mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-23 22:46:49 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2234 from dennisreimann/safe-browsing

Browse source 
Safe browsing quick fixes
This commit is contained in:
Nicolas Dorier 2021-01-29 18:24:11 +09:00 committed by GitHub
commit 739f13b7a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 15 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
BTCPayServer.Tests/SeleniumTester.cs
View file

@ -85,7 +85,7 @@ namespace BTCPayServer.Tests
public void GoToRegister() public void GoToRegister()
{ {
Driver.Navigate().GoToUrl(Link("/Account/Register")); Driver.Navigate().GoToUrl(Link("/register"));
} }
public string RegisterNewUser(bool isAdmin = false) public string RegisterNewUser(bool isAdmin = false)
@ -285,7 +285,7 @@ namespace BTCPayServer.Tests
public void GoToLogin() public void GoToLogin()
{ {
Driver.Navigate().GoToUrl(new Uri(Server.PayTester.ServerUri, "Account/Login")); Driver.Navigate().GoToUrl(new Uri(Server.PayTester.ServerUri, "/login"));
} }
public string CreateInvoice(string storeName, decimal amount = 100, string currency = "USD", string refundEmail = "") public string CreateInvoice(string storeName, decimal amount = 100, string currency = "USD", string refundEmail = "")

4
BTCPayServer.Tests/SeleniumTests.cs
View file

@ -97,9 +97,7 @@ namespace BTCPayServer.Tests
var email = s.RegisterNewUser(); var email = s.RegisterNewUser();
s.Logout(); s.Logout();
s.Driver.AssertNoError(); s.Driver.AssertNoError();
Assert.Contains("Account/Login", s.Driver.Url); Assert.Contains("/login", s.Driver.Url);
// Should show the Tor address
Assert.Contains("wsaxew3qa5ljfuenfebmaf3m5ykgatct3p6zjrqwoouj3foererde3id.onion", s.Driver.PageSource);
s.Driver.Navigate().GoToUrl(s.Link("/invoices")); s.Driver.Navigate().GoToUrl(s.Link("/invoices"));
Assert.Contains("ReturnUrl=%2Finvoices", s.Driver.Url); Assert.Contains("ReturnUrl=%2Finvoices", s.Driver.Url);

8
BTCPayServer/Controllers/AccountController.cs
View file

@ -66,6 +66,8 @@ namespace BTCPayServer.Controllers
[HttpGet] [HttpGet]
[AllowAnonymous] [AllowAnonymous]
[Route("~/login", Order = 1)]
[Route("~/Account/Login", Order = 2)]
public async Task<IActionResult> Login(string returnUrl = null, string email = null) public async Task<IActionResult> Login(string returnUrl = null, string email = null)
{ {
@ -89,6 +91,8 @@ namespace BTCPayServer.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[Route("~/login", Order = 1)]
[Route("~/Account/Login", Order = 2)]
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
[RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)] [RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null) public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
@ -396,6 +400,8 @@ namespace BTCPayServer.Controllers
[HttpGet] [HttpGet]
[AllowAnonymous] [AllowAnonymous]
[Route("~/register", Order = 1)]
[Route("~/Account/Register", Order = 2)]
[RateLimitsFilter(ZoneLimits.Register, Scope = RateLimitsScope.RemoteAddress)] [RateLimitsFilter(ZoneLimits.Register, Scope = RateLimitsScope.RemoteAddress)]
public async Task<IActionResult> Register(string returnUrl = null, bool logon = true) public async Task<IActionResult> Register(string returnUrl = null, bool logon = true)
{ {
@ -413,6 +419,8 @@ namespace BTCPayServer.Controllers
[HttpPost] [HttpPost]
[AllowAnonymous] [AllowAnonymous]
[Route("~/register", Order = 1)]
[Route("~/Account/Register", Order = 2)]
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null, bool logon = true) public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null, bool logon = true)
{ {

11
BTCPayServer/Views/Account/Login.cshtml
View file

@ -24,17 +24,8 @@
<div class="row justify-content-center mb-5"> <div class="row justify-content-center mb-5">
<div class="col account-form"> <div class="col account-form">
<div class="modal-content border-0 p-3"> <div class="modal-content border-0 p-3">
<div class="modal-header align-items-center border-0 py-2"> <div class="modal-header border-0 py-2">
<h4 class="modal-title">Sign In</h4> <h4 class="modal-title">Sign In</h4>
@if (env.OnionUrl != null)
{
<div class="text-center">
<a href="@env.OnionUrl" target="_onion" class="btn btn-sm btn-outline-onion d-inline-flex align-items-center text-nowrap p-2" data-clipboard="@env.OnionUrl" style="min-width:117px;">
<img src="~/img/icons/onion-purple.svg" height="20" class="mr-2" asp-append-version="true" />
<span data-clipboard-confirm="Copied URL ✔">Copy Tor URL</span>
</a>
</div>
}
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form asp-route-returnurl="@ViewData["ReturnUrl"]" method="post"> <form asp-route-returnurl="@ViewData["ReturnUrl"]" method="post">

11
BTCPayServer/Views/Account/Register.cshtml
View file

@ -28,17 +28,8 @@
<div class="row justify-content-center mb-5"> <div class="row justify-content-center mb-5">
<div class="col account-form"> <div class="col account-form">
<div class="modal-content border-0 p-3"> <div class="modal-content border-0 p-3">
<div class="modal-header align-items-center border-0 py-2"> <div class="modal-header border-0 py-2">
<h4 class="modal-title">Create account</h4> <h4 class="modal-title">Create account</h4>
@if (env.OnionUrl != null)
{
<div class="text-center">
<a href="@env.OnionUrl" target="_onion" class="btn btn-sm btn-outline-onion d-inline-flex align-items-center text-nowrap p-2" data-clipboard="@env.OnionUrl" style="min-width:117px;">
<img src="~/img/icons/onion-purple.svg" height="20" class="mr-2" asp-append-version="true" />
<span data-clipboard-confirm="Copied URL ✔">Copy Tor URL</span>
</a>
</div>
}
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form asp-route-returnUrl="@ViewData["ReturnUrl"]" asp-route-logon="true" method="post"> <form asp-route-returnUrl="@ViewData["ReturnUrl"]" asp-route-logon="true" method="post">

1
BTCPayServer/bundleconfig.json
View file

@ -21,7 +21,6 @@
"wwwroot/vendor/flatpickr/flatpickr.js", "wwwroot/vendor/flatpickr/flatpickr.js",
"wwwroot/main/bootstrap/bootstrap.js", "wwwroot/main/bootstrap/bootstrap.js",
"wwwroot/main/bootstrap4-creativestart/creative.js", "wwwroot/main/bootstrap4-creativestart/creative.js",
"wwwroot/js/copy-to-clipboard.js",
"wwwroot/main/site.js" "wwwroot/main/site.js"
] ]
}, },

3
BTCPayServer/wwwroot/modal/btcpay.js
View file

@ -30,7 +30,6 @@
var iframe = document.createElement('iframe'); var iframe = document.createElement('iframe');
iframe.name = 'btcpay'; iframe.name = 'btcpay';
iframe.class = 'btcpay'; iframe.class = 'btcpay';
iframe.setAttribute('allowtransparency', 'true');
iframe.style.display = 'none'; iframe.style.display = 'none';
iframe.style.border = 0; iframe.style.border = 0;
iframe.style.position = 'fixed'; iframe.style.position = 'fixed';
@ -39,6 +38,8 @@
iframe.style.height = '100%'; iframe.style.height = '100%';
iframe.style.width = '100%'; iframe.style.width = '100%';
iframe.style.zIndex = '2000'; iframe.style.zIndex = '2000';
// Removed, see https://github.com/btcpayserver/btcpayserver/issues/2139#issuecomment-768223263
// iframe.setAttribute('allowtransparency', 'true');
var origin = 'http://chat.btcpayserver.org join us there, and initialize this with your origin url through setApiUrlPrefix'; var origin = 'http://chat.btcpayserver.org join us there, and initialize this with your origin url through setApiUrlPrefix';
var scriptMatch = thisScript.match(scriptSrcRegex) var scriptMatch = thisScript.match(scriptSrcRegex)