aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 14:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

clean and remove hack

Browse Source
This commit is contained in:
Kukks
2020-08-28 09:15:08 +02:00
parent 0e07fcc706
commit 6a8dbf49da
2 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
BTCPayServer.Client/BTCPayServerClient.cs
View File

@@ -103,7 +103,7 @@ namespace BTCPayServer.Client
return request; return request;
} }
private static void AppendPayloadToQuery(UriBuilder uri, KeyValuePair<string, object> keyValuePair) public static void AppendPayloadToQuery(UriBuilder uri, KeyValuePair<string, object> keyValuePair)
{ {
if (uri.Query.Length > 1) if (uri.Query.Length > 1)
uri.Query += "&"; uri.Query += "&";
@@ -126,7 +126,7 @@ namespace BTCPayServer.Client
uri.Query = uri.Query.Trim('&'); uri.Query = uri.Query.Trim('&');
} }
private static void AppendPayloadToQuery(UriBuilder uri, Dictionary<string, object> payload) public static void AppendPayloadToQuery(UriBuilder uri, Dictionary<string, object> payload)
{ {
if (uri.Query.Length > 1) if (uri.Query.Length > 1)
uri.Query += "&"; uri.Query += "&";

37
BTCPayServer/Controllers/ManageController.APIKeys.cs
View File

@@ -104,8 +104,6 @@ namespace BTCPayServer.Controllers
{ {
UserId = new[] {_userManager.GetUserId(User)} UserId = new[] {_userManager.GetUserId(User)}
}); });
if (keys.Any())
{
foreach (var key in keys) foreach (var key in keys)
{ {
var blob = key.GetBlob(); var blob = key.GetBlob();
@@ -115,8 +113,10 @@ namespace BTCPayServer.Controllers
{ {
continue; continue;
} }
//matched the identifier and authority, but we need to check if what the app is requesting in terms of permissions is enough //matched the identifier and authority, but we need to check if what the app is requesting in terms of permissions is enough
var alreadyPresentPermissions = Permission.ToPermissions(blob.Permissions).GroupBy(permission => permission.Policy); var alreadyPresentPermissions = Permission.ToPermissions(blob.Permissions)
.GroupBy(permission => permission.Policy);
var fail = false; var fail = false;
foreach (var permission in requestPermissions.GroupBy(permission => permission.Policy)) foreach (var permission in requestPermissions.GroupBy(permission => permission.Policy))
{ {
@@ -128,18 +128,21 @@ namespace BTCPayServer.Controllers
break; break;
} }
if(Policies.IsStorePolicy(permission.Key)) if (Policies.IsStorePolicy(permission.Key))
{ {
if (!selectiveStores && permission.Any(permission1 => !string.IsNullOrEmpty(permission1.Scope))) if (!selectiveStores &&
permission.Any(permission1 => !string.IsNullOrEmpty(permission1.Scope)))
{ {
TempData.SetStatusMessageModel(new StatusMessageModel() TempData.SetStatusMessageModel(new StatusMessageModel()
{ {
Severity = StatusMessageModel.StatusSeverity.Error, Severity = StatusMessageModel.StatusSeverity.Error,
Message = "Cannot request specific store permission when selectiveStores is not enable" Message =
"Cannot request specific store permission when selectiveStores is not enable"
}); });
return RedirectToAction("APIKeys"); return RedirectToAction("APIKeys");
}else if (!selectiveStores && presentPermission.Any(permission1 => }
else if (!selectiveStores && presentPermission.Any(permission1 =>
!string.IsNullOrEmpty(permission1.Scope))) !string.IsNullOrEmpty(permission1.Scope)))
{ {
fail = true; fail = true;
@@ -157,15 +160,16 @@ namespace BTCPayServer.Controllers
return View("Confirm", return View("Confirm",
new ConfirmModel() new ConfirmModel()
{ {
Title = $"Are you sure about exposing your API Key to {applicationName??applicationIdentifier}?", Title =
Description = $"You've previously generated this API Key ({key.Id}) specifically for {applicationName??applicationIdentifier} with the url {redirect}. ", $"Are you sure about exposing your API Key to {applicationName ?? applicationIdentifier}?",
Description =
$"You've previously generated this API Key ({key.Id}) specifically for {applicationName ?? applicationIdentifier} with the url {redirect}. ",
ActionUrl = GetRedirectToApplicationUrl(redirect, key), ActionUrl = GetRedirectToApplicationUrl(redirect, key),
ButtonClass = "btn-secondary", ButtonClass = "btn-secondary",
Action = "Confirm" Action = "Confirm"
}); });
} }
} }
}
var vm = await SetViewModelValues(new AuthorizeApiKeysViewModel() var vm = await SetViewModelValues(new AuthorizeApiKeysViewModel()
{ {
@@ -256,7 +260,7 @@ namespace BTCPayServer.Controllers
case "no": case "no":
return RedirectToAction("APIKeys"); return RedirectToAction("APIKeys");
case "yes": case "yes":
var key = await CreateKey(viewModel, (viewModel.ApplicationIdentifier, viewModel.RedirectUrl.Authority)); var key = await CreateKey(viewModel, (viewModel.ApplicationIdentifier, viewModel.RedirectUrl?.Authority));
if (viewModel.RedirectUrl != null) if (viewModel.RedirectUrl != null)
{ {
@@ -278,16 +282,11 @@ namespace BTCPayServer.Controllers
{ {
var uri = new UriBuilder(redirect); var uri = new UriBuilder(redirect);
var permissions = key.GetBlob().Permissions; var permissions = key.GetBlob().Permissions;
uri.AppendPayloadToQuery(new Dictionary<string, object>() BTCPayServerClient.AppendPayloadToQuery(uri,
{ new Dictionary<string, object>() {{"key", key.Id}, {"permissions", permissions}, {"user", key.UserId}});
{"key", key.Id}, {"permissions",permissions}, {"user", key.UserId} return uri.Uri.AbsoluteUri;
});
//uri builder has bug around string[] params
return uri.Uri.ToStringInvariant().Replace("permissions=System.String%5B%5D",
string.Join("&", permissions.Select(s1 => $"permissions={s1}")), StringComparison.InvariantCulture);
} }
[HttpPost] [HttpPost]
public async Task<IActionResult> AddApiKey(AddApiKeyViewModel viewModel) public async Task<IActionResult> AddApiKey(AddApiKeyViewModel viewModel)
{ {