make api key delete use confirm page

2025-02-20 13:34:37 +01:00 · 2020-02-26 10:26:38 +01:00 · 2020-02-26 10:26:38 +01:00 · e7eea1036b
commit e7eea1036b
parent 48c21baee5
4 changed files with 28 additions and 6 deletions
--- a/BTCPayServer/Controllers/ManageController.APIKeys.cs
+++ b/BTCPayServer/Controllers/ManageController.APIKeys.cs
@ -8,11 +8,8 @@ using BTCPayServer.Hosting.OpenApi;
 using BTCPayServer.Models;
 using BTCPayServer.Security;
 using BTCPayServer.Security.APIKeys;
-using ExchangeSharp;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Newtonsoft.Json;
 using NSwag.Annotations;

 namespace BTCPayServer.Controllers
@ -31,9 +28,33 @@ namespace BTCPayServer.Controllers
            });
        }

-        [HttpGet]
+        
+        
+        [HttpGet("api-keys/{id}/delete")]
        public async Task<IActionResult> RemoveAPIKey(string id)
        {
+            var key = await _apiKeyRepository.GetKey(id);
+            if (key == null || key.UserId != _userManager.GetUserId(User))
+            {
+                return NotFound();
+            }
+            return View("Confirm", new ConfirmModel()
+            {
+                Title = "Delete API Key "+ ( string.IsNullOrEmpty(key.Label)? string.Empty: key.Label) + "("+key.Id+")",
+                Description = "Any application using this api key will immediately lose access",
+                Action = "Delete",
+                ActionUrl = Request.GetCurrentUrl().Replace("RemoveAPIKey", "RemoveAPIKeyPost")
+            });
+        }
+
+        [HttpPost("api-keys/{id}/delete")]
+        public async Task<IActionResult> RemoveAPIKeyPost(string id)
+        {
+            var key = await _apiKeyRepository.GetKey(id);
+            if (key == null || key.UserId != _userManager.GetUserId(User))
+            {
+                return NotFound();
+            }
            await _apiKeyRepository.Remove(id, _userManager.GetUserId(User));
            TempData.SetStatusMessageModel(new StatusMessageModel()
            {
--- a/BTCPayServer/Models/ConfirmModel.cs
+++ b/BTCPayServer/Models/ConfirmModel.cs
@ -29,5 +29,6 @@ namespace BTCPayServer.Models
            get; set;
        }
        public string ButtonClass { get; set; } = "btn-danger";
+        public string ActionUrl { get; set; }
    }
 }
--- a/BTCPayServer/Views/Manage/APIKeys.cshtml
+++ b/BTCPayServer/Views/Manage/APIKeys.cshtml
@ -31,7 +31,7 @@
                }
            </td>
            <td class="text-right">
-                <a asp-action="RemoveAPIKey" asp-route-id="@keyData.Id">Remove</a>
+                <a asp-action="RemoveAPIKey" asp-route-id="@keyData.Id" asp-controller="Manage">Remove</a>
            </td>
        </tr>
    }
--- a/BTCPayServer/Views/Shared/Confirm.cshtml
+++ b/BTCPayServer/Views/Shared/Confirm.cshtml
@ -26,7 +26,7 @@
                {
                    <div class="row">
                        <div class="col-lg-12 text-center">
-                            <form method="post">
+                            <form method="post" action="@Model.ActionUrl">
                                <button id="continue" type="submit" class="btn @Model.ButtonClass w-25">@Model.Action</button>
                                <button type="submit" class="btn btn-secondary w-25" onclick="history.back(); return false;">Go back</button>
                            </form>