From 276ace4be767f8e8770b7f7b73abf445f3034665 Mon Sep 17 00:00:00 2001 From: Marcos Date: Mon, 15 Jan 2024 17:13:45 +0100 Subject: [PATCH 1/8] fix: withdrawals error on signing with same key multiple times --- src/Pages/Withdrawals.razor | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/Pages/Withdrawals.razor b/src/Pages/Withdrawals.razor index a14f4b61..a2874e59 100644 --- a/src/Pages/Withdrawals.razor +++ b/src/Pages/Withdrawals.razor @@ -56,9 +56,9 @@ - @if (context.Wallet != null && context.Wallet.Keys != null && context.Wallet.Keys.Any(x => x.UserId == LoggedUser?.Id) - && !context.AreAllRequiredHumanSignaturesCollected - && context.WalletWithdrawalRequestPSBTs.All(x => x.SignerId != LoggedUser?.Id)) + @if (context.Wallet != null && context.Wallet.Keys != null + && context.Wallet.Keys.Count(x => x.UserId == LoggedUser?.Id) > context.WalletWithdrawalRequestPSBTs.Count(x => x.SignerId == LoggedUser?.Id) + && !context.AreAllRequiredHumanSignaturesCollected) { } @@ -761,13 +761,18 @@ } } - private async Task Approve(WalletWithdrawalRequest request) + private async Task Approve() { if (_selectedRequest == null || string.IsNullOrEmpty(_psbtSignRef?.SignedPSBT) || LoggedUser == null) { _utxoSelectorModalRef.ClearModal(); ToastService.ShowError("Invalid request"); } + else if (_selectedRequest.WalletWithdrawalRequestPSBTs.Any(x => x.SignerId == LoggedUser?.Id + && _psbtSignRef.SignedPSBT.Equals(x.PSBT))) + { + ToastService.ShowError("You already signed this request with this key"); + } else { WalletWithdrawalRequestPSBT walletWithdrawalRequestPsbt = new() @@ -831,7 +836,9 @@ private async Task ApproveRequestDelegate() { if (_selectedRequest != null) - await Approve(_selectedRequest); + { + await Approve(); + } } private async Task RejectOrCancel() From dfee673c648c1b325a77eed8ec9180049fa37713 Mon Sep 17 00:00:00 2001 From: Marcos Date: Mon, 15 Jan 2024 17:19:24 +0100 Subject: [PATCH 2/8] feat: add security to avoid double signing on a psbt with the same key --- src/Pages/ChannelRequests.razor | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/Pages/ChannelRequests.razor b/src/Pages/ChannelRequests.razor index 766db48b..b3e4c47f 100644 --- a/src/Pages/ChannelRequests.razor +++ b/src/Pages/ChannelRequests.razor @@ -227,7 +227,13 @@ - + @if (_isFinanceManager && context.Item.Wallet != null && context.Item.Wallet.Keys != null + && context.Item.Wallet.Keys.Count(x => x.UserId == LoggedUser?.Id) > context.Item.ChannelOperationRequestPsbts.Count(x => x.UserSignerId == LoggedUser?.Id) + && !context.Item.AreAllRequiredHumanSignaturesCollected) + { + + } + @{ if (LoggedUser?.Id == context.Item.UserId) { @@ -795,7 +801,12 @@ if (_selectedRequest == null || string.IsNullOrEmpty(_psbtSignRef?.SignedPSBT) || LoggedUser == null) { - ToastService.ShowError("Error: Not all fields were set"); + ToastService.ShowError("Not all fields were set"); + } + else if (_selectedRequest.ChannelOperationRequestPsbts.Any(x => x.UserSignerId == LoggedUser?.Id + && _psbtSignRef.SignedPSBT.Equals(x.PSBT))) + { + ToastService.ShowError("You already signed this PSBT"); } else { From fffce88fd2d48cc752d9075d63b8eeb7fd9171c4 Mon Sep 17 00:00:00 2001 From: Marcos Date: Fri, 19 Jan 2024 20:52:26 +0100 Subject: [PATCH 3/8] fix: update psbts --- src/Pages/Withdrawals.razor | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Pages/Withdrawals.razor b/src/Pages/Withdrawals.razor index a2874e59..180d8e80 100644 --- a/src/Pages/Withdrawals.razor +++ b/src/Pages/Withdrawals.razor @@ -837,6 +837,7 @@ { if (_selectedRequest != null) { + _selectedRequest = await WalletWithdrawalRequestRepository.GetById(_selectedRequest.Id); await Approve(); } } From 87c6919e2429a9c1901d97bd164405f271ddd428 Mon Sep 17 00:00:00 2001 From: Marcos Date: Fri, 19 Jan 2024 21:02:02 +0100 Subject: [PATCH 4/8] chore: unify withdrawals and channelrequets --- .../Repositories/ChannelOperationRequestRepository.cs | 6 +++--- .../Repositories/WalletWithdrawalRequestRepository.cs | 6 +++--- src/Pages/ChannelRequests.razor | 8 +------- src/Pages/Withdrawals.razor | 4 ++-- 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/src/Data/Repositories/ChannelOperationRequestRepository.cs b/src/Data/Repositories/ChannelOperationRequestRepository.cs index b04b3486..70a979c0 100644 --- a/src/Data/Repositories/ChannelOperationRequestRepository.cs +++ b/src/Data/Repositories/ChannelOperationRequestRepository.cs @@ -79,15 +79,15 @@ public async Task> GetUnsignedPendingRequestsByUse await using var applicationDbContext = await _dbContextFactory.CreateDbContextAsync(); return await applicationDbContext.ChannelOperationRequests - .Where(request => request.Wallet.Keys.Any(key => key.User != null && key.User.Id == userId) && - (request.Status == ChannelOperationRequestStatus.Pending || request.Status == ChannelOperationRequestStatus.PSBTSignaturesPending) && - request.ChannelOperationRequestPsbts.All(signature => signature.UserSignerId != userId)) .Include(request => request.SourceNode) .Include(request => request.Wallet).ThenInclude(x => x.InternalWallet) .Include(x => x.Wallet).ThenInclude(x => x.Keys) .Include(request => request.DestNode) .Include(request => request.ChannelOperationRequestPsbts) .Include(x => x.Utxos) + .Where(request => request.Wallet != null + && request.Wallet.Keys.Count(key => userId == key.UserId) > request.ChannelOperationRequestPsbts.Count(req => req.UserSignerId == userId) + && !request.AreAllRequiredHumanSignaturesCollected) .AsSplitQuery() .ToListAsync(); } diff --git a/src/Data/Repositories/WalletWithdrawalRequestRepository.cs b/src/Data/Repositories/WalletWithdrawalRequestRepository.cs index 8edd6c50..9d9e6747 100644 --- a/src/Data/Repositories/WalletWithdrawalRequestRepository.cs +++ b/src/Data/Repositories/WalletWithdrawalRequestRepository.cs @@ -96,9 +96,9 @@ public async Task> GetUnsignedPendingRequestsByUse .Include(x => x.Wallet).ThenInclude(x => x.Keys) .Include(x => x.UserRequestor) .Include(x => x.WalletWithdrawalRequestPSBTs) - .Where(request => request.Wallet.Keys.Any(key => key.User != null && key.User.Id == userId) && - (request.Status == WalletWithdrawalRequestStatus.Pending || request.Status == WalletWithdrawalRequestStatus.PSBTSignaturesPending) && - request.WalletWithdrawalRequestPSBTs.All(signature => signature.SignerId != userId)) + .Where(request => request.Wallet != null + && request.Wallet.Keys.Count(key => userId == key.UserId) > request.WalletWithdrawalRequestPSBTs.Count(req => req.SignerId == userId) + && !request.AreAllRequiredHumanSignaturesCollected) .AsSplitQuery() .ToListAsync(); } diff --git a/src/Pages/ChannelRequests.razor b/src/Pages/ChannelRequests.razor index b3e4c47f..315148ee 100644 --- a/src/Pages/ChannelRequests.razor +++ b/src/Pages/ChannelRequests.razor @@ -227,13 +227,7 @@ - @if (_isFinanceManager && context.Item.Wallet != null && context.Item.Wallet.Keys != null - && context.Item.Wallet.Keys.Count(x => x.UserId == LoggedUser?.Id) > context.Item.ChannelOperationRequestPsbts.Count(x => x.UserSignerId == LoggedUser?.Id) - && !context.Item.AreAllRequiredHumanSignaturesCollected) - { - - } - + @{ if (LoggedUser?.Id == context.Item.UserId) { diff --git a/src/Pages/Withdrawals.razor b/src/Pages/Withdrawals.razor index 180d8e80..93403906 100644 --- a/src/Pages/Withdrawals.razor +++ b/src/Pages/Withdrawals.razor @@ -60,7 +60,7 @@ && context.Wallet.Keys.Count(x => x.UserId == LoggedUser?.Id) > context.WalletWithdrawalRequestPSBTs.Count(x => x.SignerId == LoggedUser?.Id) && !context.AreAllRequiredHumanSignaturesCollected) { - + } @@ -552,7 +552,7 @@ { if (LoggedUser?.Id != null && _isFinanceManager) { - _userPendingRequests = await WalletWithdrawalRequestRepository.GetAllUnsignedPendingRequests(); + _userPendingRequests = await WalletWithdrawalRequestRepository.GetUnsignedPendingRequestsByUser(LoggedUser.Id); } _withdrawalRequests = (await WalletWithdrawalRequestRepository.GetAll()).Except(_userPendingRequests).ToList(); From 9b1c2bb16019ca4d51d2c5a561a40f0ddef49c88 Mon Sep 17 00:00:00 2001 From: Marcos Date: Fri, 19 Jan 2024 21:02:53 +0100 Subject: [PATCH 5/8] refactor: indents --- src/Data/Repositories/WalletWithdrawalRequestRepository.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Data/Repositories/WalletWithdrawalRequestRepository.cs b/src/Data/Repositories/WalletWithdrawalRequestRepository.cs index 9d9e6747..9465bc57 100644 --- a/src/Data/Repositories/WalletWithdrawalRequestRepository.cs +++ b/src/Data/Repositories/WalletWithdrawalRequestRepository.cs @@ -97,8 +97,8 @@ public async Task> GetUnsignedPendingRequestsByUse .Include(x => x.UserRequestor) .Include(x => x.WalletWithdrawalRequestPSBTs) .Where(request => request.Wallet != null - && request.Wallet.Keys.Count(key => userId == key.UserId) > request.WalletWithdrawalRequestPSBTs.Count(req => req.SignerId == userId) - && !request.AreAllRequiredHumanSignaturesCollected) + && request.Wallet.Keys.Count(key => userId == key.UserId) > request.WalletWithdrawalRequestPSBTs.Count(req => req.SignerId == userId) + && !request.AreAllRequiredHumanSignaturesCollected) .AsSplitQuery() .ToListAsync(); } From d467674fd5a7c4a5777b2e5ac8e1c645c85a7fe8 Mon Sep 17 00:00:00 2001 From: Marcos Date: Fri, 19 Jan 2024 21:04:06 +0100 Subject: [PATCH 6/8] refactor: remove unnecessary check --- src/Pages/Withdrawals.razor | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/Pages/Withdrawals.razor b/src/Pages/Withdrawals.razor index 93403906..cdca3d32 100644 --- a/src/Pages/Withdrawals.razor +++ b/src/Pages/Withdrawals.razor @@ -56,12 +56,7 @@ - @if (context.Wallet != null && context.Wallet.Keys != null - && context.Wallet.Keys.Count(x => x.UserId == LoggedUser?.Id) > context.WalletWithdrawalRequestPSBTs.Count(x => x.SignerId == LoggedUser?.Id) - && !context.AreAllRequiredHumanSignaturesCollected) - { - - } + From 46f6774411c6f329a3c326b0e9da2c091f41ef5f Mon Sep 17 00:00:00 2001 From: Marcos Date: Wed, 24 Jan 2024 10:42:13 +0100 Subject: [PATCH 7/8] fix: check for different user same key --- src/Pages/ChannelRequests.razor | 8 ++++++-- src/Pages/Withdrawals.razor | 3 +-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/Pages/ChannelRequests.razor b/src/Pages/ChannelRequests.razor index 315148ee..fdc48da6 100644 --- a/src/Pages/ChannelRequests.razor +++ b/src/Pages/ChannelRequests.razor @@ -793,12 +793,16 @@ { _psbtSignRef?.HideModal(); + if (_selectedRequest != null) + { + _selectedRequest = await ChannelOperationRequestRepository.GetById(_selectedRequest.Id); + } + if (_selectedRequest == null || string.IsNullOrEmpty(_psbtSignRef?.SignedPSBT) || LoggedUser == null) { ToastService.ShowError("Not all fields were set"); } - else if (_selectedRequest.ChannelOperationRequestPsbts.Any(x => x.UserSignerId == LoggedUser?.Id - && _psbtSignRef.SignedPSBT.Equals(x.PSBT))) + else if (_selectedRequest.ChannelOperationRequestPsbts.Any(x => _psbtSignRef.SignedPSBT.Equals(x.PSBT))) { ToastService.ShowError("You already signed this PSBT"); } diff --git a/src/Pages/Withdrawals.razor b/src/Pages/Withdrawals.razor index cdca3d32..f74a916c 100644 --- a/src/Pages/Withdrawals.razor +++ b/src/Pages/Withdrawals.razor @@ -763,8 +763,7 @@ _utxoSelectorModalRef.ClearModal(); ToastService.ShowError("Invalid request"); } - else if (_selectedRequest.WalletWithdrawalRequestPSBTs.Any(x => x.SignerId == LoggedUser?.Id - && _psbtSignRef.SignedPSBT.Equals(x.PSBT))) + else if (_selectedRequest.WalletWithdrawalRequestPSBTs.Any(x => _psbtSignRef.SignedPSBT.Equals(x.PSBT))) { ToastService.ShowError("You already signed this request with this key"); } From 2e3abee2fe39c7aeca77fc4e6fc4da95c2625ce6 Mon Sep 17 00:00:00 2001 From: Marcos Date: Wed, 24 Jan 2024 10:45:02 +0100 Subject: [PATCH 8/8] fix: remove derive attribute --- src/Data/Repositories/ChannelOperationRequestRepository.cs | 2 +- src/Data/Repositories/WalletWithdrawalRequestRepository.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Data/Repositories/ChannelOperationRequestRepository.cs b/src/Data/Repositories/ChannelOperationRequestRepository.cs index 70a979c0..e6f7de72 100644 --- a/src/Data/Repositories/ChannelOperationRequestRepository.cs +++ b/src/Data/Repositories/ChannelOperationRequestRepository.cs @@ -87,7 +87,7 @@ public async Task> GetUnsignedPendingRequestsByUse .Include(x => x.Utxos) .Where(request => request.Wallet != null && request.Wallet.Keys.Count(key => userId == key.UserId) > request.ChannelOperationRequestPsbts.Count(req => req.UserSignerId == userId) - && !request.AreAllRequiredHumanSignaturesCollected) + && (request.Status == ChannelOperationRequestStatus.Pending || request.Status == ChannelOperationRequestStatus.PSBTSignaturesPending)) .AsSplitQuery() .ToListAsync(); } diff --git a/src/Data/Repositories/WalletWithdrawalRequestRepository.cs b/src/Data/Repositories/WalletWithdrawalRequestRepository.cs index 9465bc57..a8b98b56 100644 --- a/src/Data/Repositories/WalletWithdrawalRequestRepository.cs +++ b/src/Data/Repositories/WalletWithdrawalRequestRepository.cs @@ -98,7 +98,7 @@ public async Task> GetUnsignedPendingRequestsByUse .Include(x => x.WalletWithdrawalRequestPSBTs) .Where(request => request.Wallet != null && request.Wallet.Keys.Count(key => userId == key.UserId) > request.WalletWithdrawalRequestPSBTs.Count(req => req.SignerId == userId) - && !request.AreAllRequiredHumanSignaturesCollected) + && (request.Status == WalletWithdrawalRequestStatus.Pending || request.Status == WalletWithdrawalRequestStatus.PSBTSignaturesPending)) .AsSplitQuery() .ToListAsync(); }