From f19d59d429fb8f6c52ae2802c8a14474ee0d1102 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?dni=20=E2=9A=A1?= Date: Tue, 12 Sep 2023 12:23:23 +0200 Subject: [PATCH] [BUG] self payments for the same wallet (#1914) * [BUG] self payments for fakewallet make it possible to pay to yourself on fakewallet f * bugfix selfpayments for fakewallet * delete by wallet and fix previous_payment check (#1919) --------- Co-authored-by: callebtc <93376500+callebtc@users.noreply.github.com> --- lnbits/core/crud.py | 15 +++++++-------- lnbits/core/models.py | 4 ++-- tests/core/views/test_api.py | 18 ++++++++++++++++++ 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/lnbits/core/crud.py b/lnbits/core/crud.py index 77e672af3..1f7cd045d 100644 --- a/lnbits/core/crud.py +++ b/lnbits/core/crud.py @@ -539,8 +539,9 @@ async def create_payment( webhook: Optional[str] = None, conn: Optional[Connection] = None, ) -> Payment: - # todo: add this when tests are fixed - previous_payment = await get_wallet_payment(wallet_id, payment_hash, conn=conn) + # we don't allow the creation of the same invoice twice + # note: this can be removed if the db uniquess constarints are set appropriately + previous_payment = await get_standalone_payment(checking_id, conn=conn) assert previous_payment is None, "Payment already exists" try: @@ -654,12 +655,6 @@ async def update_payment_extra( ) -async def delete_payment(checking_id: str, conn: Optional[Connection] = None) -> None: - await (conn or db).execute( - "DELETE FROM apipayments WHERE checking_id = ?", (checking_id,) - ) - - async def delete_wallet_payment( checking_id: str, wallet_id: str, conn: Optional[Connection] = None ) -> None: @@ -672,6 +667,10 @@ async def delete_wallet_payment( async def check_internal( payment_hash: str, conn: Optional[Connection] = None ) -> Optional[str]: + """ + Returns the checking_id of the internal payment if it exists, + otherwise None + """ row = await (conn or db).fetchone( """ SELECT checking_id FROM apipayments diff --git a/lnbits/core/models.py b/lnbits/core/models.py index 0e6e5ac4f..49ab21080 100644 --- a/lnbits/core/models.py +++ b/lnbits/core/models.py @@ -235,9 +235,9 @@ class Payment(FromRowModel): return status async def delete(self, conn: Optional[Connection] = None) -> None: - from .crud import delete_payment + from .crud import delete_wallet_payment - await delete_payment(self.checking_id, conn=conn) + await delete_wallet_payment(self.checking_id, self.wallet_id, conn=conn) class PaymentFilters(FilterModel): diff --git a/tests/core/views/test_api.py b/tests/core/views/test_api.py index f36c9a1d3..2115b58d5 100644 --- a/tests/core/views/test_api.py +++ b/tests/core/views/test_api.py @@ -209,6 +209,24 @@ async def test_pay_invoice_wrong_key(client, invoice, adminkey_headers_from): assert response.status_code >= 300 # should fail +# check POST /api/v1/payments: payment with self payment +@pytest.mark.asyncio +async def test_pay_invoice_self_payment(client, adminkey_headers_from): + create_invoice = CreateInvoice(out=False, amount=1000, memo="test") + response = await client.post( + "/api/v1/payments", + json=create_invoice.dict(), + headers=adminkey_headers_from, + ) + assert response.status_code < 300 + json_data = response.json() + data = {"out": True, "bolt11": json_data["payment_request"]} + response = await client.post( + "/api/v1/payments", json=data, headers=adminkey_headers_from + ) + assert response.status_code < 300 + + # check POST /api/v1/payments: payment with invoice key [should fail] @pytest.mark.asyncio async def test_pay_invoice_invoicekey(client, invoice, inkey_headers_from):