From bcd79c5882d96811dcebd27c1360d1b6e891c042 Mon Sep 17 00:00:00 2001 From: Andrew Camilleri Date: Mon, 14 May 2018 09:32:04 +0200 Subject: [PATCH 1/4] use alternative uri validation --- BTCPayServer.Tests/UnitTest1.cs | 20 ++++++++++++++++++ .../InvoicingModels/CreateInvoiceModel.cs | 4 ++-- .../CheckoutExperienceViewModel.cs | 5 +++-- .../Models/StoreViewModels/StoreViewModel.cs | 3 ++- BTCPayServer/Validation/UriAttribute.cs | 21 +++++++++++++++++++ 5 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 BTCPayServer/Validation/UriAttribute.cs diff --git a/BTCPayServer.Tests/UnitTest1.cs b/BTCPayServer.Tests/UnitTest1.cs index 7ae09e3fd..02b420508 100644 --- a/BTCPayServer.Tests/UnitTest1.cs +++ b/BTCPayServer.Tests/UnitTest1.cs @@ -36,6 +36,7 @@ using BTCPayServer.Services.Stores; using System.Net.Http; using System.Text; using BTCPayServer.Rating; +using BTCPayServer.Validation; using ExchangeSharp; namespace BTCPayServer.Tests @@ -48,6 +49,25 @@ namespace BTCPayServer.Tests Logs.LogProvider = new XUnitLogProvider(helper); } + [Fact] + public void CanHandleUriValidation() + { + var attribute = new UriAttribute(); + Assert.True(attribute.IsValid("http://localhost")); + Assert.True(attribute.IsValid("http://localhost:1234")); + Assert.True(attribute.IsValid("https://localhost")); + Assert.True(attribute.IsValid("https://127.0.0.1")); + Assert.True(attribute.IsValid("http://127.0.0.1")); + Assert.True(attribute.IsValid("http://127.0.0.1:1234")); + Assert.True(attribute.IsValid("http://gozo.com")); + Assert.True(attribute.IsValid("https://gozo.com")); + Assert.True(attribute.IsValid("https://gozo.com:1234")); + Assert.False(attribute.IsValid("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud e")); + Assert.False(attribute.IsValid(2)); + Assert.False(attribute.IsValid("http://")); + Assert.False(attribute.IsValid("httpdsadsa.com")); + } + [Fact] public void CanCalculateCryptoDue2() { diff --git a/BTCPayServer/Models/InvoicingModels/CreateInvoiceModel.cs b/BTCPayServer/Models/InvoicingModels/CreateInvoiceModel.cs index 9ac99d667..631303ae0 100644 --- a/BTCPayServer/Models/InvoicingModels/CreateInvoiceModel.cs +++ b/BTCPayServer/Models/InvoicingModels/CreateInvoiceModel.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.Linq; using System.Threading.Tasks; +using BTCPayServer.Validation; namespace BTCPayServer.Models.InvoicingModels { @@ -52,8 +53,7 @@ namespace BTCPayServer.Models.InvoicingModels get; set; } - - [Url] + [Uri] public string NotificationUrl { get; set; diff --git a/BTCPayServer/Models/StoreViewModels/CheckoutExperienceViewModel.cs b/BTCPayServer/Models/StoreViewModels/CheckoutExperienceViewModel.cs index 025315ad8..ae5176ffd 100644 --- a/BTCPayServer/Models/StoreViewModels/CheckoutExperienceViewModel.cs +++ b/BTCPayServer/Models/StoreViewModels/CheckoutExperienceViewModel.cs @@ -4,6 +4,7 @@ using System.ComponentModel.DataAnnotations; using System.Linq; using System.Threading.Tasks; using BTCPayServer.Services; +using BTCPayServer.Validation; using Microsoft.AspNetCore.Mvc.Rendering; namespace BTCPayServer.Models.StoreViewModels @@ -42,10 +43,10 @@ namespace BTCPayServer.Models.StoreViewModels public string OnChainMinValue { get; set; } [Display(Name = "Link to a custom CSS stylesheet")] - [Url] + [Uri] public string CustomCSS { get; set; } [Display(Name = "Link to a custom logo")] - [Url] + [Uri] public string CustomLogo { get; set; } [Display(Name = "Custom HTML title to display on Checkout page")] diff --git a/BTCPayServer/Models/StoreViewModels/StoreViewModel.cs b/BTCPayServer/Models/StoreViewModels/StoreViewModel.cs index c2fadcdd3..1b86a07c2 100644 --- a/BTCPayServer/Models/StoreViewModels/StoreViewModel.cs +++ b/BTCPayServer/Models/StoreViewModels/StoreViewModel.cs @@ -1,6 +1,7 @@ using BTCPayServer.Services; using BTCPayServer.Services.Invoices; using BTCPayServer.Services.Rates; +using BTCPayServer.Validation; using BTCPayServer.Validations; using Microsoft.AspNetCore.Mvc.Rendering; using System; @@ -34,7 +35,7 @@ namespace BTCPayServer.Models.StoreViewModels get; set; } - [Url] + [Uri] [Display(Name = "Store Website")] [MaxLength(500)] public string StoreWebsite diff --git a/BTCPayServer/Validation/UriAttribute.cs b/BTCPayServer/Validation/UriAttribute.cs new file mode 100644 index 000000000..717d10746 --- /dev/null +++ b/BTCPayServer/Validation/UriAttribute.cs @@ -0,0 +1,21 @@ +using System; +using System.ComponentModel.DataAnnotations; + +namespace BTCPayServer.Validation +{ + //from https://stackoverflow.com/a/47196738/275504 + public class UriAttribute : ValidationAttribute + { + protected override ValidationResult IsValid(object value, ValidationContext validationContext) + { + Uri uri; + bool valid = Uri.TryCreate(Convert.ToString(value), UriKind.Absolute, out uri); + + if (!valid) + { + return new ValidationResult(ErrorMessage); + } + return ValidationResult.Success; + } + } +} From de48fb4077b593b7679cb4f691c13e5a344b8242 Mon Sep 17 00:00:00 2001 From: Andrew Camilleri Date: Mon, 14 May 2018 09:34:19 +0200 Subject: [PATCH 2/4] add direct file test cases --- BTCPayServer.Tests/UnitTest1.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/BTCPayServer.Tests/UnitTest1.cs b/BTCPayServer.Tests/UnitTest1.cs index 02b420508..5aee1d360 100644 --- a/BTCPayServer.Tests/UnitTest1.cs +++ b/BTCPayServer.Tests/UnitTest1.cs @@ -62,6 +62,8 @@ namespace BTCPayServer.Tests Assert.True(attribute.IsValid("http://gozo.com")); Assert.True(attribute.IsValid("https://gozo.com")); Assert.True(attribute.IsValid("https://gozo.com:1234")); + Assert.True(attribute.IsValid("https://gozo.com:1234/test.css")); + Assert.True(attribute.IsValid("https://gozo.com:1234/test.png")); Assert.False(attribute.IsValid("Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud e")); Assert.False(attribute.IsValid(2)); Assert.False(attribute.IsValid("http://")); From 4184c6c208b8fb98dbfe7b516d4770c56e904f68 Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Mon, 14 May 2018 21:28:33 +0900 Subject: [PATCH 3/4] Convert in UriAttribute use invariant culture --- BTCPayServer/Validation/UriAttribute.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/BTCPayServer/Validation/UriAttribute.cs b/BTCPayServer/Validation/UriAttribute.cs index 717d10746..e6bb01608 100644 --- a/BTCPayServer/Validation/UriAttribute.cs +++ b/BTCPayServer/Validation/UriAttribute.cs @@ -1,5 +1,6 @@ using System; using System.ComponentModel.DataAnnotations; +using System.Globalization; namespace BTCPayServer.Validation { @@ -9,7 +10,7 @@ namespace BTCPayServer.Validation protected override ValidationResult IsValid(object value, ValidationContext validationContext) { Uri uri; - bool valid = Uri.TryCreate(Convert.ToString(value), UriKind.Absolute, out uri); + bool valid = Uri.TryCreate(Convert.ToString(value, CultureInfo.InvariantCulture), UriKind.Absolute, out uri); if (!valid) { From 23a3c145edfa7f1640aa1632a57624dccd7b46fd Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Mon, 14 May 2018 22:08:35 +0900 Subject: [PATCH 4/4] fix run.sh --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index e1a9c7c9a..83ced22ec 100755 --- a/run.sh +++ b/run.sh @@ -1,3 +1,3 @@ #!/bin/bash -dotnet run --no-launch-profile --no-build -c Release -p "BTCPayServer/BTCPayServer.csproj" -- "$@" +dotnet run --no-launch-profile --no-build -c Release -p "BTCPayServer/BTCPayServer.csproj" -- $@