mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-21 22:11:48 +01:00
Code Issues Projects Releases Packages Wiki Activity

Do not show password in clear text in email configuration (Fix #1790)

Browse source
This commit is contained in:
nicolas.dorier 2020-10-05 15:42:19 +09:00
parent 2a3dbaa7b4
commit 60cadb8b6d
No known key found for this signature in database
GPG key ID: 6618763EF09186FE
5 changed files with 115 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
BTCPayServer/Controllers/ServerController.cs
View file

@ -944,23 +944,28 @@ namespace BTCPayServer.Controllers
public async Task<IActionResult> Emails()
{
var data = (await _SettingsRepository.GetSettingAsync<EmailSettings>()) ?? new EmailSettings();
return View(new EmailsViewModel() { Settings = data });
return View(new EmailsViewModel(data));
}
[Route("server/emails")]
[HttpPost]
public async Task<IActionResult> Emails(EmailsViewModel model, string command)
{
if (!model.Settings.IsComplete())
{
TempData[WellKnownTempData.ErrorMessage] = "Required fields missing";
return View(model);
}
if (command == "Test")
{
try
{
if (model.PasswordSet)
{
var settings = await _SettingsRepository.GetSettingAsync<EmailSettings>();
model.Settings.Password = settings.Password;
}
if (!model.Settings.IsComplete())
{
TempData[WellKnownTempData.ErrorMessage] = "Required fields missing";
return View(model);
}
using (var client = model.Settings.CreateSmtpClient())
using (var message = model.Settings.CreateMailMessage(new MailAddress(model.TestEmail), "BTCPay test", "BTCPay test"))
{
@ -974,11 +979,24 @@ namespace BTCPayServer.Controllers
}
return View(model);
}
else if (command == "ResetPassword")
{
var settings = await _SettingsRepository.GetSettingAsync<EmailSettings>();
settings.Password = null;
await _SettingsRepository.UpdateSetting(model.Settings);
TempData[WellKnownTempData.SuccessMessage] = "Email server password reset";
return RedirectToAction(nameof(Emails));
}
else // if(command == "Save")
{
var oldSettings = await _SettingsRepository.GetSettingAsync<EmailSettings>();
if (new EmailsViewModel(oldSettings).PasswordSet)
{
model.Settings.Password = oldSettings.Password;
}
await _SettingsRepository.UpdateSetting(model.Settings);
TempData[WellKnownTempData.SuccessMessage] = "Email settings saved";
return View(model);
return RedirectToAction(nameof(Emails));
}
}

25
BTCPayServer/Controllers/StoresController.Email.cs
View file

@ -18,7 +18,7 @@ namespace BTCPayServer.Controllers
if (store == null)
return NotFound();
var data = store.GetStoreBlob().EmailSettings ?? new EmailSettings();
return View(new EmailsViewModel() { Settings = data });
return View(new EmailsViewModel(data));
}
[Route("{storeId}/emails")]
@ -32,6 +32,10 @@ namespace BTCPayServer.Controllers
{
try
{
if (model.PasswordSet)
{
model.Settings.Password = store.GetStoreBlob().EmailSettings.Password;
}
if (!model.Settings.IsComplete())
{
TempData[WellKnownTempData.ErrorMessage] = "Required fields missing";
@ -48,10 +52,26 @@ namespace BTCPayServer.Controllers
}
return View(model);
}
else if (command == "ResetPassword")
{
var storeBlob = store.GetStoreBlob();
storeBlob.EmailSettings.Password = null;
store.SetStoreBlob(storeBlob);
await _Repo.UpdateStore(store);
TempData[WellKnownTempData.SuccessMessage] = "Email server password reset";
return RedirectToAction(nameof(UpdateStore), new
{
storeId
});
}
else // if(command == "Save")
{
var storeBlob = store.GetStoreBlob();
var oldPassword = storeBlob.EmailSettings?.Password;
if (new EmailsViewModel(storeBlob.EmailSettings).PasswordSet)
{
model.Settings.Password = storeBlob.EmailSettings.Password;
}
storeBlob.EmailSettings = model.Settings;
store.SetStoreBlob(storeBlob);
await _Repo.UpdateStore(store);
@ -60,7 +80,6 @@ namespace BTCPayServer.Controllers
{
storeId
});
}
}
}

11
BTCPayServer/Models/ServerViewModels/EmailsViewModel.cs
View file

@ -5,11 +5,20 @@ namespace BTCPayServer.Models.ServerViewModels
{
public class EmailsViewModel
{
public EmailsViewModel()
{
}
public EmailsViewModel(EmailSettings settings)
{
Settings = settings;
PasswordSet = !string.IsNullOrEmpty(settings?.Password);
}
public EmailSettings Settings
{
get; set;
}
public bool PasswordSet { get; set; }
[EmailAddress]
[Display(Name = "Test Email")]
public string TestEmail

1
BTCPayServer/Services/Mails/EmailSettings.cs
View file

@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations;
using System.Net;
using System.Net.Mail;
using Newtonsoft.Json;
namespace BTCPayServer.Services.Mails
{

97
BTCPayServer/Views/Shared/EmailsBody.cshtml
View file

@ -1,4 +1,4 @@
@model BTCPayServer.Models.ServerViewModels.EmailsViewModel
@model BTCPayServer.Models.ServerViewModels.EmailsViewModel
<partial name="_StatusMessage" />
@ -27,36 +27,36 @@
</div>
</div>
<script>
$(document).ready(function(){
$('.row-quick-fill').show();
$('.dropdown.quick-fill a').click(function(e){
e.preventDefault();
var aNode = $(this);
var data = aNode.data();
for(var key in data){
var value = data[key];
var inputNodes = $('input[name*="Settings.'+key+'" i]');
if(inputNodes.length){
inputNodes.each(function(i, input){
input = $(input);
var type = input.attr('type');
if(type === 'checkbox'){
input.prop('checked', value);
}else{
input.val(value);
}
});
$(document).ready(function () {
$('.row-quick-fill').show();
$('.dropdown.quick-fill a').click(function (e) {
e.preventDefault();
var aNode = $(this);
var data = aNode.data();
for (var key in data) {
var value = data[key];
var inputNodes = $('input[name*="Settings.' + key + '" i]');
if (inputNodes.length) {
inputNodes.each(function (i, input) {
input = $(input);
var type = input.attr('type');
if (type === 'checkbox') {
input.prop('checked', value);
} else {
input.val(value);
}
});
}
}
}
});
});
});
</script>
<form method="post" autocomplete="off">
@ -64,17 +64,17 @@ $(document).ready(function(){
<div class="col-md-6">
<div class="form-group">
<label asp-for="Settings.Server"></label>
<input asp-for="Settings.Server" class="form-control"/>
<input asp-for="Settings.Server" class="form-control" />
<span asp-validation-for="Settings.Server" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Settings.Port"></label>
<input asp-for="Settings.Port" class="form-control"/>
<input asp-for="Settings.Port" class="form-control" />
<span asp-validation-for="Settings.Port" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Settings.FromDisplay"></label>
<input asp-for="Settings.FromDisplay" class="form-control"/>
<input asp-for="Settings.FromDisplay" class="form-control" />
<small class="form-text text-muted">
Some email providers (like Gmail) don't allow you to set your display name, so this setting may not have any effect.
</small>
@ -82,28 +82,43 @@ $(document).ready(function(){
</div>
<div class="form-group">
<label asp-for="Settings.From"></label>
<input asp-for="Settings.From" class="form-control"/>
<input asp-for="Settings.From" class="form-control" />
<span asp-validation-for="Settings.From" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Settings.Login"></label>
<input asp-for="Settings.Login" class="form-control"/>
<input asp-for="Settings.Login" class="form-control" />
<small class="form-text text-muted">
For many email providers (like Gmail) your login is your email address.
For many email providers (like Gmail) your login is your email address.
</small>
<span asp-validation-for="Settings.Login" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Settings.Password"></label>
<input asp-for="Settings.Password" value="@Model.Settings.Password" class="form-control"/>
<span asp-validation-for="Settings.Password" class="text-danger"></span>
@if (!Model.PasswordSet)
{
<label asp-for="Settings.Password"></label>
<input asp-for="Settings.Password" type="password" class="form-control" />
<span asp-validation-for="Settings.Password" class="text-danger"></span>
}
else
{
<label asp-for="Settings.Password"></label>
<div class="input-group">
<input value="Configured" type="text" readonly class="form-control" />
<div class="input-group-append">
<button type="submit" class="btn btn-danger" name="command" value="ResetPassword">Reset</button>
</div>
</div>
}
</div>
<div class="form-group">
<div class="form-check">
<input asp-for="Settings.EnableSSL" type="checkbox" class="form-check-input"/>
<input asp-for="Settings.EnableSSL" type="checkbox" class="form-check-input" />
<label asp-for="Settings.EnableSSL" class="form-check-label"></label>
</div>
</div>
<input asp-for="PasswordSet" type="hidden" />
<button type="submit" class="btn btn-primary" name="command" value="Save">Save</button>
</div>
</div>
@ -116,11 +131,11 @@ $(document).ready(function(){
<p class="form-text text-muted">
If you want to test your settings, enter an email address here and click "Send Test Email".
<strong>Your settings won't be saved</strong>, only a test email will be sent.
<br/>
<br />
After a successful test, you can click "Save".
</p>
<label asp-for="TestEmail"></label>
<input asp-for="TestEmail" class="form-control"/>
<input asp-for="TestEmail" class="form-control" />
<span asp-validation-for="TestEmail" class="text-danger"></span>
</div>
<button type="submit" class="btn btn-secondary" name="command" value="Test">Send Test Email</button>