aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 14:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Impossible to edit a payment request after receiving an invoice on it

Browse Source
This commit is contained in:
nicolas.dorier
2025-04-10 22:40:15 +09:00
parent 8593d33879
commit 782d53c13d
2 changed files with 31 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
BTCPayServer.Tests/PaymentRequestTests.cs
View File

@@ -6,6 +6,7 @@ using BTCPayServer.Data;
using BTCPayServer.Models.PaymentRequestViewModels; using BTCPayServer.Models.PaymentRequestViewModels;
using BTCPayServer.Services.Invoices; using BTCPayServer.Services.Invoices;
using BTCPayServer.Services.PaymentRequests; using BTCPayServer.Services.PaymentRequests;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using NBitpayClient; using NBitpayClient;
using Xunit; using Xunit;
@@ -101,7 +102,7 @@ namespace BTCPayServer.Tests
user.RegisterDerivationScheme("BTC"); user.RegisterDerivationScheme("BTC");
var paymentRequestController = user.GetController<UIPaymentRequestController>(); var paymentRequestController = user.GetController<UIPaymentRequestController>();
var repo = tester.PayTester.GetService<PaymentRequestRepository>();
Assert.IsType<NotFoundResult>( Assert.IsType<NotFoundResult>(
await paymentRequestController.PayPaymentRequest(Guid.NewGuid().ToString())); await paymentRequestController.PayPaymentRequest(Guid.NewGuid().ToString()));
@@ -112,20 +113,21 @@ namespace BTCPayServer.Tests
Currency = "BTC", Currency = "BTC",
Amount = 1, Amount = 1,
StoreId = user.StoreId, StoreId = user.StoreId,
Description = "description" Description = "description",
ExpiryDate = (DateTimeOffset.UtcNow + TimeSpan.FromDays(1.0)).UtcDateTime
}; };
var response = Assert var prId = Assert
.IsType<RedirectToActionResult>(paymentRequestController.EditPaymentRequest(null, request).Result) .IsType<RedirectToActionResult>(paymentRequestController.EditPaymentRequest(null, request).Result)
.RouteValues.Last(); .RouteValues.Last().Value.ToString();
var invoiceId = Assert var invoiceId = Assert
.IsType<OkObjectResult>( .IsType<OkObjectResult>(
await paymentRequestController.PayPaymentRequest(response.Value.ToString(), false)).Value await paymentRequestController.PayPaymentRequest(prId, false)).Value
.ToString(); .ToString();
var actionResult = Assert var actionResult = Assert
.IsType<RedirectToActionResult>( .IsType<RedirectToActionResult>(
await paymentRequestController.PayPaymentRequest(response.Value.ToString())); await paymentRequestController.PayPaymentRequest(prId));
Assert.Equal("Checkout", actionResult.ActionName); Assert.Equal("Checkout", actionResult.ActionName);
Assert.Equal("UIInvoice", actionResult.ControllerName); Assert.Equal("UIInvoice", actionResult.ControllerName);
@@ -135,6 +137,14 @@ namespace BTCPayServer.Tests
var invoice = user.BitPay.GetInvoice(invoiceId, Facade.Merchant); var invoice = user.BitPay.GetInvoice(invoiceId, Facade.Merchant);
Assert.Equal(1, invoice.Price); Assert.Equal(1, invoice.Price);
// Check if we can modify a PaymentRequest after an invoice has been made
request.ExpiryDate = null;
var paymentRequest = await repo.FindPaymentRequest(prId, null);
paymentRequestController.HttpContext.SetPaymentRequestData(paymentRequest);
Assert
.IsType<RedirectToActionResult>(paymentRequestController.EditPaymentRequest(prId, request).Result)
.RouteValues.Last().Value.ToString();
paymentRequestController.HttpContext.SetPaymentRequestData(null);
request = new UpdatePaymentRequestViewModel() request = new UpdatePaymentRequestViewModel()
{ {
Title = "original juice with expiry", Title = "original juice with expiry",
@@ -145,13 +155,13 @@ namespace BTCPayServer.Tests
Description = "description" Description = "description"
}; };
response = Assert prId = Assert
.IsType<RedirectToActionResult>(paymentRequestController.EditPaymentRequest(null, request).Result) .IsType<RedirectToActionResult>(paymentRequestController.EditPaymentRequest(null, request).Result)
.RouteValues.Last(); .RouteValues.Last().Value.ToString();
Assert Assert
.IsType<BadRequestObjectResult>( .IsType<BadRequestObjectResult>(
await paymentRequestController.PayPaymentRequest(response.Value.ToString(), false)); await paymentRequestController.PayPaymentRequest(prId, false));
} }
[Fact(Timeout = 60 * 2 * 1000)] [Fact(Timeout = 60 * 2 * 1000)]

17
BTCPayServer/Controllers/UIPaymentRequestController.cs
View File

@@ -155,6 +155,7 @@ namespace BTCPayServer.Controllers
[Authorize(Policy = Policies.CanModifyPaymentRequests, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanModifyPaymentRequests, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
public async Task<IActionResult> EditPaymentRequest(string payReqId, UpdatePaymentRequestViewModel viewModel) public async Task<IActionResult> EditPaymentRequest(string payReqId, UpdatePaymentRequestViewModel viewModel)
{ {
viewModel.Id = payReqId;
if (!string.IsNullOrEmpty(viewModel.Currency) && if (!string.IsNullOrEmpty(viewModel.Currency) &&
_Currencies.GetCurrencyData(viewModel.Currency, false) == null) _Currencies.GetCurrencyData(viewModel.Currency, false) == null)
ModelState.AddModelError(nameof(viewModel.Currency), "Invalid currency"); ModelState.AddModelError(nameof(viewModel.Currency), "Invalid currency");
@@ -162,7 +163,8 @@ namespace BTCPayServer.Controllers
viewModel.Currency = null; viewModel.Currency = null;
var store = GetCurrentStore(); var store = GetCurrentStore();
var paymentRequest = GetCurrentPaymentRequest(); var paymentRequest = GetCurrentPaymentRequest();
if (paymentRequest == null && !string.IsNullOrEmpty(payReqId)) if ((paymentRequest == null && !string.IsNullOrEmpty(payReqId)) ||
(paymentRequest != null && paymentRequest.Id != payReqId))
{ {
return NotFound(); return NotFound();
} }
@@ -180,11 +182,14 @@ namespace BTCPayServer.Controllers
data.Archived = viewModel.Archived; data.Archived = viewModel.Archived;
var blob = data.GetBlob(); var blob = data.GetBlob();
if (data.Amount != viewModel.Amount && payReqId != null) var prInvoices = payReqId is null ? [] : (await _PaymentRequestService.GetPaymentRequest(payReqId, GetUserId())).Invoices;
viewModel.AmountAndCurrencyEditable = payReqId is null || !prInvoices.Any();
if (!viewModel.AmountAndCurrencyEditable)
{ {
var prInvoices = (await _PaymentRequestService.GetPaymentRequest(payReqId, GetUserId())).Invoices; ModelState.Remove(nameof(data.Amount));
if (prInvoices.Any()) ModelState.Remove(nameof(data.Currency));
ModelState.AddModelError(nameof(viewModel.Amount), StringLocalizer["Amount and currency are not editable once payment request has invoices"]); viewModel.Amount = data.Amount;
viewModel.Currency = data.Currency;
} }
if (!ModelState.IsValid) if (!ModelState.IsValid)
@@ -199,8 +204,8 @@ namespace BTCPayServer.Controllers
blob.Email = viewModel.Email; blob.Email = viewModel.Email;
blob.Description = viewModel.Description; blob.Description = viewModel.Description;
data.Amount = viewModel.Amount; data.Amount = viewModel.Amount;
data.Expiry = viewModel.ExpiryDate?.ToUniversalTime();
data.Currency = viewModel.Currency ?? store.GetStoreBlob().DefaultCurrency; data.Currency = viewModel.Currency ?? store.GetStoreBlob().DefaultCurrency;
data.Expiry = viewModel.ExpiryDate?.ToUniversalTime();
blob.AllowCustomPaymentAmounts = viewModel.AllowCustomPaymentAmounts; blob.AllowCustomPaymentAmounts = viewModel.AllowCustomPaymentAmounts;
blob.FormId = viewModel.FormId; blob.FormId = viewModel.FormId;