From 4d7a5ee3d5ffc4bf5094e0d6f927683c6d72550e Mon Sep 17 00:00:00 2001
From: Ivan Socolsky <jungans@gmail.com>
Date: Fri, 25 Aug 2017 10:11:46 -0300
Subject: [PATCH] prevent joining wallet for different coin

---
 lib/expressapp.js          |  1 -
 lib/server.js              |  9 +++++++++
 test/integration/server.js | 15 +++++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/lib/expressapp.js b/lib/expressapp.js
index 14c1c34..d7ebeaa 100644
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@@ -201,7 +201,6 @@ ExpressApp.prototype.start = function(opts, cb) {
   }
 
   // DEPRECATED
-
   router.post('/v1/wallets/', createWalletLimiter, function(req, res) {
     logDeprecated(req);
     var server;
diff --git a/lib/server.js b/lib/server.js
index b4d3323..bb800c8 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -761,6 +761,7 @@ WalletService._getCopayerHash = function(name, xPubKey, requestPubKey) {
  * Joins a wallet in creation.
  * @param {Object} opts
  * @param {string} opts.walletId - The wallet id.
+ * @param {string} opts.coin[='btc'] - The expected coin for this wallet (btc, bch).
  * @param {string} opts.name - The copayer name.
  * @param {string} opts.xPubKey - Extended Public Key for this copayer.
  * @param {string} opts.requestPubKey - Public Key used to check requests from this copayer.
@@ -777,6 +778,10 @@ WalletService.prototype.joinWallet = function(opts, cb) {
   if (_.isEmpty(opts.name))
     return cb(new ClientError('Invalid copayer name'));
 
+  opts.coin = opts.coin || Defaults.COIN;
+  if (!Utils.checkValueInCollection(opts.coin, Constants.COINS))
+    return cb(new ClientError('Invalid coin'));
+
   try {
     Bitcore.HDPublicKey(opts.xPubKey);
   } catch (ex) {
@@ -791,6 +796,10 @@ WalletService.prototype.joinWallet = function(opts, cb) {
       if (err) return cb(err);
       if (!wallet) return cb(Errors.WALLET_NOT_FOUND);
 
+      if (opts.coin != wallet.coin) {
+        return cb(new ClientError('The wallet you are trying to join was created for a different coin'));
+      }
+
       if (opts.supportBIP44AndP2PKH) {
         // New client trying to join legacy wallet
         if (wallet.derivationStrategy == Constants.DERIVATION_STRATEGIES.BIP45) {
diff --git a/test/integration/server.js b/test/integration/server.js
index e588b0a..a930e3c 100644
--- a/test/integration/server.js
+++ b/test/integration/server.js
@@ -635,6 +635,21 @@ describe('Wallet service', function() {
         });
       });
 
+      it('should fail to join wallet for different coin', function(done) {
+        var copayerOpts = helpers.getSignedCopayerOpts({
+          walletId: walletId,
+          name: 'me',
+          xPubKey: TestData.copayers[0].xPubKey_44H_0H_0H,
+          requestPubKey: TestData.copayers[0].pubKey_1H_0,
+          coin: 'bch',
+        });
+        server.joinWallet(copayerOpts, function(err) {
+          should.exist(err);
+          err.message.should.contain('different coin');
+          done();
+        });
+      });
+
       it('should return copayer in wallet error before full wallet', function(done) {
         helpers.createAndJoinWallet(1, 1, function(s, wallet) {
           var copayerOpts = helpers.getSignedCopayerOpts({