* UI: Additional improvements to the User Invitation flow
Closes#6224.
* Clear invitation token only after the user can sign in
Fixes "404 Error on Follow-Up Visits" of #6236.
* Minor spacing fix
* Update accordion button
* Handle password reset when SMTP isn't configured or the configuration cannot be validated
* include rel in external a tag
* Simplify it
* Test fix
* Simplify a bit
* selenium test to manage users
---------
Co-authored-by: Dennis Reimann <mail@dennisreimann.de>
Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
* Server: Make sending email optional when adding user
Closes#6158.
* Generate custom invite token and store it in user blob
Closes btcpayserver/app/#46.
* QR code for user invite
Closes#6157.
* Text fix
* Onboarding: Invite new users
- Separates the user self-registration and invite cases
- Adds invitation email for users created by the admin
- Adds invitation tokens to verify user was invited
- Adds handler action for invite links
- Refactors `UserEventHostedService`
- Fixes#5726.
* Add permissioned form tag helper
* Better way of changing a user's role
* Test fixes
* Server Users: More precise message when inviting users
This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user.
* Onboarding: Invite new users
- Separates the user self-registration and invite cases
- Adds invitation email for users created by the admin
- Adds invitation tokens to verify user was invited
- Adds handler action for invite links
- Refactors `UserEventHostedService`
* Remove duplicate status message from views that use the wizard layout
* Auto-approve users created by an admin
* Notify admins via email if a new account requires approval
* Update wording
* Fix update user error
* Fix redirect to email confirmation in invite action
* Fix precondition checks after signup
* Improve admin notification
Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations.
* Allow approval alongside resending confirm email
* Use user email in log messages instead of ID
* Prevent unnecessary notification after email confirmation
* Use ApplicationUser type explicitly
* Fix after rebase
* Refactoring: Do not subclass UserRegisteredEvent
* Users list: Cleanups
* Policies: Flip registration settings
* Policies: Add RequireUserApproval setting
* Add approval to user
* Require approval on login and for API key
* API handling
* AccountController cleanups
* Test fix
* Apply suggestions from code review
Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
* Add missing imports
* Communicate login requirements to user on account creation
* Add login requirements to basic auth handler
* Cleanups and test fix
* Encapsulate approval logic in user service and log approval changes
* Send follow up "Account approved" email
Closes#5656.
* Add notification for admins
* Fix creating a user via the admin view
* Update list: Unify flags into status column, add approve action
* Adjust "Resend email" wording
* Incorporate feedback from code review
* Remove duplicate test server policy reset
---------
Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
* Adapt cookie auth to work with same API permission system
* Handle unscoped store permission case
* Do not consider Unscoped as a valid policy
* Add tests
* Refactor permissions scopes
---------
Co-authored-by: Dennis Reimann <mail@dennisreimann.de>
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Fix duplicates in GetAllApps with allowNoUser
* Use domain mapping as canonical reference and redirect to it
* Revert domain mapping to hostname instead of URL
* Editorconfig: Add space_before_self_closing setting
This was a difference between the way dotnet-format and Rider format code. See https://www.jetbrains.com/help/rider/EditorConfig_Index.html
* Editorconfig: Keep 4 spaces indentation for Swagger JSON files
They are all formatted that way, let's keep it like that.
* Apply dotnet-format, mostly white-space related changes
* Allow Users to be disabled/enabled
* rebrand to locked for api
* Update BTCPayServer/Views/UIAccount/Lockout.cshtml
Co-authored-by: d11n <mail@dennisreimann.de>
* fix docker compose and an uneeded check in api handler
* fix
* Add enabled user test
Co-authored-by: d11n <mail@dennisreimann.de>
Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
