diff --git a/BTCPayServer.Tests/SeleniumTester.cs b/BTCPayServer.Tests/SeleniumTester.cs index bf2d502a8..21c34e0ba 100644 --- a/BTCPayServer.Tests/SeleniumTester.cs +++ b/BTCPayServer.Tests/SeleniumTester.cs @@ -427,6 +427,7 @@ namespace BTCPayServer.Tests { if (storeId is null) { + var aaa = this.Driver.PageSource; this.Driver.FindElement(By.Id("StoreNav-Invoices")).Click(); } else diff --git a/BTCPayServer.Tests/SeleniumTests.cs b/BTCPayServer.Tests/SeleniumTests.cs index e5b479a88..100ec9cb4 100644 --- a/BTCPayServer.Tests/SeleniumTests.cs +++ b/BTCPayServer.Tests/SeleniumTests.cs @@ -150,8 +150,8 @@ namespace BTCPayServer.Tests s.Driver.AssertNoError(); Assert.Contains("/login", s.Driver.Url); - s.GoToUrl("/invoices"); - Assert.Contains("ReturnUrl=%2Finvoices", s.Driver.Url); + s.GoToUrl("/Manage/Index"); + Assert.Contains("ReturnUrl=%2FManage%2FIndex", s.Driver.Url); // We should be redirected to login //Same User Can Log Back In @@ -160,7 +160,7 @@ namespace BTCPayServer.Tests s.Driver.FindElement(By.Id("LoginButton")).Click(); // We should be redirected to invoice - Assert.EndsWith("/invoices", s.Driver.Url); + Assert.EndsWith("/Manage/Index", s.Driver.Url); // Should not be able to reach server settings s.GoToUrl("/server/users"); diff --git a/BTCPayServer/Controllers/InvoiceController.UI.cs b/BTCPayServer/Controllers/InvoiceController.UI.cs index d99f71c7b..5340b48d8 100644 --- a/BTCPayServer/Controllers/InvoiceController.UI.cs +++ b/BTCPayServer/Controllers/InvoiceController.UI.cs @@ -746,7 +746,7 @@ namespace BTCPayServer.Controllers [HttpGet("/stores/{storeId}/invoices")] [HttpGet("invoices")] - [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanViewInvoices)] [BitpayAPIConstraint(false)] public async Task ListInvoices(InvoicesModel? model = null) {