aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix empty permissions case

Browse Source
This commit is contained in:
Dennis Reimann
2022-06-28 17:22:29 +02:00
committed by Andrew Camilleri
parent eef7539c2d
commit ed1f249aaf
3 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BTCPayServer.Tests/ApiKeysTests.cs
View File

@@ -234,6 +234,14 @@ namespace BTCPayServer.Tests
TestLogs.LogInformation($"Checking API key permissions: {allAPIKey}"); TestLogs.LogInformation($"Checking API key permissions: {allAPIKey}");
var apikeydata = await TestApiAgainstAccessToken<ApiKeyData>(allAPIKey, "api/v1/api-keys/current", tester.PayTester.HttpClient); var apikeydata = await TestApiAgainstAccessToken<ApiKeyData>(allAPIKey, "api/v1/api-keys/current", tester.PayTester.HttpClient);
Assert.Equal(checkedPermissionCount, apikeydata.Permissions.Length); Assert.Equal(checkedPermissionCount, apikeydata.Permissions.Length);
TestLogs.LogInformation("Checking empty permissions");
authUrl = BTCPayServerClient.GenerateAuthorizeUri(s.ServerUri, Array.Empty<string>(), false, true).ToString();
s.GoToUrl(authUrl);
select = new SelectElement(s.Driver.FindElement(By.Id("StoreId")));
select.SelectByIndex(0);
s.Driver.FindElement(By.Id("continue")).Click();
Assert.Contains("There are no associated permissions to the API key being requested", s.Driver.PageSource);
} }
async Task TestApiAgainstAccessToken(string accessToken, ServerTester tester, TestAccount testAccount, async Task TestApiAgainstAccessToken(string accessToken, ServerTester tester, TestAccount testAccount,

6
BTCPayServer/Controllers/UIManageController.APIKeys.cs
View File

@@ -203,13 +203,17 @@ namespace BTCPayServer.Controllers
return RedirectToAction("APIKeys", new { key = key.Id }); return RedirectToAction("APIKeys", new { key = key.Id });
default: default:
var requestPermissions = Permission.ToPermissions(viewModel.Permissions?.Split(';').ToArray()).ToList(); var perms = viewModel.Permissions?.Split(';').ToArray() ?? Array.Empty<string>();
if (perms.Any())
{
var requestPermissions = Permission.ToPermissions(perms).ToList();
var existingApiKey = await CheckForMatchingApiKey(requestPermissions, viewModel); var existingApiKey = await CheckForMatchingApiKey(requestPermissions, viewModel);
if (existingApiKey != null) if (existingApiKey != null)
{ {
viewModel.ApiKey = existingApiKey.Id; viewModel.ApiKey = existingApiKey.Id;
return View("ConfirmAPIKey", viewModel); return View("ConfirmAPIKey", viewModel);
} }
}
return View(viewModel); return View(viewModel);
} }
} }

5
BTCPayServer/Views/UIManage/AuthorizeAPIKey.cshtml
View File

@@ -4,7 +4,8 @@
@{ @{
var displayName = Model.ApplicationName ?? Model.ApplicationIdentifier; var displayName = Model.ApplicationName ?? Model.ApplicationIdentifier;
var store = string.IsNullOrEmpty(Model.StoreId) ? null : Model.Stores.FirstOrDefault(s => s.Id == Model.StoreId); var store = string.IsNullOrEmpty(Model.StoreId) ? null : Model.Stores.FirstOrDefault(s => s.Id == Model.StoreId);
var permissions = Permission.ToPermissions(Model.Permissions.Split(';')).GroupBy(permission => permission.Policy); var permissions = Model.Permissions?.Split(';') ?? Array.Empty<string>();
var groupedPermissions = Permission.ToPermissions(permissions).GroupBy(permission => permission.Policy);
ViewData["Title"] = $"Authorize {displayName ?? "Application"}"; ViewData["Title"] = $"Authorize {displayName ?? "Application"}";
Layout = "_LayoutWizard"; Layout = "_LayoutWizard";
} }
@@ -86,7 +87,7 @@
</div> </div>
<h2 class="h5 fw-semibold mt-4">Permissions</h2> <h2 class="h5 fw-semibold mt-4">Permissions</h2>
@if (!permissions.Any()) @if (!groupedPermissions.Any())
{ {
<p> <p>
There are no associated permissions to the API key being requested by the application. There are no associated permissions to the API key being requested by the application.