}</a></td>
                 <td>{{addr}}</td>
diff --git a/js/controllers/send.js b/js/controllers/send.js
index 914e6e54e..e068ef0b4 100644
--- a/js/controllers/send.js
+++ b/js/controllers/send.js
@@ -14,7 +14,7 @@ angular.module('copayApp.controllers').controller('SendController',
       var flag;
       if (w) {
         for (var k in w.addressBook) {
-          if (w.addressBook[k].copayerId != -1) {
+          if (w.addressBook[k]) {
             flag = true;
             break;
           }
@@ -186,16 +186,6 @@ angular.module('copayApp.controllers').controller('SendController',
       }, 500);
     };
 
-    $scope.verifyAddressbookSignature = function(key) {
-      $timeout(function() {
-        var w = $rootScope.wallet;
-        var isValid = w.verfifyAddressbookSignature(key);
-        if (!isValid) {
-          notification.error('Wrong signature', 'Entry of Addressbooks was deleted');
-        }
-      }, 10);
-    };
-
     $scope.toggleAddressBookEntry = function(key) {
       var w = $rootScope.wallet;
       w.toggleAddressBookEntry(key);
@@ -246,7 +236,6 @@ angular.module('copayApp.controllers').controller('SendController',
           if (errorMsg) {
             notification.error('Error', errorMsg);
           } else {
-            $scope.verifyAddressbookSignature(entry.address);
             notification.success('Success', 'New entry has been created');
           }
           $rootScope.$digest();
diff --git a/js/models/core/Wallet.js b/js/models/core/Wallet.js
index 910b7d5ad..4265b785d 100644
--- a/js/models/core/Wallet.js
+++ b/js/models/core/Wallet.js
@@ -145,6 +145,7 @@ Wallet.prototype._handleAddressBook = function(senderId, data, isInbound) {
   for (var key in rcv) {
     if (!this.addressBook[key]) {
       this.addressBook[key] = rcv[key];
+      var isVerified = this.verifyAddressbookSignature(senderId, key);
       hasChange = true;
     }
   }
@@ -852,8 +853,8 @@ Wallet.prototype.setAddressBook = function(key, label) {
   this.store();
 };
 
-Wallet.prototype.verfifyAddressbookSignature = function(key) {
-  if (!key) throw new Error('Key is required');
+Wallet.prototype.verifyAddressbookSignature = function(senderId, key) {
+  if (!key) throw new Error('Keys are required');
   var signature = this.addressBook[key].signature;
   var payload = {
     address: key,
@@ -861,7 +862,7 @@ Wallet.prototype.verfifyAddressbookSignature = function(key) {
     copayerId: this.addressBook[key].copayerId,
     createdTs: this.addressBook[key].createdTs
   };
-  var isVerified = this.verifySignedObject(payload, signature);
+  var isVerified = this.verifySignedJson(senderId, payload, signature);
   if (!isVerified) {
     // remove wrong signed entry
     delete this.addressBook[key];
@@ -894,8 +895,8 @@ Wallet.prototype.signJson = function(payload) {
   return sign.toString('hex');
 }
 
-Wallet.prototype.verifySignedObject = function(payload, signature) {
-  var pubkey = new Buffer(this.getMyCopayerId(), 'hex');
+Wallet.prototype.verifySignedJson = function(senderId, payload, signature) {
+  var pubkey = new Buffer(senderId, 'hex');
   var sign = new Buffer(signature, 'hex');
   var v = bitcore.Message.verifyWithPubKey(pubkey, JSON.stringify(payload), sign);
   return v;
diff --git a/test/test.Wallet.js b/test/test.Wallet.js
index d42aa6707..cb3f0c280 100644
--- a/test/test.Wallet.js
+++ b/test/test.Wallet.js
@@ -802,23 +802,36 @@ describe('Wallet model', function() {
 
     it('handle network addressBook correctly', function() {
       var w = createW();
+      var pk = '026a55261b7c898fff760ebe14fd22a71892295f3b49e0ca66727bc0a0d7f94d03';
       var data = {
         walletId: w.id,
         addressBook: {
           'msj42CCGruhRsFrGATiUuh25dtxYtnpbTx': {
             label: 'Faucet',
-            copayerId: '026a55261b7c898fff760ebe14fd22a71892295f3b49e0ca66727bc0a0d7f94d03',
+            copayerId: pk,
             createdTs: 1403102115,
           }
         },
         type: 'addressbook'
       };
+      var payload = {
+        address: 'msj42CCGruhRsFrGATiUuh25dtxYtnpbTx',
+        label: 'Faucet',
+        copayerId: pk,
+        createdTs: 1403102115,
+      };
+      data.addressBook['msj42CCGruhRsFrGATiUuh25dtxYtnpbTx'].signature = w.signJson(payload);
+      
       Object.keys(w.addressBook).length.should.equal(2);
       // New address
-      w._handleAddressBook('senderID', data, true);
+      w._handleAddressBook(pk, data, true);
       Object.keys(w.addressBook).length.should.equal(3);
       // Existent address
-      w._handleAddressBook('senderID', data, true);
+      w._handleAddressBook(pk, data, true);
+      Object.keys(w.addressBook).length.should.equal(3);
+      // Address with wrong signature (do nothing)
+      data.addressBook['msj42CCGruhRsFrGATiUuh25dtxYtnpbTx'].label = 'Bad'
+      w._handleAddressBook(pk, data, true);
       Object.keys(w.addressBook).length.should.equal(3);
     }); 
 
@@ -835,26 +848,28 @@ describe('Wallet model', function() {
 
     it('should verify signed object', function() {
       var w = createW();
+      var pk = '026a55261b7c898fff760ebe14fd22a71892295f3b49e0ca66727bc0a0d7f94d03';
       var data = {
         address: 'msj42CCGruhRsFrGATiUuh25dtxYtnpbTx',
         label: 'Faucet',
-        copayerId: '026a55261b7c898fff760ebe14fd22a71892295f3b49e0ca66727bc0a0d7f94d03',
+        copayerId: pk,
         createdTs: 1403102115,
       };
       var signature = w.signJson(data);
 
-      w.verifySignedObject(data, signature).should.equal(true);
+      w.verifySignedJson(pk, data, signature).should.equal(true);
       data.label = 'Another';
-      w.verifySignedObject(data, signature).should.equal(false);
+      w.verifySignedJson(pk, data, signature).should.equal(false);
     });
 
     it('should verify signed addressbook entry', function() {
       var w = createW();
       var key = 'msj42CCGruhRsFrGATiUuh25dtxYtnpbTx';
+      var pk = '026a55261b7c898fff760ebe14fd22a71892295f3b49e0ca66727bc0a0d7f94d03';
       var payload = {
         address: key,
         label: 'Faucet',
-        copayerId: '026a55261b7c898fff760ebe14fd22a71892295f3b49e0ca66727bc0a0d7f94d03',
+        copayerId: pk,
         createdTs: 1403102115,
       };
 
@@ -867,11 +882,11 @@ describe('Wallet model', function() {
       };
       w.addressBook[key] = addressbook;
 
-      w.verfifyAddressbookSignature(key).should.equal(true);
+      w.verifyAddressbookSignature(pk, key).should.equal(true);
       w.addressBook[key].label = 'Another';
-      w.verfifyAddressbookSignature(key).should.equal(false);
+      w.verifyAddressbookSignature(pk, key).should.equal(false);
       (function() { 
-        w.verfifyAddressbookSignature();
+        w.verifyAddressbookSignature();
       }).should.throw();
     });