mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-20 13:34:37 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix empty permissions case

Browse source
This commit is contained in:
Dennis Reimann 2022-06-28 17:22:29 +02:00 committed by Andrew Camilleri
parent eef7539c2d
commit ed1f249aaf
3 changed files with 20 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
BTCPayServer.Tests/ApiKeysTests.cs
View file

@ -234,6 +234,14 @@ namespace BTCPayServer.Tests
TestLogs.LogInformation($"Checking API key permissions: {allAPIKey}");
var apikeydata = await TestApiAgainstAccessToken<ApiKeyData>(allAPIKey, "api/v1/api-keys/current", tester.PayTester.HttpClient);
Assert.Equal(checkedPermissionCount, apikeydata.Permissions.Length);
TestLogs.LogInformation("Checking empty permissions");
authUrl = BTCPayServerClient.GenerateAuthorizeUri(s.ServerUri, Array.Empty<string>(), false, true).ToString();
s.GoToUrl(authUrl);
select = new SelectElement(s.Driver.FindElement(By.Id("StoreId")));
select.SelectByIndex(0);
s.Driver.FindElement(By.Id("continue")).Click();
Assert.Contains("There are no associated permissions to the API key being requested", s.Driver.PageSource);
}
async Task TestApiAgainstAccessToken(string accessToken, ServerTester tester, TestAccount testAccount,

14
BTCPayServer/Controllers/UIManageController.APIKeys.cs
View file

@ -203,12 +203,16 @@ namespace BTCPayServer.Controllers
return RedirectToAction("APIKeys", new { key = key.Id });
default:
var requestPermissions = Permission.ToPermissions(viewModel.Permissions?.Split(';').ToArray()).ToList();
var existingApiKey = await CheckForMatchingApiKey(requestPermissions, viewModel);
if (existingApiKey != null)
var perms = viewModel.Permissions?.Split(';').ToArray() ?? Array.Empty<string>();
if (perms.Any())
{
viewModel.ApiKey = existingApiKey.Id;
return View("ConfirmAPIKey", viewModel);
var requestPermissions = Permission.ToPermissions(perms).ToList();
var existingApiKey = await CheckForMatchingApiKey(requestPermissions, viewModel);
if (existingApiKey != null)
{
viewModel.ApiKey = existingApiKey.Id;
return View("ConfirmAPIKey", viewModel);
}
}
return View(viewModel);
}

5
BTCPayServer/Views/UIManage/AuthorizeAPIKey.cshtml
View file

@ -4,7 +4,8 @@
@{
var displayName = Model.ApplicationName ?? Model.ApplicationIdentifier;
var store = string.IsNullOrEmpty(Model.StoreId) ? null : Model.Stores.FirstOrDefault(s => s.Id == Model.StoreId);
var permissions = Permission.ToPermissions(Model.Permissions.Split(';')).GroupBy(permission => permission.Policy);
var permissions = Model.Permissions?.Split(';') ?? Array.Empty<string>();
var groupedPermissions = Permission.ToPermissions(permissions).GroupBy(permission => permission.Policy);
ViewData["Title"] = $"Authorize {displayName ?? "Application"}";
Layout = "_LayoutWizard";
}
@ -86,7 +87,7 @@
</div>
<h2 class="h5 fw-semibold mt-4">Permissions</h2>
@if (!permissions.Any())
@if (!groupedPermissions.Any())
{
<p>
There are no associated permissions to the API key being requested by the application.