aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 22:14:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not show password in clear text in email configuration (Fix #1790)

Browse Source
This commit is contained in:
nicolas.dorier
2020-10-05 15:42:19 +09:00
parent 2a3dbaa7b4
commit 60cadb8b6d
5 changed files with 115 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
BTCPayServer/Controllers/ServerController.cs
View File

@@ -944,23 +944,28 @@ namespace BTCPayServer.Controllers
public async Task<IActionResult> Emails()
{
var data = (await _SettingsRepository.GetSettingAsync<EmailSettings>()) ?? new EmailSettings();
return View(new EmailsViewModel() { Settings = data });
return View(new EmailsViewModel(data));
}
[Route("server/emails")]
[HttpPost]
public async Task<IActionResult> Emails(EmailsViewModel model, string command)
{
if (!model.Settings.IsComplete())
{
TempData[WellKnownTempData.ErrorMessage] = "Required fields missing";
return View(model);
}
if (command == "Test")
{
try
{
if (model.PasswordSet)
{
var settings = await _SettingsRepository.GetSettingAsync<EmailSettings>();
model.Settings.Password = settings.Password;
}
if (!model.Settings.IsComplete())
{
TempData[WellKnownTempData.ErrorMessage] = "Required fields missing";
return View(model);
}
using (var client = model.Settings.CreateSmtpClient())
using (var message = model.Settings.CreateMailMessage(new MailAddress(model.TestEmail), "BTCPay test", "BTCPay test"))
{
@@ -974,11 +979,24 @@ namespace BTCPayServer.Controllers
}
return View(model);
}
else if (command == "ResetPassword")
{
var settings = await _SettingsRepository.GetSettingAsync<EmailSettings>();
settings.Password = null;
await _SettingsRepository.UpdateSetting(model.Settings);
TempData[WellKnownTempData.SuccessMessage] = "Email server password reset";
return RedirectToAction(nameof(Emails));
}
else // if(command == "Save")
{
var oldSettings = await _SettingsRepository.GetSettingAsync<EmailSettings>();
if (new EmailsViewModel(oldSettings).PasswordSet)
{
model.Settings.Password = oldSettings.Password;
}
await _SettingsRepository.UpdateSetting(model.Settings);
TempData[WellKnownTempData.SuccessMessage] = "Email settings saved";
return View(model);
return RedirectToAction(nameof(Emails));
}
}

25
BTCPayServer/Controllers/StoresController.Email.cs
View File

@@ -18,7 +18,7 @@ namespace BTCPayServer.Controllers
if (store == null)
return NotFound();
var data = store.GetStoreBlob().EmailSettings ?? new EmailSettings();
return View(new EmailsViewModel() { Settings = data });
return View(new EmailsViewModel(data));
}
[Route("{storeId}/emails")]
@@ -32,6 +32,10 @@ namespace BTCPayServer.Controllers
{
try
{
if (model.PasswordSet)
{
model.Settings.Password = store.GetStoreBlob().EmailSettings.Password;
}
if (!model.Settings.IsComplete())
{
TempData[WellKnownTempData.ErrorMessage] = "Required fields missing";
@@ -48,10 +52,26 @@ namespace BTCPayServer.Controllers
}
return View(model);
}
else if (command == "ResetPassword")
{
var storeBlob = store.GetStoreBlob();
storeBlob.EmailSettings.Password = null;
store.SetStoreBlob(storeBlob);
await _Repo.UpdateStore(store);
TempData[WellKnownTempData.SuccessMessage] = "Email server password reset";
return RedirectToAction(nameof(UpdateStore), new
{
storeId
});
}
else // if(command == "Save")
{
var storeBlob = store.GetStoreBlob();
var oldPassword = storeBlob.EmailSettings?.Password;
if (new EmailsViewModel(storeBlob.EmailSettings).PasswordSet)
{
model.Settings.Password = storeBlob.EmailSettings.Password;
}
storeBlob.EmailSettings = model.Settings;
store.SetStoreBlob(storeBlob);
await _Repo.UpdateStore(store);
@@ -60,7 +80,6 @@ namespace BTCPayServer.Controllers
{
storeId
});
}
}
}

11
BTCPayServer/Models/ServerViewModels/EmailsViewModel.cs
View File

@@ -5,11 +5,20 @@ namespace BTCPayServer.Models.ServerViewModels
{
public class EmailsViewModel
{
public EmailsViewModel()
{
}
public EmailsViewModel(EmailSettings settings)
{
Settings = settings;
PasswordSet = !string.IsNullOrEmpty(settings?.Password);
}
public EmailSettings Settings
{
get; set;
}
public bool PasswordSet { get; set; }
[EmailAddress]
[Display(Name = "Test Email")]
public string TestEmail

1
BTCPayServer/Services/Mails/EmailSettings.cs
View File

@@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations;
using System.Net;
using System.Net.Mail;
using Newtonsoft.Json;
namespace BTCPayServer.Services.Mails
{

19
BTCPayServer/Views/Shared/EmailsBody.cshtml
View File

@@ -1,4 +1,4 @@
@model BTCPayServer.Models.ServerViewModels.EmailsViewModel
@model BTCPayServer.Models.ServerViewModels.EmailsViewModel
<partial name="_StatusMessage" />
@@ -94,9 +94,23 @@ $(document).ready(function(){
<span asp-validation-for="Settings.Login" class="text-danger"></span>
</div>
<div class="form-group">
@if (!Model.PasswordSet)
{
<label asp-for="Settings.Password"></label>
<input asp-for="Settings.Password" value="@Model.Settings.Password" class="form-control"/>
<input asp-for="Settings.Password" type="password" class="form-control" />
<span asp-validation-for="Settings.Password" class="text-danger"></span>
}
else
{
<label asp-for="Settings.Password"></label>
<div class="input-group">
<input value="Configured" type="text" readonly class="form-control" />
<div class="input-group-append">
<button type="submit" class="btn btn-danger" name="command" value="ResetPassword">Reset</button>
</div>
</div>
}
</div>
<div class="form-group">
<div class="form-check">
@@ -104,6 +118,7 @@ $(document).ready(function(){
<label asp-for="Settings.EnableSSL" class="form-check-label"></label>
</div>
</div>
<input asp-for="PasswordSet" type="hidden" />
<button type="submit" class="btn btn-primary" name="command" value="Save">Save</button>
</div>
</div>