diff --git a/.gitignore b/.gitignore
index 5b6199125..855e8737a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,7 @@ venv
 
 __bundle__
 
+coverage.xml
 node_modules
 lnbits/static/bundle.*
 docker
diff --git a/Makefile b/Makefile
index 5cc3f0509..2873ae774 100644
--- a/Makefile
+++ b/Makefile
@@ -17,7 +17,7 @@ mypy: $(shell find lnbits -name "*.py")
 	./venv/bin/mypy lnbits/core
 	./venv/bin/mypy lnbits/extensions/*
 
-isort: $(shell find lnbits -name "*.py") 
+isort: $(shell find lnbits -name "*.py")
 	./venv/bin/isort --profile black lnbits
 
 checkprettier: $(shell find lnbits -name "*.js" -name ".html")
@@ -36,7 +36,6 @@ requirements.txt: Pipfile.lock
 	cat Pipfile.lock | jq -r '.default | map_values(.version) | to_entries | map("\(.key)\(.value)") | join("\n")' > requirements.txt
 
 test:
-	rm -rf ./tests/data
 	mkdir -p ./tests/data
 	LNBITS_BACKEND_WALLET_CLASS="FakeWallet" \
 	FAKE_WALLET_SECRET="ToTheMoon1" \
@@ -45,14 +44,12 @@ test:
 	./venv/bin/pytest --durations=1 -s --cov=lnbits --cov-report=xml tests
 
 test-real-wallet:
-	rm -rf ./tests/data
 	mkdir -p ./tests/data
 	LNBITS_DATA_FOLDER="./tests/data" \
 	PYTHONUNBUFFERED=1 \
-	./venv/bin/pytest --durations=1 -s --cov=lnbits --cov-report=xml tests	
+	./venv/bin/pytest --durations=1 -s --cov=lnbits --cov-report=xml tests
 
 test-pipenv:
-	rm -rf ./tests/data
 	mkdir -p ./tests/data
 	LNBITS_BACKEND_WALLET_CLASS="FakeWallet" \
 	FAKE_WALLET_SECRET="ToTheMoon1" \
diff --git a/lnbits/core/views/api.py b/lnbits/core/views/api.py
index 627d3aed3..3ef92ea60 100644
--- a/lnbits/core/views/api.py
+++ b/lnbits/core/views/api.py
@@ -279,7 +279,7 @@ class CreateLNURLData(BaseModel):
 
 @core_app.post("/api/v1/payments/lnurl")
 async def api_payments_pay_lnurl(
-    data: CreateLNURLData, wallet: WalletTypeInfo = Depends(get_key_type)
+    data: CreateLNURLData, wallet: WalletTypeInfo = Depends(require_admin_key)
 ):
     domain = urlparse(data.callback).netloc
 
@@ -305,6 +305,12 @@ async def api_payments_pay_lnurl(
             detail=f"{domain} said: '{params.get('reason', '')}'",
         )
 
+    if not params.get("pr"):
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail=f"{domain} did not return a payment request.",
+        )
+
     invoice = bolt11.decode(params["pr"])
     if invoice.amount_msat != data.amount:
         raise HTTPException(
@@ -312,11 +318,11 @@ async def api_payments_pay_lnurl(
             detail=f"{domain} returned an invalid invoice. Expected {data.amount} msat, got {invoice.amount_msat}.",
         )
 
-    #  if invoice.description_hash != data.description_hash:
-    #      raise HTTPException(
-    #          status_code=HTTPStatus.BAD_REQUEST,
-    #          detail=f"{domain} returned an invalid invoice. Expected description_hash == {data.description_hash}, got {invoice.description_hash}.",
-    #      )
+    if invoice.description_hash != data.description_hash:
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail=f"{domain} returned an invalid invoice. Expected description_hash == {data.description_hash}, got {invoice.description_hash}.",
+        )
 
     extra = {}