Prevent payout double send (#5931)

Fixes #5913.
2024-11-19 01:43:50 +01:00 · 2024-04-15 13:25:17 +02:00 · 2024-04-15 13:25:17 +02:00 · 8b02c0bd82
commit 8b02c0bd82
parent b92ff7c27b
3 changed files with 28 additions and 17 deletions
--- a/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
+++ b/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
@ -10,10 +10,9 @@ using BTCPayServer.Client;
 using BTCPayServer.Client.Models;
 using BTCPayServer.Data;
 using BTCPayServer.HostedServices;
-using BTCPayServer.Models;
 using BTCPayServer.Models.WalletViewModels;
 using BTCPayServer.Payments;
-using BTCPayServer.Rating;
+using BTCPayServer.PayoutProcessors;
 using BTCPayServer.Services;
 using BTCPayServer.Services.Rates;
 using Microsoft.AspNetCore.Authorization;
@ -23,7 +22,6 @@ using Microsoft.EntityFrameworkCore;
 using Newtonsoft.Json.Linq;
 using MarkPayoutRequest = BTCPayServer.HostedServices.MarkPayoutRequest;
 using PayoutData = BTCPayServer.Data.PayoutData;
-using PullPaymentData = BTCPayServer.Data.PullPaymentData;
 using StoreData = BTCPayServer.Data.StoreData;

 namespace BTCPayServer.Controllers
@ -40,6 +38,8 @@ namespace BTCPayServer.Controllers
        private readonly ApplicationDbContextFactory _dbContextFactory;
        private readonly BTCPayNetworkJsonSerializerSettings _jsonSerializerSettings;
        private readonly IAuthorizationService _authorizationService;
+        private readonly PayoutProcessorService _payoutProcessorService;
+        private readonly IEnumerable<IPayoutProcessorFactory> _payoutProcessorFactories;

        public StoreData CurrentStore
        {
@ -55,6 +55,8 @@ namespace BTCPayServer.Controllers
            DisplayFormatter displayFormatter,
            PullPaymentHostedService pullPaymentHostedService,
            ApplicationDbContextFactory dbContextFactory,
+            PayoutProcessorService payoutProcessorService,
+            IEnumerable<IPayoutProcessorFactory> payoutProcessorFactories,
            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings,
            IAuthorizationService authorizationService)
        {
@ -66,8 +68,10 @@ namespace BTCPayServer.Controllers
            _dbContextFactory = dbContextFactory;
            _jsonSerializerSettings = jsonSerializerSettings;
            _authorizationService = authorizationService;
+            _payoutProcessorService = payoutProcessorService;
+            _payoutProcessorFactories = payoutProcessorFactories;
        }
-
+        
        [HttpGet("stores/{storeId}/pull-payments/new")]
        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId)
@ -287,6 +291,7 @@ namespace BTCPayServer.Controllers
                return NotFound();

            vm.PaymentMethods = await _payoutHandlers.GetSupportedPaymentMethods(HttpContext.GetStoreData());
+            vm.HasPayoutProcessor = await HasPayoutProcessor(storeId, vm.PaymentMethodId);
            var paymentMethodId = PaymentMethodId.Parse(vm.PaymentMethodId);
            var handler = _payoutHandlers
                .FindPayoutHandler(paymentMethodId);
@ -370,7 +375,7 @@ namespace BTCPayServer.Controllers
                            break;
                        }

-                        if (command == "approve-pay")
+                        if (command == "approve-pay" && !vm.HasPayoutProcessor)
                        {
                            goto case "pay";
                        }
@ -486,16 +491,18 @@ namespace BTCPayServer.Controllers
                return RedirectToAction(nameof(UIStoresController.Index), "UIStores", new { storeId });
            }

+            paymentMethodId ??= paymentMethods.First().ToString();
            var vm = this.ParseListQuery(new PayoutsModel
            {
                PaymentMethods = paymentMethods,
-                PaymentMethodId = paymentMethodId ?? paymentMethods.First().ToString(),
+                PaymentMethodId = paymentMethodId,
                PullPaymentId = pullPaymentId,
                PayoutState = payoutState,
                Skip = skip,
-                Count = count
+                Count = count,
+                Payouts = new List<PayoutsModel.PayoutModel>(),
+                HasPayoutProcessor = await HasPayoutProcessor(storeId, paymentMethodId)
            });
-            vm.Payouts = new List<PayoutsModel.PayoutModel>();
            await using var ctx = _dbContextFactory.CreateContext();
            var payoutRequest =
                ctx.Payouts.Where(p => p.StoreDataId == storeId && (p.PullPaymentDataId == null || !p.PullPaymentData.Archived));
@ -577,5 +584,13 @@ namespace BTCPayServer.Controllers
            }
            return View(vm);
        }
+
+        private async Task<bool> HasPayoutProcessor(string storeId, string paymentMethodId)
+        {
+            var pmId = PaymentMethodId.Parse(paymentMethodId);
+            var processors = await _payoutProcessorService.GetProcessors(
+                new PayoutProcessorService.PayoutProcessorQuery { Stores = [storeId], PaymentMethods = [paymentMethodId] });
+            return _payoutProcessorFactories.Any(factory => factory.GetSupportedPaymentMethods().Contains(pmId)) && processors.Any();
+        }
    }
 }
--- a/BTCPayServer/Models/WalletViewModels/PayoutsModel.cs
+++ b/BTCPayServer/Models/WalletViewModels/PayoutsModel.cs
@ -19,6 +19,7 @@ namespace BTCPayServer.Models.WalletViewModels
        public IEnumerable<PaymentMethodId> PaymentMethods { get; set; }
        public PayoutState PayoutState { get; set; }
        public string PullPaymentName { get; set; }
+        public bool HasPayoutProcessor { get; set; }

        public class PayoutModel
        {
--- a/BTCPayServer/Views/UIStorePullPayments/Payouts.cshtml
+++ b/BTCPayServer/Views/UIStorePullPayments/Payouts.cshtml
@ -7,8 +7,6 @@
@model BTCPayServer.Models.WalletViewModels.PayoutsModel

@inject IEnumerable<IPayoutHandler> PayoutHandlers;
-@inject PayoutProcessorService _payoutProcessorService;
-@inject IEnumerable<IPayoutProcessorFactory> _payoutProcessorFactories;
@{
    var storeId = Context.GetRouteValue("storeId") as string;
    ViewData.SetActivePage(StoreNavPages.Payouts, $"Payouts{(string.IsNullOrEmpty(Model.PullPaymentName) ? string.Empty : " for pull payment " + Model.PullPaymentName)}", Context.GetStoreData().Id);
@ -24,15 +22,16 @@
            return;
        stateActions.AddRange(payoutHandler.GetPayoutSpecificActions().Where(pair => pair.Key == Model.PayoutState).SelectMany(pair => pair.Value));
    }
+
    switch (Model.PayoutState)
    {
        case PayoutState.AwaitingApproval:
+            if (!Model.HasPayoutProcessor) stateActions.Add(("approve-pay", "Approve & Send"));
            stateActions.Add(("approve", "Approve"));
-            stateActions.Add(("approve-pay", "Approve & Send"));
            stateActions.Add(("cancel", "Cancel"));
            break;
        case PayoutState.AwaitingPayment:
-            stateActions.Add(("pay", "Send"));
+            if (!Model.HasPayoutProcessor) stateActions.Add(("pay", "Send"));
            stateActions.Add(("cancel", "Cancel"));
            stateActions.Add(("mark-paid", "Mark as already paid"));
            break;
@ -87,11 +86,7 @@

 <partial name="_StatusMessage" />

-@if (_payoutProcessorFactories.Any(factory => factory.GetSupportedPaymentMethods().Contains(paymentMethodId)) && !(await _payoutProcessorService.GetProcessors(new PayoutProcessorService.PayoutProcessorQuery()
-{
-    Stores = new[] { storeId },
-    PaymentMethods = new[] { Model.PaymentMethodId }
-})).Any())
+@if (!Model.HasPayoutProcessor)
 {
    <div class="alert alert-info mb-5" role="alert" permission="@Policies.CanModifyStoreSettings">
        <strong>Pro tip:</strong> There are supported but unconfigured Payout Processors for this payout payment method.<br/>