Prevent access to wallet features if derivation scheme isn't set (#2196)

BTCPayServer/Controllers/WalletsController.PSBT.cs

@@ -75,9 +75,14 @@ namespace BTCPayServer.Controllers
         {
             var network = NetworkProvider.GetNetwork<BTCPayNetwork>(walletId.CryptoCode);
             vm.CryptoCode = network.CryptoCode;
+
+            var derivationSchemeSettings = GetDerivationSchemeSettings(walletId);
+            if (derivationSchemeSettings == null)
+                return NotFound();
+
             vm.NBXSeedAvailable = await CanUseHotWallet() && !string.IsNullOrEmpty(await ExplorerClientProvider.GetExplorerClient(network)
-                .GetMetadataAsync<string>(GetDerivationSchemeSettings(walletId).AccountDerivation,
-                    WellknownMetadataKeys.Mnemonic));
+                .GetMetadataAsync<string>(derivationSchemeSettings.AccountDerivation, WellknownMetadataKeys.Mnemonic));
+
             if (await vm.GetPSBT(network.NBitcoinNetwork) is PSBT psbt)
             {
                 vm.Decoded = psbt.ToString();
@@ -98,9 +103,13 @@ namespace BTCPayServer.Controllers
                 return await WalletPSBT(walletId, vm);
             var network = NetworkProvider.GetNetwork<BTCPayNetwork>(walletId.CryptoCode);
             vm.CryptoCode = network.CryptoCode;
+
+            var derivationSchemeSettings = GetDerivationSchemeSettings(walletId);
+            if (derivationSchemeSettings == null)
+                return NotFound();
+
             vm.NBXSeedAvailable = await CanUseHotWallet() && !string.IsNullOrEmpty(await ExplorerClientProvider.GetExplorerClient(network)
-                .GetMetadataAsync<string>(GetDerivationSchemeSettings(walletId).AccountDerivation,
-                    WellknownMetadataKeys.Mnemonic));
+                .GetMetadataAsync<string>(derivationSchemeSettings.AccountDerivation, WellknownMetadataKeys.Mnemonic));
             var psbt = await vm.GetPSBT(network.NBitcoinNetwork);
             if (psbt == null)
             {
@@ -127,7 +136,6 @@ namespace BTCPayServer.Controllers
                     return View(vm);
 
                 case "update":
-                    var derivationSchemeSettings = GetDerivationSchemeSettings(walletId);
                     psbt = await ExplorerClientProvider.UpdatePSBT(derivationSchemeSettings, psbt);
                     if (psbt == null)
                     {

BTCPayServer/Controllers/WalletsController.PullPayments.cs

@@ -27,7 +27,10 @@ namespace BTCPayServer.Controllers
         public IActionResult NewPullPayment([ModelBinder(typeof(WalletIdModelBinder))]
             WalletId walletId)
         {
-            return View(new NewPullPaymentModel()
+            if (GetDerivationSchemeSettings(walletId) == null)
+                return NotFound();
+
+            return View(new NewPullPaymentModel
             {
                 Name = "",
                 Currency = "BTC",
@@ -41,6 +44,9 @@ namespace BTCPayServer.Controllers
         public async Task<IActionResult> NewPullPayment([ModelBinder(typeof(WalletIdModelBinder))]
             WalletId walletId, NewPullPaymentModel model)
         {
+            if (GetDerivationSchemeSettings(walletId) == null)
+                return NotFound();
+
             model.Name ??= string.Empty;
             model.Currency = model.Currency.ToUpperInvariant().Trim();
             if (_currencyTable.GetCurrencyData(model.Currency, false) is null)
@@ -99,7 +105,10 @@ namespace BTCPayServer.Controllers
                                                         .Where(p => p.State == PayoutState.Completed || p.State == PayoutState.InProgress)
                                       })
                                       .ToListAsync();
-            var vm = new PullPaymentsModel();
+
+            var vm = new PullPaymentsModel
+                { HasDerivationSchemeSettings = GetDerivationSchemeSettings(walletId) != null };
+
             foreach (var o in pps)
             {
                 var pp = o.PullPayment;
@@ -175,8 +184,9 @@ namespace BTCPayServer.Controllers
             [ModelBinder(typeof(WalletIdModelBinder))]
             WalletId walletId, PayoutsModel vm, CancellationToken cancellationToken)
         {
-            if (vm is null)
+            if (vm is null || GetDerivationSchemeSettings(walletId) == null)
                 return NotFound();
+
             var storeId = walletId.StoreId;
             var paymentMethodId = new PaymentMethodId(walletId.CryptoCode, PaymentTypes.BTCLike);
             var payoutIds = vm.WaitingForApproval.Where(p => p.Selected).Select(p => p.PayoutId).ToArray();

BTCPayServer/Models/WalletViewModels/PullPaymentsModel.cs

@@ -28,6 +28,8 @@ namespace BTCPayServer.Models.WalletViewModels
         }
 
         public List<PullPaymentModel> PullPayments { get; set; } = new List<PullPaymentModel>();
+
+        public bool HasDerivationSchemeSettings { get; set; }
     }
 
     public class NewPullPaymentModel

BTCPayServer/Views/Wallets/PullPayments.cshtml

@@ -18,14 +18,17 @@
     </div>
 }
 
-<div class="row button-row">
-    <div class="col-lg-12">
-        <a asp-action="NewPullPayment"
-           asp-route-walletId="@this.Context.GetRouteValue("walletId")"
-           class="btn btn-primary" role="button" id="NewPullPayment"><span class="fa fa-plus"></span> Create a new pull payment</a>
-        <a href="https://docs.btcpayserver.org/PullPayments/" target="_blank"><span class="fa fa-question-circle-o" title="More information..."></span></a>
+@if (Model.HasDerivationSchemeSettings)
+{
+    <div class="row button-row">
+        <div class="col-lg-12">
+            <a asp-action="NewPullPayment"
+               asp-route-walletId="@Context.GetRouteValue("walletId")"
+               class="btn btn-primary" role="button" id="NewPullPayment"><span class="fa fa-plus"></span> Create a new pull payment</a>
+            <a href="https://docs.btcpayserver.org/PullPayments/" target="_blank"><span class="fa fa-question-circle-o" title="More information..."></span></a>
+        </div>
     </div>
-</div>
+}
 
 <div class="row">
     @foreach (var pp in Model.PullPayments)