fix: reject pending confirmations when app locks (#26905)

vinistevam · web-flow · commit 7b4433ec12ec · 2026-03-06T06:51:48.000Z
## **Description** If the user is on a send confirmation and the app goes idle until the device and MetaMask lock, after unlocking they no longer see that confirmation. If they then start a **new** send, the UI can show the **previous** confirmation instead of the new one, because the old approval was never rejected and remains first in the pending list. **Solution** When the app locks, reject all pending approvals by calling `ApprovalController.clear(providerErrors.userRejectedRequest())` in the lock saga, before navigating to the lock screen. That way there are no stale confirmations after unlock, and any new send shows the correct confirmation. **Changes** - **`app/store/sagas/index.ts`**: In `appLockStateMachine`, after handling `LOCKED_APP`, clear pending approvals via `Engine.context.ApprovalController.clear(...)` inside try/catch, then navigate to `LOCK_SCREEN`. Log and ignore errors so navigation still runs. - **`app/store/sagas/sagas.test.ts`**: Add `ApprovalController` with `clear` to the Engine mock; add tests that clear is called with `userRejectedRequest()` when the app locks and that navigation to `LOCK_SCREEN` still happens when `clear` throws. -  ## **Changelog**  CHANGELOG entry: Fixed issue of confirmation not rejecting when app locks ## **Related issues** Fixes: #26320 ## **Manual testing steps** ```gherkin Feature: Transaction Confirmation Persistence After Lock Scenario: Stale confirmation displayed after device lock timeout and new transaction Given the user has MetaMask open and unlocked on the home screen # First transaction When user initiates a send transaction And user reaches the confirmation screen # Lock timeout And user allows the phone to idle until device and MetaMask lock And user unlocks the phone And user unlocks MetaMask Then the confirmation screen should no longer be open # Second transaction - bug occurs When user initiates a different send transaction And user reaches the confirmation screen Then the confirmation shown should be for the previous transaction instead of the current one ``` ## **Screenshots/Recordings** [reject-approval-app-locks.webm](https://github.com/user-attachments/assets/ed331559-bf7a-452b-8688-7014dd4bff34)  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Changes approval/confirmation lifecycle by clearing all pending approvals on app lock, which could inadvertently reject legitimate in-flight requests if triggered unexpectedly. Guarded with try/catch and covered by new saga tests, but behavior impacts transaction confirmations. > > **Overview** > Prevents stale transaction/permission confirmations after unlocking by clearing any pending approvals when `UserActionType.LOCKED_APP` fires, rejecting them with `providerErrors.userRejectedRequest()` before navigating to `Routes.LOCK_SCREEN`. > > Updates saga tests to mock `ApprovalController.clear` and assert it is invoked on lock, and that navigation to the lock screen still occurs even if clearing approvals throws. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2f1c2d3. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>
diff --git a/app/store/sagas/index.ts b/app/store/sagas/index.ts
@@ -34,6 +34,7 @@ import { rewardsBulkLinkSaga } from './rewardsBulkLinkAccountGroups';
 import Authentication from '../../core/Authentication';
 import { AppState, AppStateStatus } from 'react-native';
 import trackErrorAsAnalytics from '../../util/metrics/TrackError/trackErrorAsAnalytics';
+import { providerErrors } from '@metamask/rpc-errors';
 
 /**
  * Creates a channel to listen to app state changes.
@@ -109,6 +110,19 @@ export function* appLockStateMachine() {
   while (true) {
     yield take(UserActionType.LOCKED_APP);
 
+    // Reject any pending confirmations so the user doesn't see a stale confirmation after unlock.
+    try {
+      const { ApprovalController } = Engine.context;
+      if (ApprovalController) {
+        ApprovalController.clear(providerErrors.userRejectedRequest());
+      }
+    } catch (error) {
+      Logger.error(
+        error as Error,
+        'Failed to reject pending approvals on app lock',
+      );
+    }
+
     // Navigate to lock screen.
     NavigationService.navigation?.navigate(Routes.LOCK_SCREEN);
 
diff --git a/app/store/sagas/sagas.test.ts b/app/store/sagas/sagas.test.ts
@@ -25,6 +25,7 @@ import WC2Manager from '../../core/WalletConnect/WalletConnectV2';
 import Authentication from '../../core/Authentication';
 import AppConstants from '../../core/AppConstants';
 import trackErrorAsAnalytics from '../../util/metrics/TrackError/trackErrorAsAnalytics';
+import { providerErrors } from '@metamask/rpc-errors';
 
 const mockNavigate = jest.fn();
 const mockReset = jest.fn();
@@ -75,6 +76,9 @@ jest.mock('../../core/Engine', () => ({
     AccountsController: {
       updateAccounts: jest.fn(),
     },
+    ApprovalController: {
+      clear: jest.fn(),
+    },
     RemoteFeatureFlagController: {
       state: {
         remoteFeatureFlags: {
@@ -344,9 +348,13 @@ describe('appStateListenerTask', () => {
 });
 
 describe('appLockStateMachine', () => {
+  const mockApprovalControllerClear = Engine.context.ApprovalController
+    .clear as jest.Mock;
+
   beforeEach(() => {
     mockNavigate.mockClear();
     mockReset.mockClear();
+    mockApprovalControllerClear.mockClear();
   });
 
   it('forks appStateListenerTask and navigates to LockScreen when app is locked', async () => {
@@ -359,6 +367,29 @@ describe('appLockStateMachine', () => {
     // Verify navigation to LockScreen
     expect(mockNavigate).toHaveBeenCalledWith(Routes.LOCK_SCREEN);
   });
+
+  it('clears pending approvals via ApprovalController.clear when app is locked', async () => {
+    await expectSaga(appLockStateMachine)
+      .dispatch({ type: UserActionType.LOCKED_APP })
+      .run();
+
+    expect(mockApprovalControllerClear).toHaveBeenCalledWith(
+      providerErrors.userRejectedRequest(),
+    );
+    expect(mockNavigate).toHaveBeenCalledWith(Routes.LOCK_SCREEN);
+  });
+
+  it('navigates to LockScreen even when ApprovalController.clear throws', async () => {
+    mockApprovalControllerClear.mockImplementationOnce(() => {
+      throw new Error('clear failed');
+    });
+
+    await expectSaga(appLockStateMachine)
+      .dispatch({ type: UserActionType.LOCKED_APP })
+      .run();
+
+    expect(mockNavigate).toHaveBeenCalledWith(Routes.LOCK_SCREEN);
+  });
 });
 
 // TODO: Update all saga tests to use expectSaga (more intuitive and easier to read)
