diff --git a/BTCPayServer/Controllers/GreenField/StoreOnChainWalletsController.cs b/BTCPayServer/Controllers/GreenField/StoreOnChainWalletsController.cs index 6205e705c..2b7a4e7b0 100644 --- a/BTCPayServer/Controllers/GreenField/StoreOnChainWalletsController.cs +++ b/BTCPayServer/Controllers/GreenField/StoreOnChainWalletsController.cs @@ -388,7 +388,7 @@ namespace BTCPayServer.Controllers.GreenField var signingKeyStr = await explorerClient .GetMetadataAsync(derivationScheme.AccountDerivation, WellknownMetadataKeys.MasterHDKey); - if (signingKeyStr is null) + if (!derivationScheme.IsHotWallet || signingKeyStr is null) { return this.CreateAPIError("not-available", $"{cryptoCode} sending services are not currently available"); @@ -403,7 +403,7 @@ namespace BTCPayServer.Controllers.GreenField var accountKey = signingKey.Derive(rootedKeyPath.KeyPath); var changed = psbt.PSBT.PSBTChanged(() => psbt.PSBT.SignAll(derivationScheme.AccountDerivation, accountKey, - rootedKeyPath, new SigningOptions() {EnforceLowR = !(signingContext?.EnforceLowR is false)})); + rootedKeyPath, new SigningOptions() {EnforceLowR = signingContext?.EnforceLowR is bool v ? v : psbt.Suggestions.ShouldEnforceLowR })); if (!changed) { @@ -465,17 +465,6 @@ namespace BTCPayServer.Controllers.GreenField return await _authorizationService.CanUseHotWallet(_cssThemeManager.Policies, User); } - private async Task GetWallet(DerivationSchemeSettings derivationScheme) - { - if (!derivationScheme.IsHotWallet) - return null; - - var result = await _explorerClientProvider.GetExplorerClient(derivationScheme.Network.CryptoCode) - .GetMetadataAsync(derivationScheme.AccountDerivation, - WellknownMetadataKeys.MasterHDKey); - return string.IsNullOrEmpty(result) ? null : ExtKey.Parse(result, derivationScheme.Network.NBitcoinNetwork); - } - private bool IsInvalidWalletRequest(string cryptoCode, out BTCPayNetwork network, out DerivationSchemeSettings derivationScheme, out IActionResult actionResult) { diff --git a/BTCPayServer/Extensions/AuthorizationExtensions.cs b/BTCPayServer/Extensions/AuthorizationExtensions.cs index 57dd46583..a9f9f3d2f 100644 --- a/BTCPayServer/Extensions/AuthorizationExtensions.cs +++ b/BTCPayServer/Extensions/AuthorizationExtensions.cs @@ -1,9 +1,11 @@ using System.Security.Claims; using System.Threading.Tasks; +using BTCPayServer.Abstractions.Constants; using BTCPayServer.Client; using BTCPayServer.Security.Bitpay; using BTCPayServer.Security.GreenField; using BTCPayServer.Services; +using CsvHelper.Configuration.Attributes; using Microsoft.AspNetCore.Authorization; namespace BTCPayServer @@ -15,8 +17,19 @@ namespace BTCPayServer PoliciesSettings policiesSettings, ClaimsPrincipal user) { - return (await authorizationService.AuthorizeAsync(user, Policies.CanModifyServerSettings)) - .Succeeded ? (true, true) : (policiesSettings?.AllowHotWalletForAll is true, policiesSettings?.AllowHotWalletRPCImportForAll is true); + if (!user.Identity.IsAuthenticated) + return (false, false); + var claimUser = user.Identity as ClaimsIdentity; + if (claimUser is null) + return (false, false); + + bool isAdmin = false; + if (claimUser.AuthenticationType == AuthenticationSchemes.Cookie) + isAdmin = user.IsInRole(Roles.ServerAdmin); + else if (claimUser.AuthenticationType == GreenFieldConstants.AuthenticationType) + isAdmin = (await authorizationService.AuthorizeAsync(user, Policies.CanModifyServerSettings)).Succeeded; + return isAdmin ? (true, true) : + (policiesSettings?.AllowHotWalletForAll is true, policiesSettings?.AllowHotWalletRPCImportForAll is true); } } }