diff --git a/BTCPayServer.Tests/GreenfieldAPITests.cs b/BTCPayServer.Tests/GreenfieldAPITests.cs index 6702e1081..ca6ef6109 100644 --- a/BTCPayServer.Tests/GreenfieldAPITests.cs +++ b/BTCPayServer.Tests/GreenfieldAPITests.cs @@ -46,13 +46,13 @@ namespace BTCPayServer.Tests Assert.Single(apiKeyData.Permissions); //a client using Basic Auth has no business here - await AssertHttpError(401, async () => await clientBasic.GetCurrentAPIKeyInfo()); + await AssertHttpError(404, async () => await clientBasic.GetCurrentAPIKeyInfo()); //revoke current api key await client.RevokeCurrentAPIKeyInfo(); await AssertHttpError(401, async () => await client.GetCurrentAPIKeyInfo()); //a client using Basic Auth has no business here - await AssertHttpError(401, async () => await clientBasic.RevokeCurrentAPIKeyInfo()); + await AssertHttpError(404, async () => await clientBasic.RevokeCurrentAPIKeyInfo()); } diff --git a/BTCPayServer/Controllers/RestApi/ApiKeysController.cs b/BTCPayServer/Controllers/RestApi/ApiKeysController.cs index 3fd79e781..c0b2ab010 100644 --- a/BTCPayServer/Controllers/RestApi/ApiKeysController.cs +++ b/BTCPayServer/Controllers/RestApi/ApiKeysController.cs @@ -27,7 +27,10 @@ namespace BTCPayServer.Controllers.RestApi [HttpGet("~/api/v1/api-keys/current")] public async Task> GetKey() { - ControllerContext.HttpContext.GetAPIKey(out var apiKey); + if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey)) + { + return NotFound(); + } var data = await _apiKeyRepository.GetKey(apiKey); return Ok(FromModel(data)); } @@ -36,7 +39,10 @@ namespace BTCPayServer.Controllers.RestApi [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)] public async Task> RevokeKey() { - ControllerContext.HttpContext.GetAPIKey(out var apiKey); + if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey)) + { + return NotFound(); + } await _apiKeyRepository.Remove(apiKey, _userManager.GetUserId(User)); return Ok(); }