diff --git a/BTCPayServer.Tests/SeleniumTester.cs b/BTCPayServer.Tests/SeleniumTester.cs index 21c34e0ba..bf2d502a8 100644 --- a/BTCPayServer.Tests/SeleniumTester.cs +++ b/BTCPayServer.Tests/SeleniumTester.cs @@ -427,7 +427,6 @@ namespace BTCPayServer.Tests { if (storeId is null) { - var aaa = this.Driver.PageSource; this.Driver.FindElement(By.Id("StoreNav-Invoices")).Click(); } else diff --git a/BTCPayServer/Controllers/AccountController.cs b/BTCPayServer/Controllers/AccountController.cs index f68c55f9e..02462bf20 100644 --- a/BTCPayServer/Controllers/AccountController.cs +++ b/BTCPayServer/Controllers/AccountController.cs @@ -24,7 +24,6 @@ using NicolasDorier.RateLimits; namespace BTCPayServer.Controllers { [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] - [Route("[controller]/[action]")] public class AccountController : Controller { private readonly UserManager _userManager; @@ -71,10 +70,8 @@ namespace BTCPayServer.Controllers get; set; } - [HttpGet] + [HttpGet("/login")] [AllowAnonymous] - [Route("~/login", Order = 1)] - [Route("~/Account/Login", Order = 2)] public async Task Login(string returnUrl = null, string email = null) { if (User.Identity.IsAuthenticated && string.IsNullOrEmpty(returnUrl)) @@ -92,9 +89,8 @@ namespace BTCPayServer.Controllers } - [HttpPost] + [HttpPost("/login/code")] [AllowAnonymous] - [Route("~/login/code", Order = 1)] [ValidateAntiForgeryToken] [RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)] @@ -118,10 +114,8 @@ namespace BTCPayServer.Controllers return await Login(returnUrl, null); } - [HttpPost] + [HttpPost("/login")] [AllowAnonymous] - [Route("~/login", Order = 1)] - [Route("~/Account/Login", Order = 2)] [ValidateAntiForgeryToken] [RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)] public async Task Login(LoginViewModel model, string returnUrl = null) @@ -235,7 +229,7 @@ namespace BTCPayServer.Controllers return null; } - [HttpPost] + [HttpPost("/login/fido2")] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task LoginWithFido2(LoginWithFido2ViewModel viewModel, string returnUrl = null) @@ -283,7 +277,7 @@ namespace BTCPayServer.Controllers } }); } - [HttpGet] + [HttpGet("/login/2fa")] [AllowAnonymous] public async Task LoginWith2fa(bool rememberMe, string returnUrl = null) { @@ -309,7 +303,7 @@ namespace BTCPayServer.Controllers }); } - [HttpPost] + [HttpPost("/login/2fa")] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task LoginWith2fa(LoginWith2faViewModel model, bool rememberMe, string returnUrl = null) @@ -356,7 +350,7 @@ namespace BTCPayServer.Controllers } } - [HttpGet] + [HttpGet("/login/recovery-code")] [AllowAnonymous] public async Task LoginWithRecoveryCode(string returnUrl = null) { @@ -377,7 +371,7 @@ namespace BTCPayServer.Controllers return View(); } - [HttpPost] + [HttpPost("/login/recovery-code")] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null) @@ -420,17 +414,15 @@ namespace BTCPayServer.Controllers } } - [HttpGet] + [HttpGet("/login/lockout")] [AllowAnonymous] public IActionResult Lockout() { return View(); } - [HttpGet] + [HttpGet("/register")] [AllowAnonymous] - [Route("~/register", Order = 1)] - [Route("~/Account/Register", Order = 2)] [RateLimitsFilter(ZoneLimits.Register, Scope = RateLimitsScope.RemoteAddress)] public async Task Register(string returnUrl = null, bool logon = true) { @@ -445,10 +437,8 @@ namespace BTCPayServer.Controllers return View(); } - [HttpPost] + [HttpPost("/register")] [AllowAnonymous] - [Route("~/register", Order = 1)] - [Route("~/Account/Register", Order = 2)] [ValidateAntiForgeryToken] public async Task Register(RegisterViewModel model, string returnUrl = null, bool logon = true) { @@ -518,8 +508,7 @@ namespace BTCPayServer.Controllers public string RegisteredUserId { get; set; } public bool RegisteredAdmin { get; set; } - [HttpGet] - [Route("logout")] + [HttpGet("/logout")] public async Task Logout() { await _signInManager.SignOutAsync(); @@ -527,7 +516,7 @@ namespace BTCPayServer.Controllers return RedirectToAction(nameof(HomeController.Index), "Home"); } - [HttpGet] + [HttpGet("/register/confirm-email")] [AllowAnonymous] public async Task ConfirmEmail(string userId, string code) { @@ -566,14 +555,14 @@ namespace BTCPayServer.Controllers return View("Error"); } - [HttpGet] + [HttpGet("/login/forgot-password")] [AllowAnonymous] public IActionResult ForgotPassword() { return View(); } - [HttpPost] + [HttpPost("/login/forgot-password")] [AllowAnonymous] [ValidateAntiForgeryToken] [RateLimitsFilter(ZoneLimits.ForgotPassword, Scope = RateLimitsScope.RemoteAddress)] @@ -599,14 +588,14 @@ namespace BTCPayServer.Controllers return View(model); } - [HttpGet] + [HttpGet("/login/forgot-password/confirm")] [AllowAnonymous] public IActionResult ForgotPasswordConfirmation() { return View(); } - [HttpGet] + [HttpGet("/login/set-password")] [AllowAnonymous] public async Task SetPassword(string code = null, string userId = null, string email = null) { @@ -625,7 +614,7 @@ namespace BTCPayServer.Controllers return View(model); } - [HttpPost] + [HttpPost("/login/set-password")] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task SetPassword(SetPasswordViewModel model) @@ -656,12 +645,6 @@ namespace BTCPayServer.Controllers return View(model); } - [HttpGet] - public IActionResult AccessDenied() - { - return View(); - } - #region Helpers private void AddErrors(IdentityResult result) diff --git a/BTCPayServer/Controllers/ErrorController.cs b/BTCPayServer/Controllers/ErrorController.cs index c3c8ce241..8fcdc00f2 100644 --- a/BTCPayServer/Controllers/ErrorController.cs +++ b/BTCPayServer/Controllers/ErrorController.cs @@ -4,9 +4,9 @@ using Microsoft.AspNetCore.Mvc; namespace BTCPayServer.Controllers { - [Route("[controller]/[action]")] public class ErrorController : Controller { + [Route("/errors/{statusCode:int}")] public IActionResult Handle(int? statusCode = null) { if (Request.Headers.TryGetValue("Accept", out var v) && v.Any(v => v.Contains("text/html", StringComparison.OrdinalIgnoreCase))) @@ -24,10 +24,5 @@ namespace BTCPayServer.Controllers } return this.StatusCode(statusCode.Value); } - - public IActionResult Denied() - { - return Handle(403); - } } } diff --git a/BTCPayServer/Hosting/Startup.cs b/BTCPayServer/Hosting/Startup.cs index 65daa8ae1..a49946ead 100644 --- a/BTCPayServer/Hosting/Startup.cs +++ b/BTCPayServer/Hosting/Startup.cs @@ -75,7 +75,7 @@ namespace BTCPayServer.Hosting services.PostConfigure(IdentityConstants.ApplicationScheme, opt => { opt.LoginPath = "/login"; - opt.AccessDeniedPath = "/Error/Denied"; + opt.AccessDeniedPath = "/errors/403"; opt.LogoutPath = "/logout"; }); @@ -235,7 +235,7 @@ namespace BTCPayServer.Hosting forwardingOptions.ForwardedHeaders = ForwardedHeaders.All; app.UseForwardedHeaders(forwardingOptions); - app.UseStatusCodePagesWithReExecute("/Error/Handle", "?statusCode={0}"); + app.UseStatusCodePagesWithReExecute("/errors/{0}"); app.UsePayServer(); app.UseRouting(); diff --git a/BTCPayServer/Views/Account/AccessDenied.cshtml b/BTCPayServer/Views/Account/AccessDenied.cshtml deleted file mode 100644 index 9a0f70467..000000000 --- a/BTCPayServer/Views/Account/AccessDenied.cshtml +++ /dev/null @@ -1,12 +0,0 @@ -@{ - ViewData["Title"] = "Access denied"; -} - -
-
-
-

@ViewData["Title"]

-

You do not have access to this resource.

-
-
-