Add api-tokens page, do not hide qrcode if small

2025-03-13 11:35:51 +01:00 · 2017-10-17 13:52:30 +09:00 · 2017-10-17 13:52:30 +09:00 · 8db9d93d23
commit 8db9d93d23
parent 517bb94b8b
6 changed files with 74 additions and 17 deletions
--- a/BTCPayServer/Controllers/StoresController.cs
+++ b/BTCPayServer/Controllers/StoresController.cs
@ -1,4 +1,5 @@
 using BTCPayServer.Authentication;
+using BTCPayServer.Data;
 using BTCPayServer.Models;
 using BTCPayServer.Models.StoreViewModels;
 using BTCPayServer.Services.Stores;
@ -8,6 +9,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Rendering;
 using NBitcoin;
 using NBitpayClient;
 using NBXplorer.DerivationStrategy;
@ -21,6 +23,7 @@ namespace BTCPayServer.Controllers
 	[Route("stores")]
 	[Authorize(AuthenticationSchemes = "Identity.Application")]
 	[Authorize(Policy = "CanAccessStore")]
+	[AutoValidateAntiforgeryToken]
 	public class StoresController : Controller
 	{
 		public StoresController(
@ -123,7 +126,6 @@ namespace BTCPayServer.Controllers
 		}

 		[HttpPost]
-		[ValidateAntiForgeryToken]
 		[Route("{storeId}")]
 		public async Task<IActionResult> UpdateStore(string storeId, StoreViewModel model, string command)
 		{
@ -220,7 +222,7 @@ namespace BTCPayServer.Controllers
 		}

 		[HttpPost]
-		[ValidateAntiForgeryToken]
+		[Route("/api-tokens")]
 		[Route("{storeId}/Tokens/Create")]
 		public async Task<IActionResult> CreateToken(string storeId, CreateTokenViewModel model)
 		{
@ -229,6 +231,17 @@ namespace BTCPayServer.Controllers
 				return View(model);
 			}

+			if(storeId == null) // Permissions are not checked by Policy if the storeId is not passed by url
+			{
+				storeId = model.StoreId;
+				var userId = GetUserId();
+				if(userId == null)
+					return Unauthorized();
+				var store = await _Repo.FindStore(storeId, userId);
+				if(store == null)
+					return Unauthorized();
+			}
+
 			var tokenRequest = new TokenRequest()
 			{
 				Facade = model.Facade,
@ -262,16 +275,29 @@ namespace BTCPayServer.Controllers
 		}

 		[HttpGet]
+		[Route("/api-tokens")]
 		[Route("{storeId}/Tokens/Create")]
-		public IActionResult CreateToken()
+		public async Task<IActionResult> CreateToken(string storeId)
 		{
+			var userId = GetUserId();
+			if(string.IsNullOrWhiteSpace(userId))
+				return Unauthorized();
 			var model = new CreateTokenViewModel();
 			model.Facade = "merchant";
+			ViewBag.HidePublicKey = storeId == null;
+			ViewBag.ShowStores = storeId == null;
+			ViewBag.ShowMenu = storeId != null;
+			model.StoreId = storeId;
+			if(storeId == null)
+			{
+				model.Stores = new SelectList(await _Repo.GetStoresByUserId(userId), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
+			}
+			
 			return View(model);
 		}

+
 		[HttpPost]
-		[ValidateAntiForgeryToken]
 		[Route("{storeId}/Tokens/Delete")]
 		public async Task<IActionResult> DeleteToken(string storeId, string tokenId)
 		{
@ -316,7 +342,6 @@ namespace BTCPayServer.Controllers
 		}

 		[HttpPost]
-		[ValidateAntiForgeryToken]
 		[Route("api-access-request")]
 		public async Task<IActionResult> Pair(string pairingCode, string selectedStore)
 		{
--- a/BTCPayServer/Models/StoreViewModels/TokensViewModel.cs
+++ b/BTCPayServer/Models/StoreViewModels/TokensViewModel.cs
@ -1,4 +1,5 @@
 using BTCPayServer.Validations;
+using Microsoft.AspNetCore.Mvc.Rendering;
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
@ -25,6 +26,17 @@ namespace BTCPayServer.Models.StoreViewModels
 		{
 			get; set;
 		}
+
+		[Required]
+		public string StoreId
+		{
+			get; set;
+		}
+
+		public SelectList Stores
+		{
+			get; set;
+		}
 	}
 	public class TokenViewModel
 	{
--- a/BTCPayServer/Views/Invoice/Checkout.cshtml
+++ b/BTCPayServer/Views/Invoice/Checkout.cshtml
@ -179,7 +179,7 @@
 								<div adjust-height="" class="payment-box">
 									<div class="bp-view payment scan" id="scan" style="opacity: 1;">
 										<div class="payment__scan">
-											<div class="payment__details__instruction__open-wallet hidden-sm-up">
+											@*<div class="payment__details__instruction__open-wallet hidden-sm-up">
 												<!---->
 												<a class="payment__details__instruction__open-wallet__btn action-button action-button--secondary">
 													<span i18n="">Show QR code</span>
@ -193,9 +193,9 @@
 													<!---->
 													<div class="qr-codes"></div>
 												</div>
-											</div>
+											</div>*@
 											<!---->
-											<div class="qr-codes hidden-xs-down"></div>
+											<div class="qr-codes"></div>
 										</div>
 										<div class="payment__details__instruction__open-wallet">
 											<a class="payment__details__instruction__open-wallet__btn action-button" href="@Model.InvoiceBitcoinUrl">
--- a/BTCPayServer/Views/Shared/_NavLayout.cshtml
+++ b/BTCPayServer/Views/Shared/_NavLayout.cshtml
@ -1,5 +1,6 @@
@{
 	Layout = "/Views/Shared/_Layout.cshtml";
+	ViewBag.ShowMenu = ViewBag.ShowMenu ?? true;
 }


@ -15,7 +16,10 @@
 		<div>
 			<div class="row">
 				<div class="col-md-3">
-					@await Html.PartialAsync("_Nav")
+					@if(ViewBag.ShowMenu)
+					{
+						@await Html.PartialAsync("_Nav")
+					}
 				</div>
 				<div class="col-md-9">
 					@RenderBody()
--- a/BTCPayServer/Views/Stores/CreateToken.cshtml
+++ b/BTCPayServer/Views/Stores/CreateToken.cshtml
@ -9,18 +9,21 @@

 <div class="row">
 	<div class="col-md-6">
-		<form asp-action="CreateToken" method="post">
+		<form method="post">
 			<div class="form-group">
 				<label asp-for="Label"></label>
 				<input asp-for="Label" class="form-control" />
 				<span asp-validation-for="Label" class="text-danger"></span>
 			</div>
-			<div class="form-group">
-				<label asp-for="PublicKey"></label>
-				<small class="text-muted">Keep empty for server-initiated pairing</small>
-				<input asp-for="PublicKey" class="form-control" />
-				<span asp-validation-for="PublicKey" class="text-danger"></span>
-			</div>
+			@if(!ViewBag.HidePublicKey)
+			{
+				<div class="form-group">
+					<label asp-for="PublicKey"></label>
+					<small class="text-muted">Keep empty for server-initiated pairing</small>
+					<input asp-for="PublicKey" class="form-control" />
+					<span asp-validation-for="PublicKey" class="text-danger"></span>
+				</div>
+			}
 			<div class="form-group">
 				<label asp-for="Facade"></label>
 				<select asp-for="Facade" class="form-control">
@ -29,6 +32,19 @@
 				</select>
 				<span asp-validation-for="Facade" class="text-danger"></span>
 			</div>
+
+			@if(ViewBag.ShowStores)
+			{
+				<div class="form-group">
+					<label asp-for="StoreId" class="control-label"></label>
+					<select asp-for="StoreId" asp-items="Model.Stores" class="form-control"></select>
+					<span asp-validation-for="StoreId" class="text-danger"></span>
+				</div>
+			}
+			else
+			{
+				<input type="hidden" asp-for="StoreId" />
+			}
 			<div class="form-group">
 				<input type="submit" value="Request pairing" class="btn btn-default" />
 			</div>
--- a/btcpayserver.sln
+++ b/btcpayserver.sln
@ -1,7 +1,7 @@

 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26730.3
+VisualStudioVersion = 15.0.26730.16
 MinimumVisualStudioVersion = 15.0.26124.0
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BTCPayServer", "BTCPayServer\BTCPayServer.csproj", "{949A0870-8D8C-4DE5-8845-DDD560489177}"
 EndProject