* Store users: Ensure the last owner cannot be downgraded
Changes the behaviour of the `AddOrUpdateStoreUser` method to throw errors for the failure cases, so that the UI and API can report the actual problem. A role change might fail if the user already has that role or if they are the last owner of the store.
* Cleanup code
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* fix: return 403 when unauthenticated user accesses an archived invoice receipt
* refactor: simplify archived invoice access check with pattern matching
* Return 404 for unauthorized users accessing archived invoice
Co-authored-by: d11n <mail@dennisreimann.de>
* feat: add archived invoice validation for unauthenticated access in Checkout and GetStatus
* test: add test case for unauthorized access to archived invoice returning not found
* test: add unauthorized checkout test for archived invoice
* Commenting code and adding test case for GetStatus
---------
Co-authored-by: d11n <mail@dennisreimann.de>
Co-authored-by: rockstardev <5191402+rockstardev@users.noreply.github.com>
* Adding endpoint in Greenfield to allow server email settings
* Adding related swagger file
* Refactoring EmailSettingsData to be more readable
* Adding server email masking
* Adding tests
* Update BTCPayServer/wwwroot/swagger/v1/swagger.template.serveremail.json
Co-authored-by: d11n <mail@dennisreimann.de>
* Masking smtp server email returned over greenfield api and test
* Retaining password if password mask is used
* Remove magic string *****
* Flatten request for server's settings. Fix bug on shared setting instances
* Remove useless doc
* Simplify code
* Fix Store Email settings page
---------
Co-authored-by: d11n <mail@dennisreimann.de>
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Adding MultisigTests
* Adding fetching of receive address and creating pending transaction
* Completing multisig test flow
* Reverting Selenium ChromeDriver version
* Adding generation of PSBTs
* Removing unnecessary lines
* PSBT test signing now working with multisig dervation scheme
* Updating SignTestPSBT test
* Reducing number of iterations for test funding, to speed up tests
* Bugfixing PSBT problem
* Ensuring that PSBT signing also works for pending transactions
* Ensuring we don't collect count duplicate signatures for same PSBTs
* Resolving bug in PendingTransactionService where Combine was modifying object
* Fixing bug where pending transaction was not broadcased if there was ReturnUrl
* Finally finishing Multisig Selenium test flow with signing PSBTs, broadcasting and cancelling them
* Small nit, waiting loaded element
* Nit: Use AssetElementNotFound
* Fix warning
* Remove code dups
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* POS: Create Invoice action optionally responds with JSON
We adapted this action, which is full of custom POS logic, for the app to avoid creating a separate API endpoint.
* Add test and improve error handling
* App: Add events which the app subscribes to
Various events, which are relevant for the app to react to changes made on the server.
* Refactor events
* Do not extend NewBlockEvent
* Refactoring events
* Add store role events
* Refactoring: Rename StoreUserEvent
* Fix: Subscribe to UserEvent.Invited
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
Fixes a regression introduced with d24adda700: The negation for the `_rateLimitService.Throttle` result was removed with that commit, which lead to all unauthenticated request getting throttled. (It was correctly implemented in #6415.
Fixesbtcpayserver/app#131.
