* Server Users: More precise message when inviting users
This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user.
* Onboarding: Invite new users
- Separates the user self-registration and invite cases
- Adds invitation email for users created by the admin
- Adds invitation tokens to verify user was invited
- Adds handler action for invite links
- Refactors `UserEventHostedService`
* Remove duplicate status message from views that use the wizard layout
* Auto-approve users created by an admin
* Notify admins via email if a new account requires approval
* Update wording
* Fix update user error
* Fix redirect to email confirmation in invite action
* Fix precondition checks after signup
* Improve admin notification
Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations.
* Allow approval alongside resending confirm email
* Use user email in log messages instead of ID
* Prevent unnecessary notification after email confirmation
* Use ApplicationUser type explicitly
* Fix after rebase
* Refactoring: Do not subclass UserRegisteredEvent
* Dashboard: Fix app stats tiles
They broke with #4747, because they contain script blocks that are loaded asynchronuosly and need to get run once the chart data is added to the page.
* Refactor PoS dashboard component
* Collocate the component JS files in separate files
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Unset X-Frame-Options header correctly
According to the [spec](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) there are onlye the `DENY` and `SAMEORIGIN` options, `ALLOW-FROM` being deprecated. Hence we have to actively unset the header, as we made `DENY` the default.
This also unsets the X-Frame-Options header for the public form pages, which fixes#4666.
* Ignore anti forgery token in Forms
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Editorconfig: Add space_before_self_closing setting
This was a difference between the way dotnet-format and Rider format code. See https://www.jetbrains.com/help/rider/EditorConfig_Index.html
* Editorconfig: Keep 4 spaces indentation for Swagger JSON files
They are all formatted that way, let's keep it like that.
* Apply dotnet-format, mostly white-space related changes
* FIDO2/WebAuthN Support
This adds initial support for WebAuthN/FIDO2 as another MFA mode. U2F is still intact and runs alongside it for now. Once this is merged, I will start work on migrating U2F support to happen over the FIDO2 protocol instead.
* Refactor and future proof system (prep work of seamless u2f migration)
* attempt js fix for mobile devices
* Apply suggestions from code review
Co-authored-by: d11n <mail@dennisreimann.de>
* fix fido name saving
* do not spam logs and hide loader when failed
* PR Changes
* Apply suggestions from code review
Co-authored-by: d11n <mail@dennisreimann.de>
* attempt fido2 bump
* add name if not named for credentials
Co-authored-by: d11n <mail@dennisreimann.de>
* More Options refactoring
Continues refactoring config classes to use the propert Options pattern where possible.
DataDirectories and DatabaseOptions are now configured the Options pattern and the BTCPayOptions is now moved alongside the other config setup
* Move COnfigure logic for Options to the Startup
* BTCPay Extensions Part 2
This PR cleans up the extension system a bit in that:
* It renames the test extension to a more uniform name
* Allows yo uto have system extensions, which are extensions but bundled by default with the release (and cannot be removed)
* Adds a tool to help you generate an extension package from a csproj
* Refactors the UI extension points to a view component
* Moves some more interfaces to the Abstractions csproj
* Rename to plugins
