aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2026-01-09 09:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0545f6b74d8e9f87378df75fcd38fcca53ef233d
btcpayserver/BTCPayServer/Views/Manage/AuthorizeAPIKey.cshtml
Kukks 7ca74aeea7 Add API Keys Application identifier 
This lets the authorize api key screen redirect to the defined url  and provide it with the user id, permissions granted and the key.

This also allows apps to match existing api keys generated for it specifically using the application identifier, and if matched, presented with a confirmation page before redirection.
2020-08-28 09:00:13 +02:00

189 lines
12 KiB
Plaintext
Raw Blame History

@using BTCPayServer.Client
@using BTCPayServer.Controllers
@using BTCPayServer.Security.GreenField
@model BTCPayServer.Controllers.ManageController.AuthorizeApiKeysViewModel
@{
Layout = "_Layout";
ViewData["Title"] = $"Authorize {(Model.ApplicationName ?? "Application")}";
var permissions = Permission.ToPermissions(Model.Permissions.Split(';')).GroupBy(permission => permission.Policy);
}
<partial name="_StatusMessage"/>
<form method="post" asp-action="AuthorizeAPIKey">
<input type="hidden" asp-for="RedirectUrl" value="@Model.RedirectUrl"/>
<input type="hidden" asp-for="Permissions" value="@Model.Permissions"/>
<input type="hidden" asp-for="Strict" value="@Model.Strict"/>
<input type="hidden" asp-for="ApplicationName" value="@Model.ApplicationName"/>
<input type="hidden" asp-for="SelectiveStores" value="@Model.SelectiveStores"/>
<input type="hidden" asp-for="ApplicationIdentifier" value="@Model.ApplicationIdentifier"/>
<section>
<div class="card container">
<div class="row">
<div class="col-lg-12 section-heading">
<h2>Authorization Request</h2>
<hr class="primary">
<p class="mb-1">@(Model.ApplicationName ?? "An application") is requesting access to your account.</p>
@if (Model.RedirectUrl != null)
{
<p class="mb-1 alert alert-info">
If authorized, the generated API key will be provided to <strong>@Model.RedirectUrl.AbsoluteUri</strong>
</p>
}
</div>
</div>
<div class="row">
<div class="col-lg-12 list-group px-2">
<div asp-validation-summary="All" class="text-danger"></div>
<div class="list-group-item ">
<div class="form-group">
<label asp-for="Label"></label>
<input asp-for="Label" class="form-control"/>
<span asp-validation-for="Label" class="text-danger"></span>
</div>
</div>
@if (!permissions.Any())
{
<div class="list-group-item form-group">
<p class="text-center">There are no associated permissions to the API key being requested by the application.<br/>The application cannot do anything with your BTCPay account other than validating your account exists.</p>
</div>
}
@for (int i = 0; i < Model.PermissionValues.Count; i++)
{
<input type="hidden" asp-for="PermissionValues[i].Forbidden"/>
<input type="hidden" asp-for="PermissionValues[i].Permission"/>
<input type="hidden" asp-for="PermissionValues[i].StoreMode" value="@Model.PermissionValues[i].StoreMode"/>
@if (Model.PermissionValues[i].Forbidden && !Model.Strict)
{
continue;
}
@if (Policies.IsStorePolicy(Model.PermissionValues[i].Permission))
{
@if (Model.PermissionValues[i].StoreMode == ManageController.AddApiKeyViewModel.ApiKeyStoreMode.AllStores)
{
<div class="list-group-item form-group">
<div class="form-check">
@if (Model.Strict || Model.PermissionValues[i].Forbidden)
{
<input id="@Model.PermissionValues[i].Permission" type="hidden" asp-for="PermissionValues[i].Value"/>
<input type="checkbox" checked="@Model.PermissionValues[i].Value" disabled class="form-check-input"/>
}
else
{
<input id="@Model.PermissionValues[i].Permission" type="checkbox" asp-for="PermissionValues[i].Value" class="form-check-input"/>
}
<label for="@Model.PermissionValues[i].Permission" class="h5 form-check-label">@Model.PermissionValues[i].Title</label>
@if (Model.SelectiveStores)
{
<button type="submit" class="btn btn-link" name="command" value="@($"{Model.PermissionValues[i].Permission}:change-store-mode")">select specific stores...</button>
}
@if (Model.PermissionValues[i].Forbidden)
{
<br/>
<span class="text-danger">
This permission is not available for your account.
</span>
}
<span asp-validation-for="PermissionValues[i].Value" class="text-danger"></span>
<span class="form-text text-muted">@Model.PermissionValues[i].Description</span>
</div>
</div>
}
else if (Model.SelectiveStores)
{
<div class="list-group-item ">
<h5 class="mb-1">@Model.PermissionValues[i].Title</h5>
<span class="form-text text-muted">@Model.PermissionValues[i].Description</span>
<button type="submit" class="btn btn-link" name="command" value="@($"{Model.PermissionValues[i].Permission}:change-store-mode")">Give permission to all stores instead</button>
</div>
@if (!Model.Stores.Any())
{
<div class="list-group-item alert-warning">
You currently have no stores configured.
</div>
}
@for (var index = 0; index < Model.PermissionValues[i].SpecificStores.Count; index++)
{
<div class="list-group-item transaction-output-form p-0 pl-lg-2">
<div class="row">
<div class="col-sm-12 col-md-12 col-lg-10 py-2 ">
<div class="form-group my-0">
@if (Model.PermissionValues[i].SpecificStores[index] == null)
{
<select asp-for="PermissionValues[i].SpecificStores[index]" class="form-control" asp-items="@(new SelectList(Model.Stores.Where(data => !Model.PermissionValues[i].SpecificStores.Contains(data.Id)), nameof(StoreData.Id), nameof(StoreData.StoreName)))"></select>
}
else
{
var store = Model.Stores.SingleOrDefault(data => data.Id == Model.PermissionValues[i].SpecificStores[index]);
<select asp-for="PermissionValues[i].SpecificStores[index]" class="form-control" asp-items="@(new SelectList(new[] {store}, nameof(StoreData.Id), nameof(StoreData.StoreName), store.Id))"></select>
}
<span asp-validation-for="PermissionValues[i].SpecificStores[index]" class="text-danger"></span>
</div>
</div>
<div class="col-sm-12 col-md-12 col-lg-2 pull-right">
<button type="submit" title="Remove Store Permission" name="command" value="@($"{Model.PermissionValues[i].Permission}:remove-store:{index}")"
class="d-block d-lg-none d-xl-none btn btn-danger mb-2 ml-2">
Remove
</button>
<button type="submit" title="Remove Store Permission" name="command" value="@($"{Model.PermissionValues[i].Permission}:remove-store:{index}")"
class="d-none d-lg-block remove-btn text-decoration-none h-100 align-middle btn text-danger btn-link fa fa-times rounded-0 pull-right">
</button>
</div>
</div>
</div>
}
@if (Model.PermissionValues[i].SpecificStores.Count < Model.Stores.Length)
{
<div class="list-group-item">
<button type="submit" name="command" value="@($"{Model.PermissionValues[i].Permission}:add-store")" class="ml-1 btn btn-secondary">Add another store </button>
</div>
}
}
}
else
{
<div class="list-group-item form-group">
<div class="form-check">
@if (Model.Strict || Model.PermissionValues[i].Forbidden)
{
<input id="@Model.PermissionValues[i].Permission" type="hidden" asp-for="PermissionValues[i].Value"/>
<input type="checkbox" checked="@Model.PermissionValues[i].Value" disabled class="form-check-input"/>
}
else
{
<input id="@Model.PermissionValues[i].Permission" type="checkbox" asp-for="PermissionValues[i].Value" class="form-check-input"/>
}
<label for="@Model.PermissionValues[i].Permission" class="h5 form-check-label">@Model.PermissionValues[i].Title</label>
@if (Model.PermissionValues[i].Forbidden)
{
<br/>
<span class="text-danger">
This permission is not available for your account.
</span>
}
<span asp-validation-for="PermissionValues[i].Value" class="text-danger"></span>
<span class="form-text text-muted">@Model.PermissionValues[i].Description</span>
</div>
</div>
}
}
</div>
</div>
<div class="row my-2">
<div class="col-lg-12 text-center">
<div class="btn-group">
<button class="btn btn-primary" name="command" id="consent-yes" type="submit" value="Yes">Authorize app</button>
</div>
<button class="btn btn-secondary" id="consent-no" name="command" type="submit" value="No">Cancel</button>
</div>
</div>
</div>
</section>
</form>
Reference in New Issue View Git Blame Copy Permalink