Merge pull request #413 from matiu/bug/hide-encrypted-json

Bug/hide encrypted json

lib/api.js

@@ -1493,21 +1493,21 @@ API.prototype._processWallet = function(wallet) {
 
   var encryptingKey = self.credentials.sharedEncryptingKey;
 
-  var name = Utils.decryptMessage(wallet.name, encryptingKey);
+  var name = Utils.decryptMessageNoThrow(wallet.name, encryptingKey);
   if (name != wallet.name) {
     wallet.encryptedName = wallet.name;
   }
   wallet.name = name;
   _.each(wallet.copayers, function(copayer) {
-    var name = Utils.decryptMessage(copayer.name, encryptingKey);
+    var name = Utils.decryptMessageNoThrow(copayer.name, encryptingKey);
     if (name != copayer.name) {
       copayer.encryptedName = copayer.name;
     }
     copayer.name = name;
     _.each(copayer.requestPubKeys, function(access) {
       if (!access.name) return;
 
-      var name = Utils.decryptMessage(access.name, encryptingKey);
+      var name = Utils.decryptMessageNoThrow(access.name, encryptingKey);
       if (name != access.name) {
         access.encryptedName = access.name;
       }
@@ -1747,7 +1747,6 @@ API.prototype.createTxProposal = function(opts, cb) {
     if (err) return cb(err);
 
     self._processTxps(txp);
-
     if (!Verifier.checkProposalCreation(args, txp, self.credentials.sharedEncryptingKey)) {
       return cb(new Errors.SERVER_COMPROMISED);
     }

lib/common/utils.js

@@ -30,15 +30,28 @@ Utils.encryptMessage = function(message, encryptingKey) {
   }, Utils.SJCL));
 };
 
+// Will throw if it can't decrypt
 Utils.decryptMessage = function(cyphertextJson, encryptingKey) {
+  if (!cyphertextJson) return;
+
+  if (!encryptingKey)
+    throw 'No key';
+
+  var key = sjcl.codec.base64.toBits(encryptingKey);
+  return sjcl.decrypt(key, cyphertextJson);
+};
+
+
+Utils.decryptMessageNoThrow = function(cyphertextJson, encryptingKey) {
   try {
-    var key = sjcl.codec.base64.toBits(encryptingKey);
-    return sjcl.decrypt(key, cyphertextJson);
-  } catch (ex) {
+    return Utils.decryptMessage(cyphertextJson, encryptingKey);
+  } catch (e) {
     return cyphertextJson;
   }
 };
 
+
+
 /* TODO: It would be nice to be compatible with bitcoind signmessage. How
  * the hash is calculated there? */
 Utils.hashMessage = function(text) {

package.json

@@ -2,7 +2,7 @@
   "name": "bitcore-wallet-client",
   "description": "Client for bitcore-wallet-service",
   "author": "BitPay Inc",
-  "version": "6.7.2",
+  "version": "6.7.3",
   "license": "MIT",
   "keywords": [
     "bitcoin",

test/client.js

@@ -1171,6 +1171,7 @@ describe('client API', function() {
         });
       });
     });
+
     it('should create Bitcoin Cash wallet', function(done) {
       clients[0].seedFromRandomWithMnemonic({
         coin: 'bch'
@@ -1467,7 +1468,8 @@ describe('client API', function() {
           status.wallet.publicKeyRing.length.should.equal(1);
           status.wallet.status.should.equal('complete');
           var key2 = status.customData.walletPrivKey;
-          key2.should.be.equal(key2);
+
+          clients[0].credentials.walletPrivKey.should.be.equal(key2);
           done();
         });
       });
@@ -2359,7 +2361,7 @@ describe('client API', function() {
         });
       });
     });
-    it('Should fail to create proposal with insufficient funds for fee', function(done) {
+   it('Should fail to create proposal with insufficient funds for fee', function(done) {
       var opts = {
         amount: 5e8 - 200e2,
         toAddress: 'n2TBMPzPECGUfcT2EByiTJ12TPZkhN2mN5',
@@ -2449,6 +2451,30 @@ describe('client API', function() {
         });
       });
     });
+    it('Should hide message and refusal texts if not key is present', function(done) {
+      var opts = {
+        amount: 1e8,
+        toAddress: 'n2TBMPzPECGUfcT2EByiTJ12TPZkhN2mN5',
+        message: 'some message',
+      };
+      helpers.createAndPublishTxProposal(clients[0], opts, function(err, x) {
+        should.not.exist(err);
+        clients[1].rejectTxProposal(x, 'rejection comment', function(err, tx1) {
+          should.not.exist(err);
+
+          clients[2].credentials.sharedEncryptingKey=null;
+
+          clients[2].getTxProposals({}, function(err, txs) {
+            should.not.exist(err);
+            txs[0].message.should.equal('<ECANNOTDECRYPT>');
+            txs[0].actions[0].copayerName.should.equal('<ECANNOTDECRYPT>');
+            txs[0].actions[0].comment.should.equal('<ECANNOTDECRYPT>');
+            done();
+          });
+        });
+      });
+    });
+
     it('Should encrypt proposal message', function(done) {
       var opts = {
         outputs: [{

test/utils.js

@@ -189,6 +189,30 @@ describe('Utils', function() {
     });
   });
 
+
+  describe('#decryptMessage should throw', function() {
+    it('should encrypt and decrypt', function() {
+      var pwd = "ezDRS2NRchMJLf1IWtjL5A==";
+      var ct = Utils.encryptMessage('hello world', pwd);
+      (function(){
+        Utils.decryptMessage(ct, 'test')
+      }).should.throw('invalid aes key size');
+    });
+  });
+
+  describe('#decryptMessageNoThrow should not throw', function() {
+    it('should encrypt and decrypt', function() {
+      var pwd = "ezDRS2NRchMJLf1IWtjL5A==";
+      var ct = Utils.encryptMessage('hello world', pwd);
+      var msg = Utils.decryptMessageNoThrow(ct, 'test');
+      // returns encrypted json
+      should.exist(JSON.parse(msg).iv);
+      should.exist(JSON.parse(msg).ct);
+    });
+  });
+
+
+
   describe('#getProposalHash', function() {
     it('should compute hash for old style proposals', function() {
       var hash = Utils.getProposalHash('msj42CCGruhRsFrGATiUuh25dtxYtnpbTx', 1234, 'the message');