aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-24 01:14:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adding validation of ReferenceId for Payment Request

Browse Source
This commit is contained in:
rockstardev
2025-10-22 10:44:29 -05:00
parent 02adde7fd5
commit aa6944b01e
1 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
BTCPayServer/Controllers/UIPaymentRequestController.cs
View File

@@ -169,26 +169,48 @@ namespace BTCPayServer.Controllers
if (!string.IsNullOrEmpty(viewModel.Currency) && if (!string.IsNullOrEmpty(viewModel.Currency) &&
_Currencies.GetCurrencyData(viewModel.Currency, false) == null) _Currencies.GetCurrencyData(viewModel.Currency, false) == null)
ModelState.AddModelError(nameof(viewModel.Currency), "Invalid currency"); ModelState.AddModelError(nameof(viewModel.Currency), "Invalid currency");
if (string.IsNullOrEmpty(viewModel.Currency)) if (string.IsNullOrEmpty(viewModel.Currency))
viewModel.Currency = null; viewModel.Currency = null;
var store = GetCurrentStore(); var store = GetCurrentStore();
var paymentRequest = GetCurrentPaymentRequest(); var paymentRequest = GetCurrentPaymentRequest();
if ((paymentRequest == null && !string.IsNullOrEmpty(payReqId)) || if ((paymentRequest == null && !string.IsNullOrEmpty(payReqId)) ||
(paymentRequest != null && paymentRequest.Id != payReqId)) (paymentRequest != null && paymentRequest.Id != payReqId))
{
return NotFound(); return NotFound();
}
if (!store.AnyPaymentMethodAvailable(_handlers)) if (!store.AnyPaymentMethodAvailable(_handlers))
{
return NoPaymentMethodResult(store.Id); return NoPaymentMethodResult(store.Id);
}
if (paymentRequest?.Archived is true && viewModel.Archived) if (paymentRequest?.Archived is true && viewModel.Archived)
{
ModelState.AddModelError(string.Empty, StringLocalizer["You cannot edit an archived payment request."]); ModelState.AddModelError(string.Empty, StringLocalizer["You cannot edit an archived payment request."]);
// Validate ReferenceId is unique for this store (for both new and edit)
if (!string.IsNullOrEmpty(viewModel.ReferenceId))
{
var existingPaymentRequests = await _PaymentRequestRepository.FindPaymentRequests(
new PaymentRequestQuery
{
StoreId = viewModel.StoreId,
SearchText = viewModel.ReferenceId
});
var duplicate = existingPaymentRequests.FirstOrDefault(pr => pr.ReferenceId == viewModel.ReferenceId && pr.Id != payReqId);
if (duplicate != null)
ModelState.AddModelError(nameof(viewModel.ReferenceId),
StringLocalizer["A payment request with reference ID \"{0}\" already exists for this store.", viewModel.ReferenceId].Value);
} }
if (!ModelState.IsValid)
{
// Rockstar: This code is kinda ugly but needed to show the email rules warning again
viewModel.HasEmailRules = await HasEmailRules(store.Id);
return View(nameof(EditPaymentRequest), viewModel);
}
var data = paymentRequest ?? new PaymentRequestData(); var data = paymentRequest ?? new PaymentRequestData();
data.StoreDataId = viewModel.StoreId; data.StoreDataId = viewModel.StoreId;
data.Archived = viewModel.Archived; data.Archived = viewModel.Archived;
@@ -204,12 +226,6 @@ namespace BTCPayServer.Controllers
viewModel.Currency = data.Currency; viewModel.Currency = data.Currency;
} }
if (!ModelState.IsValid)
{
viewModel.HasEmailRules = await HasEmailRules(store.Id);
return View(nameof(EditPaymentRequest), viewModel);
}
blob.Title = viewModel.Title; blob.Title = viewModel.Title;
blob.Email = viewModel.Email; blob.Email = viewModel.Email;
blob.Description = viewModel.Description; blob.Description = viewModel.Description;
@@ -225,9 +241,7 @@ namespace BTCPayServer.Controllers
data.SetBlob(blob); data.SetBlob(blob);
var isNewPaymentRequest = string.IsNullOrEmpty(payReqId); var isNewPaymentRequest = string.IsNullOrEmpty(payReqId);
if (isNewPaymentRequest) if (isNewPaymentRequest)
{
data.Created = DateTimeOffset.UtcNow; data.Created = DateTimeOffset.UtcNow;
}
data = await _PaymentRequestRepository.CreateOrUpdatePaymentRequest(data); data = await _PaymentRequestRepository.CreateOrUpdatePaymentRequest(data);