aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 22:14:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug: When creating API Key for non-admin, some checked permissions were not included (Fix #2107 and Fix #2002)

Browse Source
This commit is contained in:
nicolas.dorier
2020-12-08 15:20:59 +09:00
parent dd5fd2e5bb
commit 13f10657b8
3 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
BTCPayServer.Tests/ApiKeysTests.cs
View File

@@ -173,6 +173,24 @@ namespace BTCPayServer.Tests
s.Driver.Navigate().GoToUrl(authUrl); s.Driver.Navigate().GoToUrl(authUrl);
Assert.False(s.Driver.Url.StartsWith("https://international.com/callback")); Assert.False(s.Driver.Url.StartsWith("https://international.com/callback"));
// Make sure we can check all permissions when not an admin
await user.MakeAdmin(false);
s.Logout();
s.GoToLogin();
s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
s.GoToProfile(ManageNavPages.APIKeys);
s.Driver.FindElement(By.Id("AddApiKey")).Click();
int checkedPermissionCount = 0;
foreach (var checkbox in s.Driver.FindElements(By.ClassName("form-check-input")))
{
checkedPermissionCount++;
checkbox.Click();
}
s.Driver.FindElement(By.Id("Generate")).Click();
var allAPIKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
var apikeydata = await TestApiAgainstAccessToken<ApiKeyData>(allAPIKey, $"api/v1/api-keys/current", tester.PayTester.HttpClient);
Assert.Equal(checkedPermissionCount, apikeydata.Permissions.Length);
} }
} }

2
BTCPayServer/Controllers/ManageController.APIKeys.cs
View File

@@ -437,7 +437,7 @@ namespace BTCPayServer.Controllers
if (!isAdmin) if (!isAdmin)
{ {
foreach (var p in viewModel.PermissionValues.Where(item => Policies.IsServerPolicy(item.Permission))) foreach (var p in viewModel.PermissionValues.Where(item => item.Permission is null || Policies.IsServerPolicy(item.Permission)))
{ {
p.Forbidden = true; p.Forbidden = true;
} }

6
BTCPayServer/Views/Manage/AddApiKey.cshtml
View File

@@ -26,7 +26,11 @@
<div class="list-group mb-4"> <div class="list-group mb-4">
@for (int i = 0; i < Model.PermissionValues.Count; i++) @for (int i = 0; i < Model.PermissionValues.Count; i++)
{ {
@if (!Model.PermissionValues[i].Forbidden) @if (Model.PermissionValues[i].Forbidden)
{
<input type="hidden" asp-for="PermissionValues[i].Value" value="false" />
}
else
{ {
<input type="hidden" asp-for="PermissionValues[i].Permission" /> <input type="hidden" asp-for="PermissionValues[i].Permission" />
@if (Policies.IsStorePolicy(Model.PermissionValues[i].Permission)) @if (Policies.IsStorePolicy(Model.PermissionValues[i].Permission))