* Allow User to delete own account
* Add User delete e2e test
* fix test
* Apply suggestions from code review
Co-authored-by: d11n <mail@dennisreimann.de>
Co-authored-by: d11n <mail@dennisreimann.de>
* Fix CSP for inline handlers on LND seed backup page
* Fix CSP for inline handlers on checkout page
* Fix CSP for inline handlers on wallet sign pages
* Fix CSP for inline handlers on invoices list page
* Fix CSP for inline handlers on payouts page
* Fix CSP for inline handlers on confirm API key page
* Fix CSP for inline handlers on store rates page
* Fix CSP for inline handlers on notifications page
* Fix CSP for inline handlers on dynamic DNS page
* Fix CSP for inline handlers on checkout experience page
Moves the `ViewsRazor` extension into Abstractions, so that it can be used by plugins.
Separated out of #2701, prerequisite for the LNbank plugin integration.
* Unit test to check for (possibly) external links
* Add rel="noreferrer noopener" to all external links so unit test passes
* Update BTCPayServer.Tests/UnitTest1.cs
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* Update BTCPayServer.Tests/UnitTest1.cs
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* Fixed bad merge from master
* PascalCasing
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* Better API key page
Now we can see the permission code + Fixed a margin-bottom when selecting a specific store
* Improve responsiveness of API key permissions
* Improve webhook editing UX
Jumps to edited item after submit
Co-authored-by: Dennis Reimann <mail@dennisreimann.de>
* FIDO2/WebAuthN Support
This adds initial support for WebAuthN/FIDO2 as another MFA mode. U2F is still intact and runs alongside it for now. Once this is merged, I will start work on migrating U2F support to happen over the FIDO2 protocol instead.
* Refactor and future proof system (prep work of seamless u2f migration)
* attempt js fix for mobile devices
* Apply suggestions from code review
Co-authored-by: d11n <mail@dennisreimann.de>
* fix fido name saving
* do not spam logs and hide loader when failed
* PR Changes
* Apply suggestions from code review
Co-authored-by: d11n <mail@dennisreimann.de>
* attempt fido2 bump
* add name if not named for credentials
Co-authored-by: d11n <mail@dennisreimann.de>
* Fix formatting in bootstrap.css
This looks like it got introduced when resolving a merge conflict.
* Fix typos in views
* Fix semibold style definition
* Improve and unify page headers
* Altcoin test fixes
* Update BTCPayServer/Views/Apps/UpdateCrowdfund.cshtml
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* Update BTCPayServer/Views/Apps/UpdateCrowdfund.cshtml
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* Fix missing store name in pairing view
* Fix CanUsePairing test
* Bump header navigation font size
* Use partial tag instead of Html.PartialAsync in views
As suggested by @nicolasdorier. These are equivalent, see details [here](https://docs.microsoft.com/en-us/aspnet/core/mvc/views/partial?view=aspnetcore-3.1#partial-tag-helper).
* Fix docs link
As in #2432.
* Update BTCPayServer/Views/Wallets/SignWithSeed.cshtml
Co-authored-by: britttttk <39231115+britttttk@users.noreply.github.com>
* Update BTCPayServer/Views/Wallets/WalletSendVault.cshtml
Co-authored-by: britttttk <39231115+britttttk@users.noreply.github.com>
* Update BTCPayServer/Views/Wallets/WalletTransactions.cshtml
Co-authored-by: britttttk <39231115+britttttk@users.noreply.github.com>
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
Co-authored-by: britttttk <39231115+britttttk@users.noreply.github.com>
The [previously used U2F library](https://github.com/fido-alliance/google-u2f-ref-code/) has been deprecated. The new one does not override the browsers `window.u2f` functionality if it is natively supported. It also displays the appropriate errors and falls back nicely in case the browser does not support U2F.
This allows plugins to create custom dbcontexts, which would be namespaced in the scheme with a prefix. Migrations are supported too and the table would be prefixed too
* BTCPay Extensions Part 2
This PR cleans up the extension system a bit in that:
* It renames the test extension to a more uniform name
* Allows yo uto have system extensions, which are extensions but bundled by default with the release (and cannot be removed)
* Adds a tool to help you generate an extension package from a csproj
* Refactors the UI extension points to a view component
* Moves some more interfaces to the Abstractions csproj
* Rename to plugins
* Allow disabling notifications per user and disabling specific notifications per use
closes#1974
* Add disable notifs for all users
* fix term generator for notifications
* sow checkboxes instead of multiselect when js is enabled
* remove js dependency
* fix notif conditions
* Rename user param to userId in API key redirect
This way it is clearer what to expect and it also make the parameteer easier to consume.
* Post redirect: Allow form url and prettify page
- Form URL as alternative to controller/action for external URLs
- Making it look nice and add explanation for non-JS case
* APIKeys: Minor view updates
fix
* APIKeys: Use POST redirect for confirmation
fix
* UI: Minor update to confirm view
Tidies it up and adapts to the newly added ConfirmAPIKeys view.
* APIKeys: Update delete view
Structures the information in title and description better.
* APIKeys: Distinguish authorize and confirm (reuse)
* Upgrade ChromeDriver
* Test fixes
* Clean up PostRedirect view
By adding missing forgery token
* Re-add tests for callback post values
* Rename key param to apiKey in API key redirect
* Update BTCPayServer/wwwroot/swagger/v1/swagger.template.authorization.json
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* Use DEBUG conditional for postredirect-callback-test route
* Remove unnecessary ChromeDriver references
* Add debug flag
* Remove debug flags
Co-authored-by: Andrew Camilleri <evilkukka@gmail.com>
* This refactors the email sending so that all the logic related to users and emails are now contained in one location.
* The Reset password screen has been updated from its ugly plain self to use the same layout as the login.
* An admin can now create a new account without specifying a password. A link is generated that can be given to the intended user to configure the password. If emails are configured, it also sends an email
* An admin can now create accounts that still require the user to verify their if the setting is enabled from the server settings. A link is generated that can be given to the intended user to configure the password. If emails are configured, it also sends an email.
* The above features can be used in conjunction: An email will have to verify their email through a link. Once verified, the user is redirected to setting the password.
* When an email has been verified OR a password has been set, users are now redirected to the login page with the email filled in and a success status message shown instead of a dedicated thank you page.
This lets the authorize api key screen redirect to the defined url and provide it with the user id, permissions granted and the key.
This also allows apps to match existing api keys generated for it specifically using the application identifier, and if matched, presented with a confirmation page before redirection.
