fix(express): acceptShare type codec

lokesh-bitgo · lokesh-bitgo · commit 44f55c4971a0 · 2025-11-11T21:33:31.000+05:30
Ticket: WP-6717
diff --git a/modules/express/src/typedRoutes/api/v1/acceptShare.ts b/modules/express/src/typedRoutes/api/v1/acceptShare.ts
@@ -13,9 +13,17 @@ export const AcceptShareRequestBody = {
   /** New passphrase to encrypt the shared wallet's keys */
   newWalletPassphrase: optional(t.string),
   /** Optional encrypted private key to use instead of generating a new one */
-  overrideEncryptedXprv: optional(t.string),
+  overrideEncryptedPrv: optional(t.string),
 };
 
+/** Response from accepting a wallet share */
+export const AcceptShareResponse = t.type({
+  /** Indicates whether the share state was changed by this operation */
+  changed: t.boolean,
+  /** Current state of the wallet share */
+  state: t.string,
+});
+
 /**
  * Accept a Wallet Share
  * Allows users to accept a wallet share invitation from another user.
@@ -34,7 +42,7 @@ export const PostAcceptShare = httpRoute({
   }),
   response: {
     /** Successfully accepted wallet share */
-    200: t.UnknownRecord,
+    200: AcceptShareResponse,
     /** Error response */
     400: BitgoExpressError,
   },
diff --git a/modules/express/test/unit/typedRoutes/acceptShare.ts b/modules/express/test/unit/typedRoutes/acceptShare.ts
@@ -3,6 +3,7 @@ import * as t from 'io-ts';
 import {
   AcceptShareRequestParams,
   AcceptShareRequestBody,
+  AcceptShareResponse,
   PostAcceptShare,
 } from '../../../src/typedRoutes/api/v1/acceptShare';
 import { assertDecode } from './common';
@@ -48,13 +49,13 @@ describe('AcceptShare codec tests', function () {
       const validBody = {
         userPassword: 'mySecurePassword',
         newWalletPassphrase: 'myNewPassphrase',
-        overrideEncryptedXprv: 'encryptedXprvString',
+        overrideEncryptedPrv: 'encryptedPrvString',
       };
 
       const decoded = assertDecode(t.type(AcceptShareRequestBody), validBody);
       assert.strictEqual(decoded.userPassword, validBody.userPassword);
       assert.strictEqual(decoded.newWalletPassphrase, validBody.newWalletPassphrase);
-      assert.strictEqual(decoded.overrideEncryptedXprv, validBody.overrideEncryptedXprv);
+      assert.strictEqual(decoded.overrideEncryptedPrv, validBody.overrideEncryptedPrv);
     });
 
     it('should validate empty body since all fields are optional', function () {
@@ -63,7 +64,7 @@ describe('AcceptShare codec tests', function () {
       const decoded = assertDecode(t.type(AcceptShareRequestBody), validBody);
       assert.strictEqual(decoded.userPassword, undefined);
       assert.strictEqual(decoded.newWalletPassphrase, undefined);
-      assert.strictEqual(decoded.overrideEncryptedXprv, undefined);
+      assert.strictEqual(decoded.overrideEncryptedPrv, undefined);
     });
 
     it('should reject body with non-string optional fields', function () {
@@ -103,13 +104,13 @@ describe('AcceptShare codec tests', function () {
       const body = {
         userPassword: '',
         newWalletPassphrase: '',
-        overrideEncryptedXprv: '',
+        overrideEncryptedPrv: '',
       };
 
       const decoded = assertDecode(t.type(AcceptShareRequestBody), body);
       assert.strictEqual(decoded.userPassword, '');
       assert.strictEqual(decoded.newWalletPassphrase, '');
-      assert.strictEqual(decoded.overrideEncryptedXprv, '');
+      assert.strictEqual(decoded.overrideEncryptedPrv, '');
     });
 
     it('should handle additional unknown properties', function () {
@@ -126,14 +127,79 @@ describe('AcceptShare codec tests', function () {
     });
   });
 
+  describe('AcceptShareResponse', function () {
+    it('should validate valid response with all fields', function () {
+      const validResponse = {
+        changed: true,
+        state: 'accepted',
+      };
+
+      const decoded = assertDecode(AcceptShareResponse, validResponse);
+      assert.strictEqual(decoded.changed, validResponse.changed);
+      assert.strictEqual(decoded.state, validResponse.state);
+    });
+
+    it('should validate response with changed=false', function () {
+      const validResponse = {
+        changed: false,
+        state: 'pending',
+      };
+
+      const decoded = assertDecode(AcceptShareResponse, validResponse);
+      assert.strictEqual(decoded.changed, false);
+      assert.strictEqual(decoded.state, 'pending');
+    });
+
+    it('should reject response without changed field', function () {
+      const invalidResponse = {
+        state: 'accepted',
+      };
+
+      assert.throws(() => {
+        assertDecode(AcceptShareResponse, invalidResponse);
+      });
+    });
+
+    it('should reject response without state field', function () {
+      const invalidResponse = {
+        changed: true,
+      };
+
+      assert.throws(() => {
+        assertDecode(AcceptShareResponse, invalidResponse);
+      });
+    });
+
+    it('should reject response with non-boolean changed field', function () {
+      const invalidResponse = {
+        changed: 'true',
+        state: 'accepted',
+      };
+
+      assert.throws(() => {
+        assertDecode(AcceptShareResponse, invalidResponse);
+      });
+    });
+
+    it('should reject response with non-string state field', function () {
+      const invalidResponse = {
+        changed: true,
+        state: 123,
+      };
+
+      assert.throws(() => {
+        assertDecode(AcceptShareResponse, invalidResponse);
+      });
+    });
+  });
+
   describe('Supertest Integration Tests', function () {
     const agent = setupAgent();
     const shareId = 'share123456789abcdef';
 
     const mockAcceptShareResponse = {
       state: 'accepted',
       changed: true,
-      walletId: 'wallet123',
     };
 
     afterEach(function () {
@@ -144,7 +210,7 @@ describe('AcceptShare codec tests', function () {
       const requestBody = {
         userPassword: 'mySecurePassword',
         newWalletPassphrase: 'myNewPassphrase',
-        overrideEncryptedXprv: 'encryptedXprvString',
+        overrideEncryptedPrv: 'encryptedPrvString',
       };
 
       const acceptShareStub = sinon.stub().resolves(mockAcceptShareResponse);
@@ -163,13 +229,18 @@ describe('AcceptShare codec tests', function () {
       assert.strictEqual(result.status, 200);
       assert.ok(result.body);
 
+      // Validate response structure
+      const decodedResponse = assertDecode(AcceptShareResponse, result.body);
+      assert.strictEqual(typeof decodedResponse.changed, 'boolean');
+      assert.strictEqual(typeof decodedResponse.state, 'string');
+
       // Verify the method was called with correct params
       sinon.assert.calledOnce(acceptShareStub);
       const callArgs = acceptShareStub.firstCall.args[0];
       assert.strictEqual(callArgs.walletShareId, shareId);
       assert.strictEqual(callArgs.userPassword, requestBody.userPassword);
       assert.strictEqual(callArgs.newWalletPassphrase, requestBody.newWalletPassphrase);
-      assert.strictEqual(callArgs.overrideEncryptedXprv, requestBody.overrideEncryptedXprv);
+      assert.strictEqual(callArgs.overrideEncryptedPrv, requestBody.overrideEncryptedPrv);
     });
 
     it('should successfully accept share with empty body', async function () {
@@ -191,6 +262,9 @@ describe('AcceptShare codec tests', function () {
       assert.strictEqual(result.status, 200);
       assert.ok(result.body);
 
+      // Validate response structure
+      assertDecode(AcceptShareResponse, result.body);
+
       sinon.assert.calledOnce(acceptShareStub);
       const callArgs = acceptShareStub.firstCall.args[0];
       assert.strictEqual(callArgs.walletShareId, shareId);
@@ -217,6 +291,9 @@ describe('AcceptShare codec tests', function () {
       assert.strictEqual(result.status, 200);
       assert.ok(result.body);
 
+      // Validate response structure
+      assertDecode(AcceptShareResponse, result.body);
+
       sinon.assert.calledOnce(acceptShareStub);
       const callArgs = acceptShareStub.firstCall.args[0];
       assert.strictEqual(callArgs.walletShareId, shareId);
