Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow API key to be set, in case redirection fails #67

Merged
merged 1 commit into from
Oct 15, 2022
Merged

Allow API key to be set, in case redirection fails #67

merged 1 commit into from
Oct 15, 2022

Conversation

BitcoinMitchell
Copy link
Collaborator

@BitcoinMitchell BitcoinMitchell commented Oct 13, 2022
edited
Loading

Possible solution for the Invalid token: direct access to this link may lead to a potential security breach-issues. The pop-up sometimes appears and sometimes it doesn't and it has been near impossible to debug why.

One reason I did find is because PrestaShop assumes that POST-requests from BTCPay Server are evil (even though I use a valid token) and I have no way to bypass/resolve it. I did see that routes with api_ in the name should be skipped, but that triggers something else that logs you out fully, which is not great.

You can disable the tokens store-wide, but that just feels like a terrible idea, so I've gone back to what we used to do in this plugin, just ask for the API key and display a URL where you can create it with all required permissions.

This setup is not perfect, but it works: btcpay v5.2.0.zip.

This will require a documentation change in https://github.com/btcpayserver/btcpayserver-doc/edit/master/docs/PrestaShop.md

@BitcoinMitchell BitcoinMitchell changed the title Do not use redirect URL, as it causes too many issues WIP: Do not use redirect URL, as it causes too many issues Oct 13, 2022
@BitcoinMitchell BitcoinMitchell marked this pull request as draft October 14, 2022 06:59
@BitcoinMitchell BitcoinMitchell force-pushed the 5.x-use-api-key-in-form branch 4 times, most recently from cc873f0 to 342078b Compare October 14, 2022 21:02
@BitcoinMitchell BitcoinMitchell changed the title WIP: Do not use redirect URL, as it causes too many issues WIP: Allow API key to be set, in case redirection fails Oct 14, 2022
@BitcoinMitchell BitcoinMitchell force-pushed the 5.x-use-api-key-in-form branch 4 times, most recently from 03cc155 to 4580840 Compare October 14, 2022 22:21
@BitcoinMitchell BitcoinMitchell marked this pull request as ready for review October 14, 2022 22:23
@BitcoinMitchell BitcoinMitchell changed the title WIP: Allow API key to be set, in case redirection fails Allow API key to be set, in case redirection fails Oct 14, 2022
@BitcoinMitchell BitcoinMitchell force-pushed the 5.x-use-api-key-in-form branch 5 times, most recently from 360eb73 to 84387d5 Compare October 15, 2022 11:21
@BitcoinMitchell BitcoinMitchell force-pushed the 5.x-use-api-key-in-form branch from 84387d5 to d1f34d7 Compare October 15, 2022 12:27
@BitcoinMitchell BitcoinMitchell merged commit e96befd into 5.x Oct 15, 2022
@BitcoinMitchell BitcoinMitchell deleted the 5.x-use-api-key-in-form branch October 15, 2022 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@BitcoinMitchell