aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 14:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Lock user: Improve return code and fix docs (#4377)

Browse Source 
* Lock user: Improve return code and fix docs

The docs state that the `DELETE` method should be used, though the controller wants `POST`. The latter seems appropriate here, as the action can be used for locking and unlocking.

Also adapted the action to return a status code based on the actual outcome of the user toggle call.

Closes #4310.

* Update clients
This commit is contained in:
d11n
2022-12-07 19:01:50 +01:00
committed by GitHub
parent 727cf84080
commit f5c5178f95
6 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
BTCPayServer.Client/BTCPayServerClient.Users.cs
View File

@@ -33,11 +33,12 @@ namespace BTCPayServer.Client
return await HandleResponse<ApplicationUserData>(response); return await HandleResponse<ApplicationUserData>(response);
} }
public virtual async Task LockUser(string idOrEmail, bool locked, CancellationToken token = default) public virtual async Task<bool> LockUser(string idOrEmail, bool locked, CancellationToken token = default)
{ {
var response = await _httpClient.SendAsync(CreateHttpRequest($"api/v1/users/{idOrEmail}/lock", null, var response = await _httpClient.SendAsync(CreateHttpRequest($"api/v1/users/{idOrEmail}/lock", null,
new LockUserRequest() {Locked = locked}, HttpMethod.Post), token); new LockUserRequest {Locked = locked}, HttpMethod.Post), token);
await HandleResponse(response); await HandleResponse(response);
return response.IsSuccessStatusCode;
} }
public virtual async Task<ApplicationUserData[]> GetUsers( CancellationToken token = default) public virtual async Task<ApplicationUserData[]> GetUsers( CancellationToken token = default)

7
BTCPayServer.Tests/GreenfieldAPITests.cs
View File

@@ -2920,8 +2920,7 @@ namespace BTCPayServer.Tests
var newUserClient = await newUser.CreateClient(Policies.Unrestricted); var newUserClient = await newUser.CreateClient(Policies.Unrestricted);
Assert.False((await newUserClient.GetCurrentUser()).Disabled); Assert.False((await newUserClient.GetCurrentUser()).Disabled);
await adminClient.LockUser(newUser.UserId, true, CancellationToken.None); Assert.True(await adminClient.LockUser(newUser.UserId, true, CancellationToken.None));
Assert.True((await adminClient.GetUserByIdOrEmail(newUser.UserId)).Disabled); Assert.True((await adminClient.GetUserByIdOrEmail(newUser.UserId)).Disabled);
await AssertAPIError("unauthenticated",async () => await AssertAPIError("unauthenticated",async () =>
{ {
@@ -2934,12 +2933,12 @@ namespace BTCPayServer.Tests
await newUserBasicClient.GetCurrentUser(); await newUserBasicClient.GetCurrentUser();
}); });
await adminClient.LockUser(newUser.UserId, false, CancellationToken.None); Assert.True(await adminClient.LockUser(newUser.UserId, false, CancellationToken.None));
Assert.False((await adminClient.GetUserByIdOrEmail(newUser.UserId)).Disabled); Assert.False((await adminClient.GetUserByIdOrEmail(newUser.UserId)).Disabled);
await newUserClient.GetCurrentUser(); await newUserClient.GetCurrentUser();
await newUserBasicClient.GetCurrentUser(); await newUserBasicClient.GetCurrentUser();
// Twice for good measure // Twice for good measure
await adminClient.LockUser(newUser.UserId, false, CancellationToken.None); Assert.True(await adminClient.LockUser(newUser.UserId, false, CancellationToken.None));
Assert.False((await adminClient.GetUserByIdOrEmail(newUser.UserId)).Disabled); Assert.False((await adminClient.GetUserByIdOrEmail(newUser.UserId)).Disabled);
await newUserClient.GetCurrentUser(); await newUserClient.GetCurrentUser();
await newUserBasicClient.GetCurrentUser(); await newUserBasicClient.GetCurrentUser();

10
BTCPayServer/Controllers/GreenField/GreenfieldUsersController.cs
View File

@@ -76,18 +76,20 @@ namespace BTCPayServer.Controllers.Greenfield
} }
return UserNotFound(); return UserNotFound();
} }
[Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)] [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[HttpPost("~/api/v1/users/{idOrEmail}/lock")] [HttpPost("~/api/v1/users/{idOrEmail}/lock")]
public async Task<IActionResult> LockUser(string idOrEmail, LockUserRequest request ) public async Task<IActionResult> LockUser(string idOrEmail, LockUserRequest request)
{ {
var user = (await _userManager.FindByIdAsync(idOrEmail) ) ?? await _userManager.FindByEmailAsync(idOrEmail); var user = await _userManager.FindByIdAsync(idOrEmail) ?? await _userManager.FindByEmailAsync(idOrEmail);
if (user is null) if (user is null)
{ {
return UserNotFound(); return UserNotFound();
} }
await _userService.ToggleUser(user.Id, request.Locked ? DateTimeOffset.MaxValue : null); var success = await _userService.ToggleUser(user.Id, request.Locked ? DateTimeOffset.MaxValue : null);
return Ok(); return success.HasValue && success.Value ? Ok() : this.CreateAPIError("invalid-state",
$"{(request.Locked ? "Locking" : "Unlocking")} user failed");
} }
[Authorize(Policy = Policies.CanViewUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)] [Authorize(Policy = Policies.CanViewUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]

6
BTCPayServer/Controllers/GreenField/LocalBTCPayServerClient.cs
View File

@@ -1047,9 +1047,11 @@ namespace BTCPayServer.Controllers.Greenfield
return GetFromActionResult<ApplicationUserData>(await GetController<GreenfieldUsersController>().GetUser(idOrEmail)); return GetFromActionResult<ApplicationUserData>(await GetController<GreenfieldUsersController>().GetUser(idOrEmail));
} }
public override async Task LockUser(string idOrEmail, bool disabled, CancellationToken token = default) public override async Task<bool> LockUser(string idOrEmail, bool disabled, CancellationToken token = default)
{ {
HandleActionResult(await GetController<GreenfieldUsersController>().LockUser(idOrEmail, new LockUserRequest() {Locked = disabled})); return GetFromActionResult<bool>(
await GetController<GreenfieldUsersController>().LockUser(idOrEmail,
new LockUserRequest { Locked = disabled }));
} }
public override async Task<OnChainWalletTransactionData> PatchOnChainWalletTransaction(string storeId, public override async Task<OnChainWalletTransactionData> PatchOnChainWalletTransaction(string storeId,

5
BTCPayServer/Services/UserService.cs
View File

@@ -65,12 +65,12 @@ namespace BTCPayServer.Services
return user.LockoutEnabled && user.LockoutEnd is not null && return user.LockoutEnabled && user.LockoutEnd is not null &&
DateTimeOffset.UtcNow < user.LockoutEnd.Value.UtcDateTime; DateTimeOffset.UtcNow < user.LockoutEnd.Value.UtcDateTime;
} }
public async Task ToggleUser(string userId, DateTimeOffset? lockedOutDeadline) public async Task<bool?> ToggleUser(string userId, DateTimeOffset? lockedOutDeadline)
{ {
var user = await _userManager.FindByIdAsync(userId); var user = await _userManager.FindByIdAsync(userId);
if (user is null) if (user is null)
{ {
return; return null;
} }
if (lockedOutDeadline is not null) if (lockedOutDeadline is not null)
{ {
@@ -87,6 +87,7 @@ namespace BTCPayServer.Services
_logger.LogError($"Failed to set lockout for user {user.Id}"); _logger.LogError($"Failed to set lockout for user {user.Id}");
} }
return res.Succeeded;
} }
public async Task<bool> IsAdminUser(string userId) public async Task<bool> IsAdminUser(string userId)

2
BTCPayServer/wwwroot/swagger/v1/swagger.template.users.json
View File

@@ -249,7 +249,7 @@
} }
}, },
"/api/v1/users/{idOrEmail}/lock": { "/api/v1/users/{idOrEmail}/lock": {
"delete": { "post": {
"operationId": "Users_ToggleUserLock", "operationId": "Users_ToggleUserLock",
"tags": [ "tags": [
"Users" "Users"