fix tests and bump

The liquid transactions list was showing all transactions to the wallet, even when it had nothing to do with the specific crypto code (e.g sending LBTC txs in USDT, LCAD in USDT, etc). This PR fixes that.

It also uses the previously introduced checkout decimal precision fix to the Wallets screen, specifically the balance amount on wallet llist and balance change on transaction list.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -14,6 +14,9 @@ A clear and concise description of what the bug is.
 **Logs (if applicable)**
 Basic logs can be found in Server Settings > Logs.
 
+**Setup Parameters**
+If you're reporting a deployment issue run `. btcpay-setup.sh -i` and paste your the paremeters by obscuring private information.
+
 **To Reproduce**
 Steps to reproduce the behavior:
 1. Go to '...'

BTCPayServer.Client/BTCPayServer.Client.csproj

@@ -0,0 +1,12 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>netstandard2.1</TargetFramework>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <PackageReference Include="NBitcoin" Version="5.0.34" />
+      <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
+    </ItemGroup>
+
+</Project>

BTCPayServer.Client/BTCPayServerClient.APIKeys.cs

@@ -0,0 +1,39 @@
+using System;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Client.Models;
+
+namespace BTCPayServer.Client
+{
+    public partial class BTCPayServerClient
+    {
+        public virtual async Task<ApiKeyData> GetCurrentAPIKeyInfo(CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/api-keys/current"), token);
+            return await HandleResponse<ApiKeyData>(response);
+        }
+
+        public virtual async Task<ApiKeyData> CreateAPIKey(CreateApiKeyRequest request, CancellationToken token = default)
+        {
+            if (request == null)
+                throw new ArgumentNullException(nameof(request));
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/api-keys", bodyPayload: request, method: HttpMethod.Post), token);
+            return await HandleResponse<ApiKeyData>(response);
+        }
+
+        public virtual async Task RevokeCurrentAPIKeyInfo(CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/api-keys/current", null, HttpMethod.Delete), token);
+            HandleResponse(response);
+        }
+
+        public virtual async Task RevokeAPIKey(string apikey, CancellationToken token = default)
+        {
+            if (apikey == null)
+                throw new ArgumentNullException(nameof(apikey));
+            var response = await _httpClient.SendAsync(CreateHttpRequest($"api/v1/api-keys/{apikey}", null, HttpMethod.Delete), token);
+            HandleResponse(response);
+        }
+    }
+}

BTCPayServer.Client/BTCPayServerClient.Authorization.cs

@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+
+namespace BTCPayServer.Client
+{
+    public partial class BTCPayServerClient
+    {
+    
+        public static Uri GenerateAuthorizeUri(Uri btcpayHost, string[] permissions, bool strict = true,
+            bool selectiveStores = false)
+        {
+            var result = new UriBuilder(btcpayHost);
+            result.Path = "api-keys/authorize";
+
+            AppendPayloadToQuery(result,
+                new Dictionary<string, object>()
+                {
+                    {"strict", strict}, {"selectiveStores", selectiveStores}, {"permissions", permissions}
+                });
+
+            return result.Uri;
+        }
+    }
+}

BTCPayServer.Client/BTCPayServerClient.Health.cs

@@ -0,0 +1,16 @@
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Client.Models;
+
+namespace BTCPayServer.Client
+{
+    public partial class BTCPayServerClient
+    {
+        public virtual async Task<ApiHealthData> GetHealth(CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/health"), token);
+            return await HandleResponse<ApiHealthData>(response);
+        }
+    }
+}

BTCPayServer.Client/BTCPayServerClient.Stores.cs

@@ -0,0 +1,51 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Client.Models;
+
+namespace BTCPayServer.Client
+{
+    public partial class BTCPayServerClient
+    {
+        public virtual async Task<IEnumerable<StoreData>> GetStores(CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/stores"), token);
+            return await HandleResponse<IEnumerable<StoreData>>(response);
+        }
+
+        public virtual async Task<StoreData> GetStore(string storeId, CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(
+                CreateHttpRequest($"api/v1/stores/{storeId}"), token);
+            return await HandleResponse<StoreData>(response);
+        }
+        
+        public virtual async Task RemoveStore(string storeId, CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(
+                CreateHttpRequest($"api/v1/stores/{storeId}", method: HttpMethod.Delete), token);
+            HandleResponse(response);
+        }
+        
+        public virtual async Task<StoreData> CreateStore(CreateStoreRequest request, CancellationToken token = default)
+        {
+            if (request == null)
+                throw new ArgumentNullException(nameof(request));
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/stores", bodyPayload: request, method: HttpMethod.Post), token);
+            return await HandleResponse<StoreData>(response);
+        }
+        
+        public virtual async Task<StoreData> UpdateStore(string storeId, UpdateStoreRequest request, CancellationToken token = default)
+        {
+            if (request == null)
+                throw new ArgumentNullException(nameof(request));
+            if (storeId == null)
+                throw new ArgumentNullException(nameof(storeId));
+            var response = await _httpClient.SendAsync(CreateHttpRequest($"api/v1/stores/{storeId}", bodyPayload: request, method: HttpMethod.Put), token);
+            return await HandleResponse<StoreData>(response);
+        }
+
+    }
+}

BTCPayServer.Client/BTCPayServerClient.Users.cs

@@ -0,0 +1,23 @@
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Client.Models;
+
+namespace BTCPayServer.Client
+{
+    public partial class BTCPayServerClient
+    {
+        public virtual async Task<ApplicationUserData> GetCurrentUser(CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/users/me"), token);
+            return await HandleResponse<ApplicationUserData>(response);
+        }
+
+        public virtual async Task<ApplicationUserData> CreateUser(CreateApplicationUserRequest request,
+            CancellationToken token = default)
+        {
+            var response = await _httpClient.SendAsync(CreateHttpRequest("api/v1/users", null, request, HttpMethod.Post), token);
+            return await HandleResponse<ApplicationUserData>(response);
+        }
+    }
+}

BTCPayServer.Client/BTCPayServerClient.cs

@@ -0,0 +1,117 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace BTCPayServer.Client
+{
+    public partial class BTCPayServerClient
+    {
+        private readonly string _apiKey;
+        private readonly Uri _btcpayHost;
+        private readonly string _username;
+        private readonly string _password;
+        private readonly HttpClient _httpClient;
+
+        public string APIKey => _apiKey;
+
+        public BTCPayServerClient(Uri btcpayHost, HttpClient httpClient = null)
+        {
+            if (btcpayHost == null)
+                throw new ArgumentNullException(nameof(btcpayHost));
+            _btcpayHost = btcpayHost;
+            _httpClient = httpClient ?? new HttpClient();
+        }
+        public BTCPayServerClient(Uri btcpayHost, string APIKey, HttpClient httpClient = null)
+        {
+            _apiKey = APIKey;
+            _btcpayHost = btcpayHost;
+            _httpClient = httpClient ?? new HttpClient();
+        }
+        
+        public BTCPayServerClient(Uri btcpayHost, string username, string password, HttpClient httpClient = null)
+        {
+            _apiKey = APIKey;
+            _btcpayHost = btcpayHost;
+            _username = username;
+            _password = password;
+            _httpClient = httpClient ?? new HttpClient();
+        }
+
+        protected void HandleResponse(HttpResponseMessage message)
+        {
+            message.EnsureSuccessStatusCode();
+        }
+
+        protected async Task<T> HandleResponse<T>(HttpResponseMessage message)
+        {
+            HandleResponse(message);
+            return JsonConvert.DeserializeObject<T>(await message.Content.ReadAsStringAsync());
+        }
+
+        protected virtual HttpRequestMessage CreateHttpRequest(string path,
+            Dictionary<string, object> queryPayload = null,
+            HttpMethod method = null)
+        {
+            UriBuilder uriBuilder = new UriBuilder(_btcpayHost) {Path = path};
+            if (queryPayload != null && queryPayload.Any())
+            {
+                AppendPayloadToQuery(uriBuilder, queryPayload);
+            }
+
+            var httpRequest = new HttpRequestMessage(method ?? HttpMethod.Get, uriBuilder.Uri);
+            if (_apiKey != null)
+                httpRequest.Headers.Authorization = new AuthenticationHeaderValue("token", _apiKey);
+            else if (!string.IsNullOrEmpty(_username))
+            {
+                httpRequest.Headers.Authorization = new AuthenticationHeaderValue("Basic", System.Convert.ToBase64String(Encoding.ASCII.GetBytes(_username + ":" + _password)));
+            }
+
+
+            return httpRequest;
+        }
+
+        protected virtual HttpRequestMessage CreateHttpRequest<T>(string path,
+            Dictionary<string, object> queryPayload = null,
+            T bodyPayload = default, HttpMethod method = null)
+        {
+            var request = CreateHttpRequest(path, queryPayload, method);
+            if (typeof(T).IsPrimitive || !EqualityComparer<T>.Default.Equals(bodyPayload, default(T)))
+            {
+                request.Content = new StringContent(JsonConvert.SerializeObject(bodyPayload), Encoding.UTF8, "application/json");
+            }
+
+            return request;
+        }
+
+        private static void AppendPayloadToQuery(UriBuilder uri, Dictionary<string, object> payload)
+        {
+            if (uri.Query.Length > 1)
+                uri.Query += "&";
+            foreach (KeyValuePair<string, object> keyValuePair in payload)
+            {
+                UriBuilder uriBuilder = uri;
+                if (!(keyValuePair.Value is string) && keyValuePair.Value.GetType().GetInterfaces().Contains((typeof(IEnumerable))))
+                {
+                    foreach (var item in (IEnumerable)keyValuePair.Value)
+                    {
+                        uriBuilder.Query = uriBuilder.Query + Uri.EscapeDataString(keyValuePair.Key) + "=" +
+                                           Uri.EscapeDataString(item.ToString()) + "&";
+                    }
+                }
+                else
+                {
+                    uriBuilder.Query = uriBuilder.Query + Uri.EscapeDataString(keyValuePair.Key) + "=" +
+                                       Uri.EscapeDataString(keyValuePair.Value.ToString()) + "&";
+                }
+            }
+
+            uri.Query = uri.Query.Trim('&');
+        }
+    }
+}

BTCPayServer.Client/JsonConverters/PermissionJsonConverter.cs

@@ -0,0 +1,34 @@
+using System;
+using System.Reflection;
+using System.Collections.Generic;
+using System.Text;
+using Newtonsoft.Json;
+using NBitcoin.JsonConverters;
+
+namespace BTCPayServer.Client.JsonConverters
+{
+    public class PermissionJsonConverter : JsonConverter
+    {
+        public override bool CanConvert(Type objectType)
+        {
+            return typeof(Permission).GetTypeInfo().IsAssignableFrom(objectType.GetTypeInfo());
+        }
+
+        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        {
+            if (reader.TokenType == JsonToken.Null)
+                return null;
+            if (reader.TokenType != JsonToken.String)
+                throw new JsonObjectException("Type 'Permission' is expected to be a 'String'", reader);
+            if (reader.Value is String s && Permission.TryParse(s, out var permission))
+                return permission;
+            throw new JsonObjectException("Invalid 'Permission' String", reader);
+        }
+
+        public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
+        {
+            if (value is Permission v)
+                writer.WriteValue(v.ToString());
+        }
+    }
+}

BTCPayServer.Client/Models/ApiHealthData.cs

@@ -0,0 +1,7 @@
+namespace BTCPayServer.Client.Models
+{
+    public class ApiHealthData
+    {
+        public bool Synchronized { get; set; }
+    }
+}

BTCPayServer.Client/Models/ApiKeyData.cs

@@ -0,0 +1,14 @@
+using BTCPayServer.Client.JsonConverters;
+using Newtonsoft.Json;
+
+namespace BTCPayServer.Client.Models
+{
+    public class ApiKeyData
+    {
+        public string ApiKey { get; set; }
+        public string Label { get; set; }
+
+        [JsonProperty(ItemConverterType = typeof(PermissionJsonConverter))]
+        public Permission[] Permissions { get; set; }
+    }
+}

BTCPayServer.Client/Models/ApplicationUserData.cs

@@ -0,0 +1,25 @@
+namespace BTCPayServer.Client.Models
+{
+    public class ApplicationUserData
+    {
+        /// <summary>
+        /// the id of the user
+        /// </summary>
+        public string Id { get; set; }
+
+        /// <summary>
+        /// the email AND username of the user
+        /// </summary>
+        public string Email { get; set; }
+
+        /// <summary>
+        /// Whether the user has verified their email
+        /// </summary>
+        public bool EmailConfirmed { get; set; }
+
+        /// <summary>
+        /// whether the user needed to verify their email on account creation
+        /// </summary>
+        public bool RequiresEmailConfirmation { get; set; }
+    }
+}

BTCPayServer.Client/Models/CreateApiKeyRequest.cs

@@ -0,0 +1,13 @@
+using BTCPayServer.Client.JsonConverters;
+using Newtonsoft.Json;
+
+namespace BTCPayServer.Client.Models
+{
+    public class CreateApiKeyRequest
+    {
+        public string Label { get; set; }
+
+        [JsonProperty(ItemConverterType = typeof(PermissionJsonConverter))]
+        public Permission[] Permissions { get; set; }
+    }
+}

BTCPayServer.Client/Models/CreateApplicationUserRequest.cs

@@ -0,0 +1,20 @@
+namespace BTCPayServer.Client.Models
+{
+    public class CreateApplicationUserRequest
+    {
+        /// <summary>
+        /// the email AND username of the new user
+        /// </summary>
+        public string Email { get; set; }
+
+        /// <summary>
+        /// password of the new user
+        /// </summary>
+        public string Password { get; set; }
+
+        /// <summary>
+        /// Whether this user is an administrator. If left null and there are no admins in the system, the user will be created as an admin.
+        /// </summary>
+        public bool? IsAdministrator { get; set; }
+    }
+}

BTCPayServer.Client/Models/CreateStoreRequest.cs

@@ -0,0 +1,6 @@
+namespace BTCPayServer.Client.Models
+{
+    public class CreateStoreRequest : StoreBaseData
+    {
+    }
+}

BTCPayServer.Client/Models/StoreBaseData.cs

@@ -0,0 +1,10 @@
+namespace BTCPayServer.Client.Models
+{
+    public abstract class StoreBaseData
+    {
+        /// <summary>
+        /// the name of the store
+        /// </summary>
+        public string Name { get; set; }
+    }
+}

BTCPayServer.Client/Models/StoreData.cs

@@ -0,0 +1,10 @@
+namespace BTCPayServer.Client.Models
+{
+    public class StoreData : StoreBaseData
+    {
+        /// <summary>
+        /// the id of the store
+        /// </summary>
+        public string Id { get; set; }
+    }
+}

BTCPayServer.Client/Models/UpdateStoreRequest.cs

@@ -0,0 +1,6 @@
+namespace BTCPayServer.Client.Models
+{
+    public class UpdateStoreRequest : StoreBaseData
+    {
+    }
+}

BTCPayServer.Client/Permissions.cs

@@ -0,0 +1,185 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace BTCPayServer.Client
+{
+    public class Policies
+    {
+        public const string CanModifyServerSettings = "btcpay.server.canmodifyserversettings";
+        public const string CanModifyStoreSettings = "btcpay.store.canmodifystoresettings";
+        public const string CanViewStoreSettings = "btcpay.store.canviewstoresettings";
+        public const string CanCreateInvoice = "btcpay.store.cancreateinvoice";
+        public const string CanModifyProfile = "btcpay.user.canmodifyprofile";
+        public const string CanViewProfile = "btcpay.user.canviewprofile";
+        public const string CanCreateUser = "btcpay.server.cancreateuser";
+        public const string Unrestricted = "unrestricted";
+        public static IEnumerable<string> AllPolicies
+        {
+            get
+            {
+                yield return CanCreateInvoice;
+                yield return CanModifyServerSettings;
+                yield return CanModifyStoreSettings;
+                yield return CanViewStoreSettings;
+                yield return CanModifyProfile;
+                yield return CanViewProfile;
+                yield return CanCreateUser;
+                yield return Unrestricted;
+            }
+        }
+        public static bool IsValidPolicy(string policy)
+        {
+            return AllPolicies.Any(p => p.Equals(policy, StringComparison.OrdinalIgnoreCase));
+        }
+
+        public static bool IsStorePolicy(string policy)
+        {
+            return policy.StartsWith("btcpay.store", StringComparison.OrdinalIgnoreCase);
+        }
+        
+        public static bool IsServerPolicy(string policy)
+        {
+            return policy.StartsWith("btcpay.server", StringComparison.OrdinalIgnoreCase);
+        }
+    }
+    public class Permission
+    {
+        public static Permission Create(string policy, string storeId = null)
+        {
+            if (TryCreatePermission(policy, storeId, out var r))
+                return r;
+            throw new ArgumentException("Invalid Permission");
+        }
+
+        public static bool TryCreatePermission(string policy, string storeId, out Permission permission)
+        {
+            permission = null;
+            if (policy == null)
+                throw new ArgumentNullException(nameof(policy));
+            policy = policy.Trim().ToLowerInvariant();
+            if (!Policies.IsValidPolicy(policy))
+                return false;
+            if (storeId != null && !Policies.IsStorePolicy(policy))
+                return false;
+            permission = new Permission(policy, storeId);
+            return true;
+        }
+
+        public static bool TryParse(string str, out Permission permission)
+        {
+            permission = null;
+            if (str == null)
+                throw new ArgumentNullException(nameof(str));
+            str = str.Trim();
+            var separator = str.IndexOf(':');
+            if (separator == -1)
+            {
+                str = str.ToLowerInvariant();
+                if (!Policies.IsValidPolicy(str))
+                    return false;
+                permission = new Permission(str, null);
+                return true;
+            }
+            else
+            {
+                var policy = str.Substring(0, separator).ToLowerInvariant();
+                if (!Policies.IsValidPolicy(policy))
+                    return false;
+                if (!Policies.IsStorePolicy(policy))
+                    return false;
+                var storeId = str.Substring(separator + 1);
+                if (storeId.Length == 0)
+                    return false;
+                permission = new Permission(policy, storeId);
+                return true;
+            }
+        }
+
+        
+
+        internal Permission(string policy, string storeId)
+        {
+            Policy = policy;
+            StoreId = storeId;
+        }
+
+        public bool Contains(Permission subpermission)
+        {
+            if (subpermission is null)
+                throw new ArgumentNullException(nameof(subpermission));
+
+            if (!ContainsPolicy(subpermission.Policy))
+            {
+                return false;
+            }
+            if (!Policies.IsStorePolicy(subpermission.Policy))
+                return true;
+            return StoreId == null || subpermission.StoreId == this.StoreId;
+        }
+
+        public static IEnumerable<Permission> ToPermissions(string[] permissions)
+        {
+            if (permissions == null)
+                throw new ArgumentNullException(nameof(permissions));
+            foreach (var p in permissions)
+            {
+                if (TryParse(p, out var pp))
+                    yield return pp;
+            }
+        }
+
+        private bool ContainsPolicy(string subpolicy)
+        {
+            if (this.Policy == Policies.Unrestricted)
+                return true;
+            if (this.Policy == subpolicy)
+                return true;
+            if (subpolicy == Policies.CanViewStoreSettings && this.Policy == Policies.CanModifyStoreSettings)
+                return true;
+            if (subpolicy == Policies.CanCreateInvoice && this.Policy == Policies.CanModifyStoreSettings)
+                return true;
+            if (subpolicy == Policies.CanViewProfile && this.Policy == Policies.CanModifyProfile)
+                return true;
+            return false;
+        }
+
+        public string StoreId { get; }
+        public string Policy { get; }
+
+        public override string ToString()
+        {
+            if (StoreId != null)
+            {
+                return $"{Policy}:{StoreId}";
+            }
+            return Policy;
+        }
+
+        public override bool Equals(object obj)
+        {
+            Permission item = obj as Permission;
+            if (item == null)
+                return false;
+            return ToString().Equals(item.ToString());
+        }
+        public static bool operator ==(Permission a, Permission b)
+        {
+            if (System.Object.ReferenceEquals(a, b))
+                return true;
+            if (((object)a == null) || ((object)b == null))
+                return false;
+            return a.ToString() == b.ToString();
+        }
+
+        public static bool operator !=(Permission a, Permission b)
+        {
+            return !(a == b);
+        }
+
+        public override int GetHashCode()
+        {
+            return ToString().GetHashCode();
+        }
+    }
+}

BTCPayServer.Common/Altcoins/BTCPayNetworkProvider.Bitcoin.cs

@@ -24,6 +24,7 @@ namespace BTCPayServer
                 DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
                 CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("0'") : new KeyPath("1'"),
                 SupportRBF = true,
+                SupportPayJoin = true,
                 //https://github.com/spesmilo/electrum/blob/11733d6bc271646a00b69ff07657119598874da4/electrum/constants.py
                 ElectrumMapping = NetworkType == NetworkType.Mainnet
                     ? new Dictionary<uint, DerivationType>()

BTCPayServer.Common/Altcoins/BTCPayNetworkProvider.Groestlcoin.cs

@@ -28,7 +28,9 @@ namespace BTCPayServer
                 CryptoImagePath = "imlegacy/groestlcoin.png",
                 LightningImagePath = "imlegacy/groestlcoin-lightning.svg",
                 DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
-                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("17'") : new KeyPath("1'")
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("17'") : new KeyPath("1'"),
+                SupportRBF = true,
+                SupportPayJoin = true
             });
         }
     }

BTCPayServer.Common/Altcoins/Liquid/BTCPayNetworkProvider.LiquidAssets.cs

@@ -26,7 +26,8 @@ namespace BTCPayServer
                 CryptoImagePath = "imlegacy/liquid-tether.svg",
                 DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
                 CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("1776'") : new KeyPath("1'"),
-                SupportRBF = true
+                SupportRBF = true,
+                SupportLightning = false
             });
             
             Add(new ElementsBTCPayNetwork()
@@ -49,7 +50,31 @@ namespace BTCPayServer
                 CryptoImagePath = "imlegacy/etb.png",
                 DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
                 CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("1776'") : new KeyPath("1'"),
-                SupportRBF = true
+                SupportRBF = true,
+                SupportLightning = false
+            });
+            
+              Add(new ElementsBTCPayNetwork()
+            {
+                CryptoCode = "LCAD",
+                NetworkCryptoCode = "LBTC",
+                ShowSyncSummary = false,
+                DefaultRateRules = new[]
+                {
+                    "LCAD_CAD = 1",
+                    "LCAD_X = CAD_BTC * BTC_X",
+                    "LCAD_BTC = bylls(CAD_BTC)",
+                },
+                AssetId = new uint256("0e99c1a6da379d1f4151fb9df90449d40d0608f6cb33a5bcbfc8c265f42bab0a"),
+                DisplayName = "Liquid CAD",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://blockstream.info/liquid/tx/{0}" : "https://blockstream.info/testnet/liquid/tx/{0}",
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "liquidnetwork",
+                CryptoImagePath = "imlegacy/lcad.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("1776'") : new KeyPath("1'"),
+                SupportRBF = true,
+                SupportLightning = false
             });
         }
     }

BTCPayServer.Common/Altcoins/Liquid/ElementsLikeBtcPayNetwork.cs

@@ -23,9 +23,38 @@ namespace BTCPayServer
             });
         }
 
+        public override GetTransactionsResponse FilterValidTransactions(GetTransactionsResponse response)
+        {
+            TransactionInformationSet Filter(TransactionInformationSet transactionInformationSet)
+            {
+                return new TransactionInformationSet()
+                {
+                    Transactions =
+                        transactionInformationSet.Transactions.FindAll(information =>
+                            information.Outputs.Any(output =>
+                                output.Value is AssetMoney assetMoney && assetMoney.AssetId == AssetId) ||
+                            information.Inputs.Any(output =>
+                                output.Value is AssetMoney assetMoney && assetMoney.AssetId == AssetId))
+                };
+            }
+
+            return new GetTransactionsResponse()
+            {
+                Height = response.Height,
+                ConfirmedTransactions = Filter(response.ConfirmedTransactions),
+                ReplacedTransactions = Filter(response.ReplacedTransactions),
+                UnconfirmedTransactions = Filter(response.UnconfirmedTransactions)
+            };
+        }
+
+
         public override string GenerateBIP21(string cryptoInfoAddress, Money cryptoInfoDue)
         {
-            return $"{base.GenerateBIP21(cryptoInfoAddress, cryptoInfoDue)}&assetid={AssetId}";
+            //precision 0: 10 = 0.00000010
+            //precision 2: 10 = 0.00001000
+            //precision 8: 10 = 10
+            var money = new Money(cryptoInfoDue.ToDecimal(MoneyUnit.BTC) / decimal.Parse("1".PadRight(1 + 8 - Divisibility, '0')), MoneyUnit.BTC);
+            return $"{base.GenerateBIP21(cryptoInfoAddress, money)}&assetid={AssetId}";
         }
     }
 }

BTCPayServer.Common/Altcoins/Monero/RPC/Models/GetTransferByTransactionIdResponse.cs

@@ -14,7 +14,6 @@ namespace BTCPayServer.Services.Altcoins.Monero.RPC.Models
             [JsonProperty("amount")] public long Amount { get; set; }
             [JsonProperty("confirmations")] public long Confirmations { get; set; }
             [JsonProperty("double_spend_seen")] public bool DoubleSpendSeen { get; set; }
-            [JsonProperty("fee")] public long Fee { get; set; }
             [JsonProperty("height")] public long Height { get; set; }
             [JsonProperty("note")] public string Note { get; set; }
             [JsonProperty("payment_id")] public string PaymentId { get; set; }

BTCPayServer.Common/Altcoins/Monero/RPC/Models/GetTransfersResponse.cs

@@ -18,7 +18,6 @@ namespace BTCPayServer.Services.Altcoins.Monero.RPC.Models
             [JsonProperty("amount")] public long Amount { get; set; }
             [JsonProperty("confirmations")] public long Confirmations { get; set; }
             [JsonProperty("double_spend_seen")] public bool DoubleSpendSeen { get; set; }
-            [JsonProperty("fee")] public long Fee { get; set; }
             [JsonProperty("height")] public long Height { get; set; }
             [JsonProperty("note")] public string Note { get; set; }
             [JsonProperty("payment_id")] public string PaymentId { get; set; }

BTCPayServer.Common/BTCPayNetwork.cs

@@ -61,6 +61,9 @@ namespace BTCPayServer
         
         public int MaxTrackedConfirmation { get; internal set; } = 6;
         public string UriScheme { get; internal set; }
+        public bool SupportPayJoin { get; set; } = false;
+        public bool SupportLightning { get; set; } = true;
+
         public KeyPath GetRootKeyPath(DerivationType type)
         {
             KeyPath baseKey;
@@ -117,6 +120,11 @@ namespace BTCPayServer
         {
             return $"{UriScheme}:{cryptoInfoAddress}?amount={cryptoInfoDue.ToString(false, true)}";
         }
+
+        public virtual GetTransactionsResponse FilterValidTransactions(GetTransactionsResponse response)
+        {
+            return response;
+        }
     }
 
     public abstract class BTCPayNetworkBase

BTCPayServer.Common/BTCPayServer.Common.csproj

@@ -4,6 +4,6 @@
 
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
-    <PackageReference Include="NBXplorer.Client" Version="3.0.2" />
+    <PackageReference Include="NBXplorer.Client" Version="3.0.10" />
   </ItemGroup>
 </Project>

BTCPayServer.Data/BTCPayServer.Data.csproj

@@ -5,9 +5,8 @@
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.1" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="3.1.1" />
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="3.1.0" />
-    <PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="3.1.0" />
-    <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="3.0.0-alpha1.20058.15" />
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="3.1.1.2" />
+    <PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="3.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.1" />
   </ItemGroup>
 </Project>

BTCPayServer.Data/Data/APIKeyData.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Collections.Generic;
+using System.Collections.Immutable;
 using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
 using System.Linq;
 using System.Threading.Tasks;
 
@@ -11,15 +13,31 @@ namespace BTCPayServer.Data
         [MaxLength(50)]
         public string Id
         {
-            get; set;
+            get;
+            set;
         }
 
-        [MaxLength(50)]
-        public string StoreId
-        {
-            get; set;
-        }
+        [MaxLength(50)] public string StoreId { get; set; }
 
+        [MaxLength(50)] public string UserId { get; set; }
+
+        public APIKeyType Type { get; set; } = APIKeyType.Legacy;
+        
+        public byte[] Blob { get; set; }
         public StoreData StoreData { get; set; }
+        public ApplicationUser User { get; set; }
+        public string Label { get; set; }
+    }
+
+    public class APIKeyBlob
+    {
+        public string[] Permissions { get; set; }
+        
+    }
+
+    public enum APIKeyType
+    {
+        Legacy,
+        Permanent
     }
 }

BTCPayServer.Data/Data/AppData.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;

BTCPayServer.Data/Data/ApplicationDbContext.cs

@@ -4,7 +4,6 @@ using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Design;
 using Microsoft.EntityFrameworkCore.Infrastructure;
-using OpenIddict.EntityFrameworkCore.Models;
 
 namespace BTCPayServer.Data
 {
@@ -36,6 +35,9 @@ namespace BTCPayServer.Data
             get; set;
         }
 
+        public DbSet<PlannedTransaction> PlannedTransactions { get; set; }
+        public DbSet<PayjoinLock> PayjoinLocks { get; set; }
+
         public DbSet<AppData> Apps
         {
             get; set;
@@ -46,6 +48,8 @@ namespace BTCPayServer.Data
             get; set;
         }
 
+        public DbSet<OffchainTransactionData> OffchainTransactions { get; set; }
+
         public DbSet<HistoricalAddressInvoiceData> HistoricalAddressInvoices
         {
             get; set;
@@ -160,6 +164,12 @@ namespace BTCPayServer.Data
                    .HasOne(o => o.StoreData)
                    .WithMany(i => i.APIKeys)
                    .HasForeignKey(i => i.StoreId).OnDelete(DeleteBehavior.Cascade);
+            
+            builder.Entity<APIKeyData>()
+                .HasOne(o => o.User)
+                .WithMany(i => i.APIKeys)
+                .HasForeignKey(i => i.UserId).OnDelete(DeleteBehavior.Cascade);
+            
             builder.Entity<APIKeyData>()
                 .HasIndex(o => o.StoreId);
 
@@ -254,9 +264,7 @@ namespace BTCPayServer.Data
             builder.Entity<WalletTransactionData>()
                 .HasOne(o => o.WalletData)
                 .WithMany(w => w.WalletTransactions).OnDelete(DeleteBehavior.Cascade);
-
-            builder.UseOpenIddict<BTCPayOpenIdClient, BTCPayOpenIdAuthorization, OpenIddictScope<string>, BTCPayOpenIdToken, string>();
-
+            
             if (Database.IsSqlite() && !_designTime)
             {
                 // SQLite does not have proper support for DateTimeOffset via Entity Framework Core, see the limitations

BTCPayServer.Data/Data/ApplicationUser.cs

@@ -20,9 +20,7 @@ namespace BTCPayServer.Data
         {
             get; set;
         }
-        
-        public List<BTCPayOpenIdClient> OpenIdClients { get; set; }
-        
+
         public List<StoredFile> StoredFiles
         {
             get;
@@ -30,5 +28,6 @@ namespace BTCPayServer.Data
         }
         
         public List<U2FDevice> U2FDevices { get; set; }
+        public List<APIKeyData> APIKeys { get; set; }
     }
 }

BTCPayServer.Data/Data/BTCPayOpenIdAuthorization.cs

@@ -1,6 +0,0 @@
-using OpenIddict.EntityFrameworkCore.Models;
-
-namespace BTCPayServer.Data
-{
-    public class BTCPayOpenIdAuthorization : OpenIddictAuthorization<string, BTCPayOpenIdClient, BTCPayOpenIdToken> { }
-}

BTCPayServer.Data/Data/BTCPayOpenIdClient.cs

@@ -1,10 +0,0 @@
-using OpenIddict.EntityFrameworkCore.Models;
-
-namespace BTCPayServer.Data
-{
-    public class BTCPayOpenIdClient: OpenIddictApplication<string, BTCPayOpenIdAuthorization, BTCPayOpenIdToken>
-    {
-        public string ApplicationUserId { get; set; }
-        public ApplicationUser ApplicationUser { get; set; }
-    }
-}

BTCPayServer.Data/Data/BTCPayOpenIdToken.cs

@@ -1,6 +0,0 @@
-using OpenIddict.EntityFrameworkCore.Models;
-
-namespace BTCPayServer.Data
-{
-    public class BTCPayOpenIdToken : OpenIddictToken<string, BTCPayOpenIdClient, BTCPayOpenIdAuthorization> { }
-}

BTCPayServer.Data/Data/OffchainTransactionData.cs

@@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace BTCPayServer.Data
+{
+    public class OffchainTransactionData
+    {
+        [Key]
+        [MaxLength(32*2)]
+        public string Id { get; set; }
+        public byte[] Blob { get; set; }
+    }
+}

BTCPayServer.Data/Data/PayjoinLock.cs

@@ -0,0 +1,16 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace BTCPayServer.Data
+{
+    /// <summary>
+    /// We represent the locks of the PayjoinRepository
+    /// with this table. (Both, our utxo we locked as part of a payjoin
+    /// and the utxo of the payer which were used to pay us)
+    /// </summary>
+    public class PayjoinLock
+    {
+        [Key]
+        [MaxLength(100)]
+        public string Id { get; set; }
+    }
+}

BTCPayServer.Data/Data/PaymentData.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;

BTCPayServer.Data/Data/PlannedTransaction.cs

@@ -0,0 +1,15 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+
+namespace BTCPayServer.Data
+{
+    public class PlannedTransaction
+    {
+        [Key]
+        [MaxLength(100)]
+        // Id in the format [cryptocode]-[txid]
+        public string Id { get; set; }
+        public DateTimeOffset BroadcastAt { get; set; }
+        public byte[] Blob { get; set; }
+    }
+}

BTCPayServer.Data/Data/StoreData.cs

@@ -1,10 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations.Schema;
-using System.Linq;
-using System.Text;
-using Newtonsoft.Json.Linq;
-using System.Security.Claims;
 
 namespace BTCPayServer.Data
 {
@@ -15,76 +11,39 @@ namespace BTCPayServer.Data
         LowSpeed = 2,
         LowMediumSpeed = 3
     }
+
     public class StoreData
     {
-        public string Id
-        {
-            get;
-            set;
-        }
+        public string Id { get; set; }
+        public List<UserStore> UserStores { get; set; }
 
-        public List<UserStore> UserStores
-        {
-            get; set;
-        }
-        public List<AppData> Apps
-        {
-            get; set;
-        }
-        
-        public List<PaymentRequestData> PaymentRequests
-        {
-            get; set;
-        }
+        public List<AppData> Apps { get; set; }
+
+        public List<PaymentRequestData> PaymentRequests { get; set; }
 
         public List<InvoiceData> Invoices { get; set; }
 
         [Obsolete("Use GetDerivationStrategies instead")]
-        public string DerivationStrategy
-        {
-            get; set;
-        }
+        public string DerivationStrategy { get; set; }
 
         [Obsolete("Use GetDerivationStrategies instead")]
-        public string DerivationStrategies
-        {
-            get;
-            set;
-        }
+        public string DerivationStrategies { get; set; }
 
-        public string StoreName
-        {
-            get; set;
-        }
+        public string StoreName { get; set; }
 
-        public SpeedPolicy SpeedPolicy
-        {
-            get; set;
-        }
+        public SpeedPolicy SpeedPolicy { get; set; } = SpeedPolicy.MediumSpeed;
 
-        public string StoreWebsite
-        {
-            get; set;
-        }
+        public string StoreWebsite { get; set; }
 
-        public byte[] StoreCertificate
-        {
-            get; set;
-        }
+        public byte[] StoreCertificate { get; set; }
 
-        [NotMapped]
-        public string Role
-        {
-            get; set;
-        }
+        [NotMapped] public string Role { get; set; }
+
+        public byte[] StoreBlob { get; set; }
 
-        public byte[] StoreBlob
-        {
-            get;
-            set;
-        }
         [Obsolete("Use GetDefaultPaymentId instead")]
         public string DefaultCrypto { get; set; }
+
         public List<PairedSINData> PairedSINs { get; set; }
         public IEnumerable<APIKeyData> APIKeys { get; set; }
     }

BTCPayServer.Data/Data/WalletData.cs

@@ -1,7 +1,8 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.Linq;
+using System.Reflection.Emit;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json;
 
 namespace BTCPayServer.Data
@@ -16,69 +17,9 @@ namespace BTCPayServer.Data
         public byte[] Blob { get; set; }
     }
 
-    public class Label
-    {
-        public Label(string value, string color)
-        {
-            if (value == null)
-                throw new ArgumentNullException(nameof(value));
-            if (color == null)
-                throw new ArgumentNullException(nameof(color));
-            Value = value;
-            Color = color;
-        }
-
-        public string Value { get; }
-        public string Color { get; }
-
-        public override bool Equals(object obj)
-        {
-            Label item = obj as Label;
-            if (item == null)
-                return false;
-            return Value.Equals(item.Value, StringComparison.OrdinalIgnoreCase);
-        }
-        public static bool operator ==(Label a, Label b)
-        {
-            if (System.Object.ReferenceEquals(a, b))
-                return true;
-            if (((object)a == null) || ((object)b == null))
-                return false;
-            return a.Value == b.Value;
-        }
-
-        public static bool operator !=(Label a, Label b)
-        {
-            return !(a == b);
-        }
-
-        public override int GetHashCode()
-        {
-            return Value.GetHashCode(StringComparison.OrdinalIgnoreCase);
-        }
-    }
 
     public class WalletBlobInfo
     {
         public Dictionary<string, string> LabelColors { get; set; } = new Dictionary<string, string>();
-
-        public IEnumerable<Label> GetLabels(WalletTransactionInfo transactionInfo)
-        {
-            foreach (var label in transactionInfo.Labels)
-            {
-                if (LabelColors.TryGetValue(label, out var color))
-                {
-                    yield return new Label(label, color);
-                }
-            }
-        }
-
-        public IEnumerable<Label> GetLabels()
-        {
-            foreach (var kv in LabelColors)
-            {
-                yield return new Label(kv.Key, kv.Value);
-            }
-        }
     }
 }

BTCPayServer.Data/Migrations/20170913143004_Init.cs

@@ -114,8 +114,8 @@ namespace BTCPayServer.Migrations
                 name: "AspNetUserLogins",
                 columns: table => new
                 {
-                    LoginProvider = table.Column<string>(nullable: false),
-                    ProviderKey = table.Column<string>(nullable: false),
+                    LoginProvider = table.Column<string>(nullable: false, maxLength: 255),
+                    ProviderKey = table.Column<string>(nullable: false, maxLength: 255),
                     ProviderDisplayName = table.Column<string>(nullable: true),
                     UserId = table.Column<string>(nullable: false, maxLength: maxLength)
                 },
@@ -159,8 +159,8 @@ namespace BTCPayServer.Migrations
                 columns: table => new
                 {
                     UserId = table.Column<string>(nullable: false, maxLength: maxLength),
-                    LoginProvider = table.Column<string>(nullable: false),
-                    Name = table.Column<string>(nullable: false),
+                    LoginProvider = table.Column<string>(nullable: false, maxLength: 64),
+                    Name = table.Column<string>(nullable: false, maxLength: 64),
                     Value = table.Column<string>(nullable: true)
                 },
                 constraints: table =>

BTCPayServer.Data/Migrations/20171010082424_Tokens.cs

@@ -22,7 +22,7 @@ namespace BTCPayServer.Migrations
                     Label = table.Column<string>(nullable: true),
                     Name = table.Column<string>(nullable: true),
                     PairingTime = table.Column<DateTimeOffset>(nullable: false),
-                    SIN = table.Column<string>(nullable: true),
+                    SIN = table.Column<string>(nullable: true, maxLength: maxLength),
                     StoreDataId = table.Column<string>(nullable: true, maxLength: maxLength)
                 },
                 constraints: table =>

BTCPayServer.Data/Migrations/20171024163354_RenewUsedAddresses.cs

@@ -23,7 +23,7 @@ namespace BTCPayServer.Migrations
                 columns: table => new
                 {
                     InvoiceDataId = table.Column<string>(nullable: false, maxLength: maxLength),
-                    Address = table.Column<string>(nullable: false),
+                    Address = table.Column<string>(nullable: false, maxLength: this.IsMySql(migrationBuilder.ActiveProvider) ? (int?)512 : null),
                     Assigned = table.Column<DateTimeOffset>(nullable: false),
                     UnAssigned = table.Column<DateTimeOffset>(nullable: true)
                 },

BTCPayServer.Data/Migrations/20200119130108_ExtendApiKeys.cs

@@ -0,0 +1,74 @@
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BTCPayServer.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20200119130108_ExtendApiKeys")]
+    public partial class ExtendApiKeys : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "Permissions",
+                table: "ApiKeys",
+                nullable: true);
+
+            migrationBuilder.AddColumn<int>(
+                name: "Type",
+                table: "ApiKeys",
+                nullable: false,
+                defaultValue: 0);
+
+            migrationBuilder.AddColumn<string>(
+                name: "UserId",
+                table: "ApiKeys",
+                maxLength: 50,
+                nullable: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_ApiKeys_UserId",
+                table: "ApiKeys",
+                column: "UserId");
+            if (this.SupportAddForeignKey(migrationBuilder.ActiveProvider))
+            {
+                migrationBuilder.AddForeignKey(
+                    name: "FK_ApiKeys_AspNetUsers_UserId",
+                    table: "ApiKeys",
+                    column: "UserId",
+                    principalTable: "AspNetUsers",
+                    principalColumn: "Id",
+                    onDelete: ReferentialAction.Cascade);
+            }
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            if (this.SupportDropForeignKey(migrationBuilder.ActiveProvider))
+            {
+                migrationBuilder.DropForeignKey(
+                    name: "FK_ApiKeys_AspNetUsers_UserId",
+                    table: "ApiKeys");
+            }
+
+            migrationBuilder.DropIndex(
+                name: "IX_ApiKeys_UserId",
+                table: "ApiKeys");
+            if (this.SupportDropColumn(migrationBuilder.ActiveProvider))
+            {
+                migrationBuilder.DropColumn(
+                    name: "Permissions",
+                    table: "ApiKeys");
+
+                migrationBuilder.DropColumn(
+                    name: "Type",
+                    table: "ApiKeys");
+
+                migrationBuilder.DropColumn(
+                    name: "UserId",
+                    table: "ApiKeys");
+            }
+        }
+    }
+}

BTCPayServer.Data/Migrations/20200224134444_Remove_OpenIddict.cs

@@ -0,0 +1,173 @@
+using System;
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BTCPayServer.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20200224134444_Remove_OpenIddict")]
+    public partial class Remove_OpenIddict : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "OpenIddictScopes");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictTokens");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictAuthorizations");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictApplications");
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            int? maxLength = this.IsMySql(migrationBuilder.ActiveProvider) ? (int?)255 : null;
+            migrationBuilder.CreateTable(
+                name: "OpenIddictApplications",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "TEXT", nullable: false, maxLength: maxLength),
+                    ApplicationUserId = table.Column<string>(type: "TEXT", nullable: true, maxLength: maxLength),
+                    ClientId = table.Column<string>(type: "TEXT", maxLength: 100, nullable: false),
+                    ClientSecret = table.Column<string>(type: "TEXT", nullable: true),
+                    ConcurrencyToken = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
+                    ConsentType = table.Column<string>(type: "TEXT", nullable: true),
+                    DisplayName = table.Column<string>(type: "TEXT", nullable: true),
+                    Permissions = table.Column<string>(type: "TEXT", nullable: true),
+                    PostLogoutRedirectUris = table.Column<string>(type: "TEXT", nullable: true),
+                    Properties = table.Column<string>(type: "TEXT", nullable: true),
+                    RedirectUris = table.Column<string>(type: "TEXT", nullable: true),
+                    Requirements = table.Column<string>(type: "TEXT", nullable: true),
+                    Type = table.Column<string>(type: "TEXT", maxLength: 25, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictApplications", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_OpenIddictApplications_AspNetUsers_ApplicationUserId",
+                        column: x => x.ApplicationUserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Restrict);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictScopes",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "TEXT", nullable: false, maxLength: maxLength),
+                    ConcurrencyToken = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
+                    Description = table.Column<string>(type: "TEXT", nullable: true),
+                    DisplayName = table.Column<string>(type: "TEXT", nullable: true),
+                    Name = table.Column<string>(type: "TEXT", maxLength: 200, nullable: false),
+                    Properties = table.Column<string>(type: "TEXT", nullable: true),
+                    Resources = table.Column<string>(type: "TEXT", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictScopes", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictAuthorizations",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "TEXT", nullable: false, maxLength: maxLength),
+                    ApplicationId = table.Column<string>(type: "TEXT", nullable: true, maxLength: maxLength),
+                    ConcurrencyToken = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
+                    Properties = table.Column<string>(type: "TEXT", nullable: true),
+                    Scopes = table.Column<string>(type: "TEXT", nullable: true),
+                    Status = table.Column<string>(type: "TEXT", maxLength: 25, nullable: false),
+                    Subject = table.Column<string>(type: "TEXT", maxLength: 450, nullable: true),
+                    Type = table.Column<string>(type: "TEXT", maxLength: 25, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictAuthorizations", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_OpenIddictAuthorizations_OpenIddictApplications_ApplicationId",
+                        column: x => x.ApplicationId,
+                        principalTable: "OpenIddictApplications",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Restrict);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictTokens",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "TEXT", nullable: false, maxLength: maxLength),
+                    ApplicationId = table.Column<string>(type: "TEXT", nullable: true, maxLength: maxLength),
+                    AuthorizationId = table.Column<string>(type: "TEXT", nullable: true, maxLength: maxLength),
+                    ConcurrencyToken = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
+                    CreationDate = table.Column<DateTimeOffset>(type: "TEXT", nullable: true),
+                    ExpirationDate = table.Column<DateTimeOffset>(type: "TEXT", nullable: true),
+                    Payload = table.Column<string>(type: "TEXT", nullable: true),
+                    Properties = table.Column<string>(type: "TEXT", nullable: true),
+                    ReferenceId = table.Column<string>(type: "TEXT", maxLength: 100, nullable: true),
+                    Status = table.Column<string>(type: "TEXT", maxLength: 25, nullable: false),
+                    Subject = table.Column<string>(type: "TEXT", maxLength: 450, nullable: true),
+                    Type = table.Column<string>(type: "TEXT", maxLength: 25, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictTokens", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_OpenIddictTokens_OpenIddictApplications_ApplicationId",
+                        column: x => x.ApplicationId,
+                        principalTable: "OpenIddictApplications",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Restrict);
+                    table.ForeignKey(
+                        name: "FK_OpenIddictTokens_OpenIddictAuthorizations_AuthorizationId",
+                        column: x => x.AuthorizationId,
+                        principalTable: "OpenIddictAuthorizations",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Restrict);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictApplications_ApplicationUserId",
+                table: "OpenIddictApplications",
+                column: "ApplicationUserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictApplications_ClientId",
+                table: "OpenIddictApplications",
+                column: "ClientId",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictAuthorizations_ApplicationId_Status_Subject_Type",
+                table: "OpenIddictAuthorizations",
+                columns: new[] { "ApplicationId", "Status", "Subject", "Type" });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictScopes_Name",
+                table: "OpenIddictScopes",
+                column: "Name",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictTokens_AuthorizationId",
+                table: "OpenIddictTokens",
+                column: "AuthorizationId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictTokens_ReferenceId",
+                table: "OpenIddictTokens",
+                column: "ReferenceId",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictTokens_ApplicationId_Status_Subject_Type",
+                table: "OpenIddictTokens",
+                columns: new[] { "ApplicationId", "Status", "Subject", "Type" });
+        }
+    }
+}

BTCPayServer.Data/Migrations/20200225133433_AddApiKeyLabel.cs

@@ -0,0 +1,27 @@
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BTCPayServer.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20200225133433_AddApiKeyLabel")]
+    public partial class AddApiKeyLabel : Migration
+    {
+        
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "Label",
+                table: "ApiKeys",
+                nullable: true);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "Label",
+                table: "ApiKeys");
+        }
+    }
+}

BTCPayServer.Data/Migrations/20200402065615_AddApiKeyBlob.cs

@@ -0,0 +1,42 @@
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BTCPayServer.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20200402065615_AddApiKeyBlob")]
+    public partial class AddApiKeyBlob : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            if (this.SupportDropColumn(migrationBuilder.ActiveProvider))
+            {
+                migrationBuilder.DropColumn(
+                    name: "Permissions",
+                    table: "ApiKeys");
+            }
+
+            migrationBuilder.AddColumn<byte[]>(
+                name: "Blob",
+                table: "ApiKeys",
+                nullable: true);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            if (this.SupportDropColumn(migrationBuilder.ActiveProvider))
+            {
+                migrationBuilder.DropColumn(
+                    name: "Blob",
+                    table: "ApiKeys");
+            }
+
+            migrationBuilder.AddColumn<string>(
+                name: "Permissions",
+                table: "ApiKeys",
+                type: "TEXT",
+                nullable: true);
+        }
+    }
+}

BTCPayServer.Data/Migrations/20200413052418_PlannedTransactions.cs

@@ -0,0 +1,59 @@
+using System;
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BTCPayServer.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20200413052418_PlannedTransactions")]
+    public partial class PlannedTransactions : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "PlannedTransactions",
+                columns: table => new
+                {
+                    Id = table.Column<string>(maxLength: 100, nullable: false),
+                    BroadcastAt = table.Column<DateTimeOffset>(nullable: false),
+                    Blob = table.Column<byte[]>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_PlannedTransactions", x => x.Id);
+                });
+            migrationBuilder.CreateTable(
+                name: "PayjoinLocks",
+                columns: table => new
+                {
+                    Id = table.Column<string>(maxLength: 100, nullable: false),
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_PayjoinLocks", x => x.Id);
+                });
+            migrationBuilder.CreateTable(
+                name: "OffchainTransactions",
+                columns: table => new
+                {
+                    Id = table.Column<string>(maxLength: 64, nullable: false),
+                    Blob = table.Column<byte[]>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OffchainTransactions", x => x.Id);
+                });
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "PayjoinLocks");
+            migrationBuilder.DropTable(
+                name: "PlannedTransactions");
+            migrationBuilder.DropTable(
+                name: "OffchainTransactions");
+        }
+    }
+}

BTCPayServer.Data/Migrations/ApplicationDbContextModelSnapshot.cs

@@ -22,14 +22,29 @@ namespace BTCPayServer.Migrations
                         .HasColumnType("TEXT")
                         .HasMaxLength(50);
 
+                    b.Property<byte[]>("Blob")
+                        .HasColumnType("BLOB");
+
+                    b.Property<string>("Label")
+                        .HasColumnType("TEXT");
+
                     b.Property<string>("StoreId")
                         .HasColumnType("TEXT")
                         .HasMaxLength(50);
 
+                    b.Property<int>("Type")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50);
+
                     b.HasKey("Id");
 
                     b.HasIndex("StoreId");
 
+                    b.HasIndex("UserId");
+
                     b.ToTable("ApiKeys");
                 });
 
@@ -148,164 +163,6 @@ namespace BTCPayServer.Migrations
                     b.ToTable("AspNetUsers");
                 });
 
-            modelBuilder.Entity("BTCPayServer.Data.BTCPayOpenIdAuthorization", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Scopes")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Status")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(25);
-
-                    b.Property<string>("Subject")
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(450);
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictAuthorizations");
-                });
-
-            modelBuilder.Entity("BTCPayServer.Data.BTCPayOpenIdClient", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationUserId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClientId")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(100);
-
-                    b.Property<string>("ClientSecret")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("ConsentType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Permissions")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PostLogoutRedirectUris")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RedirectUris")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Requirements")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApplicationUserId");
-
-                    b.HasIndex("ClientId")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictApplications");
-                });
-
-            modelBuilder.Entity("BTCPayServer.Data.BTCPayOpenIdToken", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("AuthorizationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(50);
-
-                    b.Property<DateTimeOffset?>("CreationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTimeOffset?>("ExpirationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Payload")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ReferenceId")
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(100);
-
-                    b.Property<string>("Status")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(25);
-
-                    b.Property<string>("Subject")
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(450);
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("AuthorizationId");
-
-                    b.HasIndex("ReferenceId")
-                        .IsUnique();
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictTokens");
-                });
-
             modelBuilder.Entity("BTCPayServer.Data.HistoricalAddressInvoiceData", b =>
                 {
                     b.Property<string>("InvoiceDataId")
@@ -383,6 +240,20 @@ namespace BTCPayServer.Migrations
                     b.ToTable("InvoiceEvents");
                 });
 
+            modelBuilder.Entity("BTCPayServer.Data.OffchainTransactionData", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(64);
+
+                    b.Property<byte[]>("Blob")
+                        .HasColumnType("BLOB");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("OffchainTransactions");
+                });
+
             modelBuilder.Entity("BTCPayServer.Data.PairedSINData", b =>
                 {
                     b.Property<string>("Id")
@@ -440,6 +311,17 @@ namespace BTCPayServer.Migrations
                     b.ToTable("PairingCodes");
                 });
 
+            modelBuilder.Entity("BTCPayServer.Data.PayjoinLock", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(100);
+
+                    b.HasKey("Id");
+
+                    b.ToTable("PayjoinLocks");
+                });
+
             modelBuilder.Entity("BTCPayServer.Data.PaymentData", b =>
                 {
                     b.Property<string>("Id")
@@ -499,6 +381,23 @@ namespace BTCPayServer.Migrations
                     b.ToTable("PendingInvoices");
                 });
 
+            modelBuilder.Entity("BTCPayServer.Data.PlannedTransaction", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(100);
+
+                    b.Property<byte[]>("Blob")
+                        .HasColumnType("BLOB");
+
+                    b.Property<DateTimeOffset>("BroadcastAt")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("PlannedTransactions");
+                });
+
             modelBuilder.Entity("BTCPayServer.Data.RefundAddressesData", b =>
                 {
                     b.Property<string>("Id")
@@ -800,48 +699,17 @@ namespace BTCPayServer.Migrations
                     b.ToTable("AspNetUserTokens");
                 });
 
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope<string>", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("Description")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .IsRequired()
-                        .HasColumnType("TEXT")
-                        .HasMaxLength(200);
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Resources")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("Name")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictScopes");
-                });
-
             modelBuilder.Entity("BTCPayServer.Data.APIKeyData", b =>
                 {
                     b.HasOne("BTCPayServer.Data.StoreData", "StoreData")
                         .WithMany("APIKeys")
                         .HasForeignKey("StoreId")
                         .OnDelete(DeleteBehavior.Cascade);
+
+                    b.HasOne("BTCPayServer.Data.ApplicationUser", "User")
+                        .WithMany("APIKeys")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
                 });
 
             modelBuilder.Entity("BTCPayServer.Data.AddressInvoiceData", b =>
@@ -860,31 +728,6 @@ namespace BTCPayServer.Migrations
                         .OnDelete(DeleteBehavior.Cascade);
                 });
 
-            modelBuilder.Entity("BTCPayServer.Data.BTCPayOpenIdAuthorization", b =>
-                {
-                    b.HasOne("BTCPayServer.Data.BTCPayOpenIdClient", "Application")
-                        .WithMany("Authorizations")
-                        .HasForeignKey("ApplicationId");
-                });
-
-            modelBuilder.Entity("BTCPayServer.Data.BTCPayOpenIdClient", b =>
-                {
-                    b.HasOne("BTCPayServer.Data.ApplicationUser", "ApplicationUser")
-                        .WithMany("OpenIdClients")
-                        .HasForeignKey("ApplicationUserId");
-                });
-
-            modelBuilder.Entity("BTCPayServer.Data.BTCPayOpenIdToken", b =>
-                {
-                    b.HasOne("BTCPayServer.Data.BTCPayOpenIdClient", "Application")
-                        .WithMany("Tokens")
-                        .HasForeignKey("ApplicationId");
-
-                    b.HasOne("BTCPayServer.Data.BTCPayOpenIdAuthorization", "Authorization")
-                        .WithMany("Tokens")
-                        .HasForeignKey("AuthorizationId");
-                });
-
             modelBuilder.Entity("BTCPayServer.Data.HistoricalAddressInvoiceData", b =>
                 {
                     b.HasOne("BTCPayServer.Data.InvoiceData", "InvoiceData")

BTCPayServer.Data/MigrationsExtensions.cs

@@ -11,7 +11,10 @@ namespace BTCPayServer.Migrations
         {
             return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";
         }
-
+        public static bool SupportAddForeignKey(this Microsoft.EntityFrameworkCore.Migrations.Migration migration, string activeProvider)
+        {
+            return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";
+        }
         public static bool SupportDropForeignKey(this Microsoft.EntityFrameworkCore.Migrations.Migration migration, string activeProvider)
         {
             return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";

BTCPayServer.Rating/Providers/BackgroundFetcherRateProvider.cs

@@ -99,7 +99,7 @@ namespace BTCPayServer.Services.Rates
             {
                 LastRequested = LastRequested
             };
-            if (_Latest is LatestFetch fetch)
+            if (_Latest is LatestFetch fetch && fetch.Latest is PairRate[])
             {
                 state.LastUpdated = fetch.Updated;
                 state.Rates = fetch.Latest

BTCPayServer.Rating/Providers/BitflyerRateProvider.cs

@@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Rating;
+using Newtonsoft.Json.Linq;
+
+namespace BTCPayServer.Services.Rates
+{
+    public class BitflyerRateProvider : IRateProvider
+    {
+        private readonly HttpClient _httpClient;
+        public BitflyerRateProvider(HttpClient httpClient)
+        {
+            _httpClient = httpClient ?? new HttpClient();
+        }
+
+        public async Task<PairRate[]> GetRatesAsync(CancellationToken cancellationToken)
+        {
+            var response = await _httpClient.GetAsync("https://api.bitflyer.jp/v1/ticker", cancellationToken);
+            var jobj = await response.Content.ReadAsAsync<JObject>(cancellationToken);
+            if (jobj.Property("error_message")?.Value?.Value<string>() is string err)
+            {
+                throw new Exception($"Error from bitflyer: {err}");
+            }
+            var bid = jobj.Property("best_bid").Value.Value<decimal>();
+            var ask = jobj.Property("best_ask").Value.Value<decimal>();
+            var rates = new PairRate[1];
+            rates[0] = new PairRate(CurrencyPair.Parse(jobj.Property("product_code").Value.Value<string>()), new BidAsk(bid, ask));
+            return rates;
+        }
+    }
+}

BTCPayServer.Rating/Providers/HttpClientRequestMaker.cs

@@ -196,14 +196,8 @@ namespace BTCPayServer.Services.Rates
                     throw new APIException(text);
                 }
                 api.ProcessResponse(new InternalHttpWebResponse(webHttpResponse));
-                // local reference to handle delegate becoming null, extended discussion here:
-                // https://github.com/btcpayserver/btcpayserver/commit/00747906849f093712c3907c99404c55b3defa66#r37022103
-                var requestStateChanged = RequestStateChanged;
-                if (requestStateChanged != null)
-                {
-                    requestStateChanged(this, RequestMakerState.Finished, text);
-                    return text;
-                }
+
+                RequestStateChanged?.Invoke(this, RequestMakerState.Finished, text);
                 return text;
             }
             catch (Exception arg)

BTCPayServer.Rating/Services/RateProviderFactory.cs

@@ -77,6 +77,7 @@ namespace BTCPayServer.Services.Rates
             yield return new AvailableRateProvider("kraken", "Kraken", "https://api.kraken.com/0/public/Ticker?pair=ATOMETH,ATOMEUR,ATOMUSD,ATOMXBT,BATETH,BATEUR,BATUSD,BATXBT,BCHEUR,BCHUSD,BCHXBT,DAIEUR,DAIUSD,DAIUSDT,DASHEUR,DASHUSD,DASHXBT,EOSETH,EOSXBT,ETHCHF,ETHDAI,ETHUSDC,ETHUSDT,GNOETH,GNOXBT,ICXETH,ICXEUR,ICXUSD,ICXXBT,LINKETH,LINKEUR,LINKUSD,LINKXBT,LSKETH,LSKEUR,LSKUSD,LSKXBT,NANOETH,NANOEUR,NANOUSD,NANOXBT,OMGETH,OMGEUR,OMGUSD,OMGXBT,PAXGETH,PAXGEUR,PAXGUSD,PAXGXBT,SCETH,SCEUR,SCUSD,SCXBT,USDCEUR,USDCUSD,USDCUSDT,USDTCAD,USDTEUR,USDTGBP,USDTZUSD,WAVESETH,WAVESEUR,WAVESUSD,WAVESXBT,XBTCHF,XBTDAI,XBTUSDC,XBTUSDT,XDGEUR,XDGUSD,XETCXETH,XETCXXBT,XETCZEUR,XETCZUSD,XETHXXBT,XETHZCAD,XETHZEUR,XETHZGBP,XETHZJPY,XETHZUSD,XLTCXXBT,XLTCZEUR,XLTCZUSD,XMLNXETH,XMLNXXBT,XMLNZEUR,XMLNZUSD,XREPXETH,XREPXXBT,XREPZEUR,XXBTZCAD,XXBTZEUR,XXBTZGBP,XXBTZJPY,XXBTZUSD,XXDGXXBT,XXLMXXBT,XXMRXXBT,XXMRZEUR,XXMRZUSD,XXRPXXBT,XXRPZEUR,XXRPZUSD,XZECXXBT,XZECZEUR,XZECZUSD");
             yield return new AvailableRateProvider("bylls", "Bylls", "https://bylls.com/api/price?from_currency=BTC&to_currency=CAD");
             yield return new AvailableRateProvider("bitbank", "Bitbank", "https://public.bitbank.cc/prices");
+            yield return new AvailableRateProvider("bitflyer", "Bitflyer", "https://api.bitflyer.com/v1/ticker");
             yield return new AvailableRateProvider("bitpay", "Bitpay", "https://bitpay.com/rates");
 
             yield return new AvailableRateProvider("polispay", "PolisPay", "https://obol.polispay.com/complex/btc/polis");
@@ -100,6 +101,7 @@ namespace BTCPayServer.Services.Rates
             Providers.Add("bylls", new ByllsRateProvider(_httpClientFactory?.CreateClient("EXCHANGE_BYLLS")));
             Providers.Add("bitbank", new BitbankRateProvider(_httpClientFactory?.CreateClient("EXCHANGE_BITBANK")));
             Providers.Add("bitpay", new BitpayRateProvider(_httpClientFactory?.CreateClient("EXCHANGE_BITPAY")));
+            Providers.Add("bitflyer", new BitflyerRateProvider(_httpClientFactory?.CreateClient("EXCHANGE_BITFLYER")));
             Providers.Add("polispay", new PolisRateProvider(_httpClientFactory?.CreateClient("EXCHANGE_POLIS")));
 
 

BTCPayServer.Tests/ApiKeysTests.cs

@@ -0,0 +1,318 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Client.Models;
+using BTCPayServer.Data;
+using BTCPayServer.Security.GreenField;
+using BTCPayServer.Tests.Logging;
+using BTCPayServer.Views.Manage;
+using Newtonsoft.Json;
+using OpenQA.Selenium;
+using Xunit;
+using Xunit.Abstractions;
+using StoreData = BTCPayServer.Data.StoreData;
+
+namespace BTCPayServer.Tests
+{
+    public class ApiKeysTests
+    {
+        public const int TestTimeout = TestUtils.TestTimeout;
+
+        public const string TestApiPath = "api/test/apikey";
+        public ApiKeysTests(ITestOutputHelper helper)
+        {
+            Logs.Tester = new XUnitLog(helper) { Name = "Tests" };
+            Logs.LogProvider = new XUnitLogProvider(helper);
+        }
+
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Selenium", "Selenium")]
+        public async Task CanCreateApiKeys()
+        {
+            //there are 2 ways to create api keys:
+            //as a user through your profile
+            //as an external application requesting an api key from a user
+
+            using (var s = SeleniumTester.Create())
+            {
+                await s.StartAsync();
+                var tester = s.Server;
+
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                await user.MakeAdmin(false);
+                s.GoToLogin();
+                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
+                s.GoToProfile(ManageNavPages.APIKeys);
+                s.Driver.FindElement(By.Id("AddApiKey")).Click();
+
+                //not an admin, so this permission should not show
+                Assert.DoesNotContain("btcpay.server.canmodifyserversettings", s.Driver.PageSource);
+                await user.MakeAdmin();
+                s.Logout();
+                s.GoToLogin();
+                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
+                s.GoToProfile(ManageNavPages.APIKeys);
+                s.Driver.FindElement(By.Id("AddApiKey")).Click();
+                Assert.Contains("btcpay.server.canmodifyserversettings", s.Driver.PageSource);
+
+                //server management should show now
+                s.SetCheckbox(s, "btcpay.server.canmodifyserversettings", true);
+                s.SetCheckbox(s, "btcpay.store.canmodifystoresettings", true);
+                s.SetCheckbox(s, "btcpay.user.canviewprofile", true);
+                s.Driver.FindElement(By.Id("Generate")).Click();
+                var superApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
+
+                //this api key has access to everything
+                await TestApiAgainstAccessToken(superApiKey, tester, user, Policies.CanModifyServerSettings,Policies.CanModifyStoreSettings, Policies.CanViewProfile);
+
+
+                s.Driver.FindElement(By.Id("AddApiKey")).Click();
+                s.SetCheckbox(s, "btcpay.server.canmodifyserversettings", true);
+                s.Driver.FindElement(By.Id("Generate")).Click();
+                var serverOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
+                await TestApiAgainstAccessToken(serverOnlyApiKey, tester, user,
+                    Policies.CanModifyServerSettings);
+
+
+                s.Driver.FindElement(By.Id("AddApiKey")).Click();
+                s.SetCheckbox(s, "btcpay.store.canmodifystoresettings", true);
+                s.Driver.FindElement(By.Id("Generate")).Click();
+                var allStoreOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
+                await TestApiAgainstAccessToken(allStoreOnlyApiKey, tester, user,
+                    Policies.CanModifyStoreSettings);
+
+                s.Driver.FindElement(By.Id("AddApiKey")).Click();
+                s.Driver.FindElement(By.CssSelector("button[value='btcpay.store.canmodifystoresettings:change-store-mode']")).Click();
+                //there should be a store already by default in the dropdown
+                var dropdown = s.Driver.FindElement(By.Name("PermissionValues[2].SpecificStores[0]"));
+                var option = dropdown.FindElement(By.TagName("option"));
+                var storeId = option.GetAttribute("value");
+                option.Click();
+                s.Driver.FindElement(By.Id("Generate")).Click();
+                var selectiveStoreApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
+                await TestApiAgainstAccessToken(selectiveStoreApiKey, tester, user,
+                    Permission.Create(Policies.CanModifyStoreSettings, storeId).ToString());
+
+                s.Driver.FindElement(By.Id("AddApiKey")).Click();
+                s.Driver.FindElement(By.Id("Generate")).Click();
+                var noPermissionsApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
+                await TestApiAgainstAccessToken(noPermissionsApiKey, tester, user);
+
+                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                {
+                    await TestApiAgainstAccessToken<bool>("incorrect key", $"{TestApiPath}/me/id",
+                        tester.PayTester.HttpClient);
+                });
+
+
+                //let's test the authorized screen now
+                //options for authorize are:
+                //applicationName
+                //redirect
+                //permissions
+                //strict
+                //selectiveStores
+                var authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri,
+                    new[] { Policies.CanModifyStoreSettings, Policies.CanModifyServerSettings }).ToString();
+                s.Driver.Navigate().GoToUrl(authUrl);
+                s.Driver.PageSource.Contains("kukksappname");
+                Assert.Equal("hidden", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("type").ToLowerInvariant());
+                Assert.Equal("true", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("value").ToLowerInvariant());
+                Assert.Equal("hidden", s.Driver.FindElement(By.Id("btcpay.server.canmodifyserversettings")).GetAttribute("type").ToLowerInvariant());
+                Assert.Equal("true", s.Driver.FindElement(By.Id("btcpay.server.canmodifyserversettings")).GetAttribute("value").ToLowerInvariant());
+                Assert.DoesNotContain("change-store-mode", s.Driver.PageSource);
+                s.Driver.FindElement(By.Id("consent-yes")).Click();
+                var url = s.Driver.Url;
+                IEnumerable<KeyValuePair<string, string>> results = url.Split("?").Last().Split("&")
+                    .Select(s1 => new KeyValuePair<string, string>(s1.Split("=")[0], s1.Split("=")[1]));
+
+                var apiKeyRepo = s.Server.PayTester.GetService<APIKeyRepository>();
+
+                await TestApiAgainstAccessToken(results.Single(pair => pair.Key == "key").Value, tester, user,
+                    (await apiKeyRepo.GetKey(results.Single(pair => pair.Key == "key").Value)).GetBlob().Permissions);
+
+                authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri,
+                    new[] { Policies.CanModifyStoreSettings, Policies.CanModifyServerSettings }, false, true).ToString();
+
+                s.Driver.Navigate().GoToUrl(authUrl);
+                Assert.DoesNotContain("kukksappname", s.Driver.PageSource);
+
+                Assert.Equal("checkbox", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("type").ToLowerInvariant());
+                Assert.Equal("true", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("value").ToLowerInvariant());
+                Assert.Equal("checkbox", s.Driver.FindElement(By.Id("btcpay.server.canmodifyserversettings")).GetAttribute("type").ToLowerInvariant());
+                Assert.Equal("true", s.Driver.FindElement(By.Id("btcpay.server.canmodifyserversettings")).GetAttribute("value").ToLowerInvariant());
+
+                s.SetCheckbox(s, "btcpay.server.canmodifyserversettings", false);
+                Assert.Contains("change-store-mode", s.Driver.PageSource);
+                s.Driver.FindElement(By.Id("consent-yes")).Click();
+                url = s.Driver.Url;
+                results = url.Split("?").Last().Split("&")
+                    .Select(s1 => new KeyValuePair<string, string>(s1.Split("=")[0], s1.Split("=")[1]));
+
+                await TestApiAgainstAccessToken(results.Single(pair => pair.Key == "key").Value, tester, user,
+                    (await apiKeyRepo.GetKey(results.Single(pair => pair.Key == "key").Value)).GetBlob().Permissions);
+
+            }
+        }
+
+        async Task TestApiAgainstAccessToken(string accessToken, ServerTester tester, TestAccount testAccount,
+            params string[] expectedPermissionsArr)
+        {
+            var expectedPermissions = Permission.ToPermissions(expectedPermissionsArr).ToArray();
+            expectedPermissions ??= new Permission[0];
+            var apikeydata = await TestApiAgainstAccessToken<ApiKeyData>(accessToken, $"api/v1/api-keys/current", tester.PayTester.HttpClient);
+            var permissions = apikeydata.Permissions;
+            Assert.Equal(expectedPermissions.Length, permissions.Length);
+            foreach (var expectPermission in expectedPermissions)
+            {
+                Assert.True(permissions.Any(p => p == expectPermission), $"Missing expected permission {expectPermission}");
+            }
+
+            if (permissions.Contains(Permission.Create(Policies.CanViewProfile)))
+            {
+                var resultUser = await TestApiAgainstAccessToken<string>(accessToken, $"{TestApiPath}/me/id", tester.PayTester.HttpClient);
+                Assert.Equal(testAccount.UserId, resultUser);
+            }
+            else
+            {
+                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                {
+                    await TestApiAgainstAccessToken<string>(accessToken, $"{TestApiPath}/me/id", tester.PayTester.HttpClient);
+                });
+            }
+            //create a second user to see if any of its data gets messed upin our results.
+            var secondUser = tester.NewAccount();
+            secondUser.GrantAccess();
+
+            var canModifyAllStores = Permission.Create(Policies.CanModifyStoreSettings, null);
+            var canModifyServer = Permission.Create(Policies.CanModifyServerSettings, null);
+            var unrestricted = Permission.Create(Policies.Unrestricted, null);
+            var selectiveStorePermissions = permissions.Where(p => p.StoreId != null && p.Policy == Policies.CanModifyStoreSettings);
+            if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Any())
+            {
+                var resultStores =
+                    await TestApiAgainstAccessToken<StoreData[]>(accessToken, $"{TestApiPath}/me/stores",
+                        tester.PayTester.HttpClient);
+
+                foreach (var selectiveStorePermission in selectiveStorePermissions)
+                {
+                    Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{selectiveStorePermission.StoreId}/can-edit",
+                        tester.PayTester.HttpClient));
+
+                    Assert.Contains(resultStores,
+                        data => data.Id.Equals(selectiveStorePermission.StoreId, StringComparison.InvariantCultureIgnoreCase));
+                }
+
+                bool shouldBeAuthorized = false;
+                if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Policies.CanViewStoreSettings, testAccount.StoreId)))
+                {
+                    Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view",
+                        tester.PayTester.HttpClient));
+                    Assert.Contains(resultStores,
+                        data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase));
+                    shouldBeAuthorized = true;
+                }
+                if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Policies.CanModifyStoreSettings, testAccount.StoreId)))
+                {
+                    Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view",
+                        tester.PayTester.HttpClient));
+                    Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-edit",
+                        tester.PayTester.HttpClient));
+                    Assert.Contains(resultStores,
+                        data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase));
+                    shouldBeAuthorized = true;
+                }
+
+                if (!shouldBeAuthorized)
+                {
+                    await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                    {
+                        await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-edit",
+                        tester.PayTester.HttpClient);
+                    });
+                    await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                    {
+                        await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view",
+                        tester.PayTester.HttpClient);
+                    });
+                    Assert.DoesNotContain(resultStores,
+                        data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase));
+                }
+            }
+            else if (!permissions.Contains(unrestricted))
+            {
+
+                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                {
+                    await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-edit",
+                        tester.PayTester.HttpClient);
+                });
+            }
+            else
+            {
+                await TestApiAgainstAccessToken<bool>(accessToken,
+                    $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-edit",
+                    tester.PayTester.HttpClient);
+            }
+
+            if (!permissions.Contains(unrestricted))
+            {
+                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                {
+                    await TestApiAgainstAccessToken<bool>(accessToken, $"{TestApiPath}/me/stores/{secondUser.StoreId}/can-edit",
+                        tester.PayTester.HttpClient);
+                });
+            }
+            else
+            {
+                await TestApiAgainstAccessToken<bool>(accessToken, $"{TestApiPath}/me/stores/{secondUser.StoreId}/can-edit",
+                    tester.PayTester.HttpClient);
+            }
+
+            if (permissions.Contains(canModifyServer))
+            {
+                Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
+                    $"{TestApiPath}/me/is-admin",
+                    tester.PayTester.HttpClient));
+            }
+            else
+            {
+                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
+                {
+                    await TestApiAgainstAccessToken<bool>(accessToken,
+                        $"{TestApiPath}/me/is-admin",
+                        tester.PayTester.HttpClient);
+                });
+            }
+        }
+
+        public async Task<T> TestApiAgainstAccessToken<T>(string apikey, string url, HttpClient client)
+        {
+            var httpRequest = new HttpRequestMessage(HttpMethod.Get,
+                new Uri(client.BaseAddress, url));
+            httpRequest.Headers.Authorization = new AuthenticationHeaderValue("token", apikey);
+            var result = await client.SendAsync(httpRequest);
+            result.EnsureSuccessStatusCode();
+
+            var rawJson = await result.Content.ReadAsStringAsync();
+            if (typeof(T).IsPrimitive || typeof(T) == typeof(string))
+            {
+                return (T)Convert.ChangeType(rawJson, typeof(T));
+            }
+
+            return JsonConvert.DeserializeObject<T>(rawJson);
+        }
+    }
+}

BTCPayServer.Tests/AuthenticationTests.cs

@@ -1,427 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Net;
-using System.Threading.Tasks;
-using System.Security.Claims;
-using BTCPayServer.Tests.Logging;
-using Xunit;
-using Xunit.Abstractions;
-using System.Net.Http;
-using System.Net.Http.Headers;
-using BTCPayServer.Data;
-using Newtonsoft.Json;
-using Newtonsoft.Json.Linq;
-using OpenIddict.Abstractions;
-using OpenQA.Selenium;
-using Microsoft.AspNetCore.Identity;
-
-namespace BTCPayServer.Tests
-{
-    public class AuthenticationTests
-    {
-        public const int TestTimeout = TestUtils.TestTimeout;
-        public AuthenticationTests(ITestOutputHelper helper)
-        {
-            Logs.Tester = new XUnitLog(helper) {Name = "Tests"};
-            Logs.LogProvider = new XUnitLogProvider(helper);
-        }
-
-        [Fact(Timeout = TestTimeout)]
-        [Trait("Integration", "Integration")]
-        public async Task GetRedirectedToLoginPathOnChallenge()
-        {
-            using (var tester = ServerTester.Create())
-            {
-                await tester.StartAsync();
-                var client = tester.PayTester.HttpClient;
-                //Wallets endpoint is protected
-                var response = await client.GetAsync("wallets");
-                var urlPath = response.RequestMessage.RequestUri.ToString()
-                    .Replace(tester.PayTester.ServerUri.ToString(), "");
-                //Cookie Challenge redirects you to login page
-                Assert.StartsWith("Account/Login", urlPath, StringComparison.InvariantCultureIgnoreCase);
-
-                var queryString = response.RequestMessage.RequestUri.ParseQueryString();
-
-                Assert.NotNull(queryString["ReturnUrl"]);
-                Assert.Equal("/wallets", queryString["ReturnUrl"]);
-            }
-        }
-
-        [Fact(Timeout = TestTimeout)]
-        [Trait("Integration", "Integration")]
-        public async Task CanGetOpenIdConfiguration()
-        {
-            using (var tester = ServerTester.Create())
-            {
-                await tester.StartAsync();
-                using (var response =
-                    await tester.PayTester.HttpClient.GetAsync("/.well-known/openid-configuration"))
-                {
-                    using (var streamToReadFrom = new StreamReader(await response.Content.ReadAsStreamAsync()))
-                    {
-                        var json = await streamToReadFrom.ReadToEndAsync();
-                        Assert.NotNull(json);
-                        JObject.Parse(json); // Should do more tests but good enough
-                    }
-                }
-            }
-        }
-
-        [Fact(Timeout = TestTimeout)]
-        [Trait("Integration", "Integration")]
-        public async Task CanUseNonInteractiveFlows()
-        {
-            using (var tester = ServerTester.Create())
-            {
-                await tester.StartAsync();
-
-                var user = tester.NewAccount();
-                user.GrantAccess();
-                await user.MakeAdmin();
-                var token = await RegisterPasswordClientAndGetAccessToken(user, null, tester);
-                await TestApiAgainstAccessToken(token, tester, user);
-                token = await RegisterPasswordClientAndGetAccessToken(user, "secret", tester);
-                await TestApiAgainstAccessToken(token, tester, user);
-                token = await RegisterClientCredentialsFlowAndGetAccessToken(user, "secret", tester);
-                await TestApiAgainstAccessToken(token, tester, user);
-            }
-        }
-
-        [Fact(Timeout = TestTimeout)]
-        [Trait("Selenium", "Selenium")]
-        public async Task CanUseImplicitFlow()
-        {
-            using (var s = SeleniumTester.Create())
-            {
-                await s.StartAsync();
-                var tester = s.Server;
-
-                var user = tester.NewAccount();
-                user.GrantAccess();
-                await user.MakeAdmin();
-                var id = Guid.NewGuid().ToString();
-                var redirecturi = new Uri("http://127.0.0.1/oidc-callback");
-                var openIdClient = await user.RegisterOpenIdClient(
-                    new OpenIddictApplicationDescriptor()
-                    {
-                        ClientId = id,
-                        DisplayName = id,
-                        Permissions = {OpenIddictConstants.Permissions.GrantTypes.Implicit},
-                        RedirectUris = {redirecturi},
-                        
-                    });
-                var implicitAuthorizeUrl = new Uri(tester.PayTester.ServerUri,
-                    $"connect/authorize?response_type=token&client_id={id}&redirect_uri={redirecturi.AbsoluteUri}&scope=openid server_management store_management&nonce={Guid.NewGuid().ToString()}");
-                s.Driver.Navigate().GoToUrl(implicitAuthorizeUrl);
-                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
-                s.Driver.FindElement(By.Id("consent-yes")).Click();
-                var url = s.Driver.Url;
-                var results = url.Split("#").Last().Split("&")
-                    .ToDictionary(s1 => s1.Split("=")[0], s1 => s1.Split("=")[1]);
-                await TestApiAgainstAccessToken(results["access_token"], tester, user);
-                //in Implicit mode, you renew your token  by hitting the same endpoint but adding prompt=none. If you are still logged in on the site, you will receive a fresh token.
-                var implicitAuthorizeUrlSilentModel = new Uri($"{implicitAuthorizeUrl.OriginalString}&prompt=none");
-                s.Driver.Navigate().GoToUrl(implicitAuthorizeUrlSilentModel);
-                url = s.Driver.Url;
-                results = url.Split("#").Last().Split("&").ToDictionary(s1 => s1.Split("=")[0], s1 => s1.Split("=")[1]);
-                await TestApiAgainstAccessToken(results["access_token"], tester, user);
-
-                var stores = await TestApiAgainstAccessToken<StoreData[]>(results["access_token"],
-                    $"api/test/me/stores",
-                    tester.PayTester.HttpClient);
-                Assert.NotEmpty(stores);
-
-                Assert.True(await TestApiAgainstAccessToken<bool>(results["access_token"],
-                $"api/test/me/stores/{stores[0].Id}/can-edit",
-                tester.PayTester.HttpClient));
-
-                //we dont ask for consent after acquiring it the first time for the same scopes.
-                LogoutFlow(tester, id, s);
-                s.Driver.Navigate().GoToUrl(implicitAuthorizeUrl);
-                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
-                s.Driver.AssertElementNotFound(By.Id("consent-yes"));
-
-                // Let's asks without scopes
-                LogoutFlow(tester, id, s);
-                id = Guid.NewGuid().ToString();
-                openIdClient = await user.RegisterOpenIdClient(
-                    new OpenIddictApplicationDescriptor()
-                    {
-                        ClientId = id,
-                        DisplayName = id,
-                        Permissions = { OpenIddictConstants.Permissions.GrantTypes.Implicit },
-                        RedirectUris = { redirecturi },
-                    });
-                implicitAuthorizeUrl = new Uri(tester.PayTester.ServerUri,
-                    $"connect/authorize?response_type=token&client_id={id}&redirect_uri={redirecturi.AbsoluteUri}&scope=openid&nonce={Guid.NewGuid().ToString()}");
-                s.Driver.Navigate().GoToUrl(implicitAuthorizeUrl);
-                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
-                s.Driver.FindElement(By.Id("consent-yes")).Click();
-                results = s.Driver.Url.Split("#").Last().Split("&")
-                    .ToDictionary(s1 => s1.Split("=")[0], s1 => s1.Split("=")[1]);
-
-                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
-                {
-                    await TestApiAgainstAccessToken<StoreData[]>(results["access_token"],
-                    $"api/test/me/stores",
-                    tester.PayTester.HttpClient);
-                });
-                await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
-                {
-                    await TestApiAgainstAccessToken<bool>(results["access_token"],
-                    $"api/test/me/stores/{stores[0].Id}/can-edit",
-                    tester.PayTester.HttpClient);
-                });
-            }
-        }
-
-        void LogoutFlow(ServerTester tester, string clientId, SeleniumTester seleniumTester)
-        {
-            var logoutUrl = new Uri(tester.PayTester.ServerUri,
-                $"connect/logout?response_type=token&client_id={clientId}");
-            seleniumTester.Driver.Navigate().GoToUrl(logoutUrl);
-            seleniumTester.GoToHome();
-            Assert.Throws<NoSuchElementException>(() => seleniumTester.Driver.FindElement(By.Id("Logout")));
-            
-        }
-
-        [Fact(Timeout = TestTimeout)]
-        [Trait("Selenium", "Selenium")]
-        public async Task CanUseCodeFlow()
-        {
-            using (var s = SeleniumTester.Create())
-            {
-                await s.StartAsync();
-                var tester = s.Server;
-
-                var user = tester.NewAccount();
-                user.GrantAccess();
-                await user.MakeAdmin();
-                var id = Guid.NewGuid().ToString();
-                var redirecturi = new Uri("http://127.0.0.1/oidc-callback");
-                var secret = "secret";
-                var openIdClient = await user.RegisterOpenIdClient(
-                    new OpenIddictApplicationDescriptor()
-                    {
-                        ClientId = id,
-                        DisplayName = id,
-                        Permissions =
-                        {
-                            OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
-                            OpenIddictConstants.Permissions.GrantTypes.RefreshToken
-                        },
-                        RedirectUris = {redirecturi}
-                    }, secret);
-                var authorizeUrl = new Uri(tester.PayTester.ServerUri,
-                    $"connect/authorize?response_type=code&client_id={id}&redirect_uri={redirecturi.AbsoluteUri}&scope=openid offline_access server_management store_management&state={Guid.NewGuid().ToString()}");
-                s.Driver.Navigate().GoToUrl(authorizeUrl);
-                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
-                s.Driver.FindElement(By.Id("consent-yes")).Click();
-                var url = s.Driver.Url;
-                var results = url.Split("?").Last().Split("&")
-                    .ToDictionary(s1 => s1.Split("=")[0], s1 => s1.Split("=")[1]);
-
-                var httpClient = tester.PayTester.HttpClient;
-
-                var httpRequest = new HttpRequestMessage(HttpMethod.Post,
-                    new Uri(tester.PayTester.ServerUri, "/connect/token"))
-                {
-                    Content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>()
-                    {
-                        new KeyValuePair<string, string>("grant_type",
-                            OpenIddictConstants.GrantTypes.AuthorizationCode),
-                        new KeyValuePair<string, string>("client_id", openIdClient.ClientId),
-                        new KeyValuePair<string, string>("client_secret", secret),
-                        new KeyValuePair<string, string>("code", results["code"]),
-                        new KeyValuePair<string, string>("redirect_uri", redirecturi.AbsoluteUri)
-                    })
-                };
-
-
-                var response = await httpClient.SendAsync(httpRequest);
-
-                Assert.True(response.IsSuccessStatusCode);
-
-                string content = await response.Content.ReadAsStringAsync();
-                var result = System.Text.Json.JsonSerializer.Deserialize<OpenIddictResponse>(content);
-
-                await TestApiAgainstAccessToken(result.AccessToken, tester, user);
-
-                var refreshedAccessToken = await RefreshAnAccessToken(result.RefreshToken, httpClient, id, secret);
-
-                await TestApiAgainstAccessToken(refreshedAccessToken, tester, user);
-                
-                LogoutFlow(tester, id, s);
-                s.Driver.Navigate().GoToUrl(authorizeUrl);
-                s.Login(user.RegisterDetails.Email, user.RegisterDetails.Password);
-                
-                Assert.Throws<NoSuchElementException>(() => s.Driver.FindElement(By.Id("consent-yes")));
-                results = url.Split("?").Last().Split("&")
-                    .ToDictionary(s1 => s1.Split("=")[0], s1 => s1.Split("=")[1]);
-                Assert.True(results.ContainsKey("code"));
-            }
-        }
-
-        private static async Task<string> RefreshAnAccessToken(string refreshToken, HttpClient client, string clientId,
-            string clientSecret = null)
-        {
-            var httpRequest = new HttpRequestMessage(HttpMethod.Post,
-                new Uri(client.BaseAddress, "/connect/token"))
-            {
-                Content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>()
-                {
-                    new KeyValuePair<string, string>("grant_type",
-                        OpenIddictConstants.GrantTypes.RefreshToken),
-                    new KeyValuePair<string, string>("client_id", clientId),
-                    new KeyValuePair<string, string>("client_secret", clientSecret),
-                    new KeyValuePair<string, string>("refresh_token", refreshToken)
-                })
-            };
-
-            var response = await client.SendAsync(httpRequest);
-
-            Assert.True(response.IsSuccessStatusCode);
-
-            string content = await response.Content.ReadAsStringAsync();
-            var result = System.Text.Json.JsonSerializer.Deserialize<OpenIddictResponse>(content);
-            Assert.NotEmpty(result.AccessToken);
-            Assert.Null(result.Error);
-            return result.AccessToken;
-        }
-
-        private static async Task<string> RegisterClientCredentialsFlowAndGetAccessToken(TestAccount user,
-            string secret,
-            ServerTester tester)
-        {
-            var id = Guid.NewGuid().ToString();
-            var openIdClient = await user.RegisterOpenIdClient(
-                new OpenIddictApplicationDescriptor()
-                {
-                    ClientId = id,
-                    DisplayName = id,
-                    Permissions = {OpenIddictConstants.Permissions.GrantTypes.ClientCredentials}
-                }, secret);
-
-
-            var httpClient = tester.PayTester.HttpClient;
-
-            var httpRequest = new HttpRequestMessage(HttpMethod.Post,
-                new Uri(tester.PayTester.ServerUri, "/connect/token"))
-            {
-                Content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>()
-                {
-                    new KeyValuePair<string, string>("grant_type",
-                        OpenIddictConstants.GrantTypes.ClientCredentials),
-                    new KeyValuePair<string, string>("client_id", openIdClient.ClientId),
-                    new KeyValuePair<string, string>("client_secret", secret),
-                    new KeyValuePair<string, string>("scope", "server_management store_management")
-                })
-            };
-
-
-            var response = await httpClient.SendAsync(httpRequest);
-
-            Assert.True(response.IsSuccessStatusCode);
-
-            string content = await response.Content.ReadAsStringAsync();
-            var result = System.Text.Json.JsonSerializer.Deserialize<OpenIddictResponse>(content);
-            Assert.NotEmpty(result.AccessToken);
-            Assert.Null(result.Error);
-            return result.AccessToken;
-        }
-
-        private static async Task<string> RegisterPasswordClientAndGetAccessToken(TestAccount user, string secret,
-            ServerTester tester)
-        {
-            var id = Guid.NewGuid().ToString();
-            var openIdClient = await user.RegisterOpenIdClient(
-                new OpenIddictApplicationDescriptor()
-                {
-                    ClientId = id,
-                    DisplayName = id,
-                    Permissions = {OpenIddictConstants.Permissions.GrantTypes.Password}
-                }, secret);
-
-
-            var httpClient = tester.PayTester.HttpClient;
-
-            var httpRequest = new HttpRequestMessage(HttpMethod.Post,
-                new Uri(tester.PayTester.ServerUri, "/connect/token"))
-            {
-                Content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>()
-                {
-                    new KeyValuePair<string, string>("grant_type", OpenIddictConstants.GrantTypes.Password),
-                    new KeyValuePair<string, string>("username", user.RegisterDetails.Email),
-                    new KeyValuePair<string, string>("password", user.RegisterDetails.Password),
-                    new KeyValuePair<string, string>("client_id", openIdClient.ClientId),
-                    new KeyValuePair<string, string>("client_secret", secret),
-                    new KeyValuePair<string, string>("scope", "server_management store_management")
-                })
-            };
-
-
-            var response = await httpClient.SendAsync(httpRequest);
-
-            Assert.True(response.IsSuccessStatusCode);
-
-            string content = await response.Content.ReadAsStringAsync();
-            var result = System.Text.Json.JsonSerializer.Deserialize<OpenIddictResponse>(content);
-            Assert.NotEmpty(result.AccessToken);
-            Assert.Null(result.Error);
-            return result.AccessToken;
-        }
-
-        async Task TestApiAgainstAccessToken(string accessToken, ServerTester tester, TestAccount testAccount)
-        {
-            var resultUser =
-                await TestApiAgainstAccessToken<string>(accessToken, "api/test/me/id",
-                    tester.PayTester.HttpClient);
-            Assert.Equal(testAccount.UserId, resultUser);
-
-            var secondUser = tester.NewAccount();
-            secondUser.GrantAccess();
-
-            var resultStores =
-                await TestApiAgainstAccessToken<StoreData[]>(accessToken, "api/test/me/stores",
-                    tester.PayTester.HttpClient);
-            Assert.Contains(resultStores,
-                data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase));
-            Assert.DoesNotContain(resultStores,
-                data => data.Id.Equals(secondUser.StoreId, StringComparison.InvariantCultureIgnoreCase));
-
-            Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
-                $"api/test/me/stores/{testAccount.StoreId}/can-edit",
-                tester.PayTester.HttpClient));
-
-            Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
-                $"api/test/me/is-admin",
-                tester.PayTester.HttpClient));
-
-            await Assert.ThrowsAnyAsync<HttpRequestException>(async () =>
-            {
-                await TestApiAgainstAccessToken<bool>(accessToken, $"api/test/me/stores/{secondUser.StoreId}/can-edit",
-                    tester.PayTester.HttpClient);
-            });
-        }
-
-        public async Task<T> TestApiAgainstAccessToken<T>(string accessToken, string url, HttpClient client)
-        {
-            var httpRequest = new HttpRequestMessage(HttpMethod.Get,
-                new Uri(client.BaseAddress, url));
-            httpRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
-            var result = await client.SendAsync(httpRequest);
-            result.EnsureSuccessStatusCode();
-
-            var rawJson = await result.Content.ReadAsStringAsync();
-            if (typeof(T).IsPrimitive || typeof(T) == typeof(string))
-            {
-                return (T)Convert.ChangeType(rawJson, typeof(T));
-            }
-
-            return JsonConvert.DeserializeObject<T>(rawJson);
-        }
-    }
-}

BTCPayServer.Tests/BTCPayServer.Tests.csproj

@@ -23,9 +23,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.4.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.5.0" />
+    <PackageReference Include="Newtonsoft.Json.Schema" Version="3.0.13" />
     <PackageReference Include="Selenium.WebDriver" Version="3.141.0" />
-    <PackageReference Include="Selenium.WebDriver.ChromeDriver" Version="79.0.3945.3600" />
+    <PackageReference Include="Selenium.WebDriver.ChromeDriver" Version="80.0.3987.10600" />
     <PackageReference Include="xunit" Version="2.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
       <PrivateAssets>all</PrivateAssets>

BTCPayServer.Tests/BTCPayServerTester.cs

@@ -1,4 +1,6 @@
 using BTCPayServer.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using System.Linq;
 using BTCPayServer.HostedServices;
 using BTCPayServer.Hosting;
@@ -16,7 +18,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Controllers;
 using Microsoft.AspNetCore.Mvc.Routing;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using NBitcoin;
 using NBXplorer;
@@ -32,7 +33,6 @@ using System.Security.Claims;
 using System.Security.Principal;
 using System.Text;
 using System.Threading;
-using OpenIddict.Abstractions;
 using Xunit;
 using BTCPayServer.Services;
 using System.Net.Http;
@@ -93,10 +93,12 @@ namespace BTCPayServer.Tests
         }
 
         public bool MockRates { get; set; } = true;
+        public string SocksEndpoint { get; set; }
 
         public HashSet<string> Chains { get; set; } = new HashSet<string>(){"BTC"};
         public bool UseLightning { get; set; }
-
+        public bool AllowAdminRegistration { get; set; } = true;
+        public bool DisableRegistration { get; set; } = false;
         public async Task StartAsync()
         {
             if (!Directory.Exists(_Directory))
@@ -138,9 +140,11 @@ namespace BTCPayServer.Tests
                 config.AppendLine($"lbtc.explorer.url={LBTCNBXplorerUri.AbsoluteUri}");
                 config.AppendLine($"lbtc.explorer.cookiefile=0");
             }
-            config.AppendLine("allow-admin-registration=1");
+            if (AllowAdminRegistration)
+                config.AppendLine("allow-admin-registration=1");
            
             config.AppendLine($"torrcfile={TestUtils.GetTestDataFullPath("Tor/torrc")}");
+            config.AppendLine($"socksendpoint={SocksEndpoint}");
             config.AppendLine($"debuglog=debug.log");
 
 
@@ -162,7 +166,7 @@ namespace BTCPayServer.Tests
             HttpClient = new HttpClient();
             HttpClient.BaseAddress = ServerUri;
             Environment.SetEnvironmentVariable("ASPNETCORE_ENVIRONMENT", "Development");
-            var conf = new DefaultConfiguration() { Logger = Logs.LogProvider.CreateLogger("Console") }.CreateConfiguration(new[] { "--datadir", _Directory, "--conf", confPath, "--disable-registration", "false" });
+            var conf = new DefaultConfiguration() { Logger = Logs.LogProvider.CreateLogger("Console") }.CreateConfiguration(new[] { "--datadir", _Directory, "--conf", confPath, "--disable-registration", DisableRegistration ? "true" : "false" });
             _Host = new WebHostBuilder()
                     .UseConfiguration(conf)
                     .UseContentRoot(FindBTCPayServerDirectory())
@@ -178,6 +182,10 @@ namespace BTCPayServer.Tests
                             .AddProvider(Logs.LogProvider);
                         });
                     })
+                    .ConfigureServices(services =>
+                    {
+                        services.TryAddSingleton<IFeeProviderFactory>(new BTCPayServer.Services.Fees.FixedFeeProvider(new FeeRate(100L, 1)));
+                    })
                     .UseKestrel()
                     .UseStartup<Startup>()
                     .Build();
@@ -222,6 +230,10 @@ namespace BTCPayServer.Tests
                 var bitfinex = new MockRateProvider();
                 bitfinex.ExchangeRates.Add(new PairRate(CurrencyPair.Parse("UST_BTC"), new BidAsk(0.000136m)));
                 rateProvider.Providers.Add("bitfinex", bitfinex);
+                
+                var bitpay = new MockRateProvider();
+                bitpay.ExchangeRates.Add(new PairRate(CurrencyPair.Parse("ETB_BTC"), new BidAsk(0.1m)));
+                rateProvider.Providers.Add("bitpay", bitpay);
             }
 
 
@@ -232,23 +244,13 @@ namespace BTCPayServer.Tests
 
         private async Task WaitSiteIsOperational()
         {
+            _ = HttpClient.GetAsync("/").ConfigureAwait(false);
             using (var cts = new CancellationTokenSource(20_000))
             {
                 var synching = WaitIsFullySynched(cts.Token);
-                var accessingHomepage = WaitCanAccessHomepage(cts.Token);
-                await Task.WhenAll(synching, accessingHomepage).ConfigureAwait(false);
-            }
-        }
-
-        private async Task WaitCanAccessHomepage(CancellationToken cancellationToken)
-        {
-            while (true)
-            {
-                var resp = await HttpClient.GetAsync("/", cancellationToken).ConfigureAwait(false);
-                if (resp.StatusCode == HttpStatusCode.OK)
-                    break;
-                await Task.Delay(10, cancellationToken).ConfigureAwait(false);
+                await Task.WhenAll(synching).ConfigureAwait(false);
             }
+            // Opportunistic call to wake up view compilation in debug mode, we don't need to await.
         }
 
         private async Task WaitIsFullySynched(CancellationToken cancellationToken)
@@ -298,7 +300,7 @@ namespace BTCPayServer.Tests
             if (userId != null)
             {
                 List<Claim> claims = new List<Claim>();
-                claims.Add(new Claim(OpenIddictConstants.Claims.Subject, userId));
+                claims.Add(new Claim(ClaimTypes.NameIdentifier, userId));
                 if (isAdmin)
                     claims.Add(new Claim(ClaimTypes.Role, Roles.ServerAdmin));
                 context.User = new ClaimsPrincipal(new ClaimsIdentity(claims.ToArray(), AuthenticationSchemes.Cookie));

BTCPayServer.Tests/CheckoutUITests.cs

@@ -71,7 +71,7 @@ namespace BTCPayServer.Tests
                 }
                 catch { }
 
-                s.Driver.AssertElementNotFound(By.Id("emailAddressFormInput"));                
+                s.Driver.AssertElementNotFound(By.Id("emailAddressFormInput"));
                 s.Driver.Navigate().Refresh();
                 s.Driver.AssertElementNotFound(By.Id("emailAddressFormInput"));
             }
@@ -92,7 +92,7 @@ namespace BTCPayServer.Tests
                 s.GoToInvoiceCheckout(invoiceId);
                 Assert.True(s.Driver.FindElement(By.Id("DefaultLang")).FindElements(By.TagName("option")).Count > 1);
                 var payWithTextEnglish = s.Driver.FindElement(By.Id("pay-with-text")).Text;
-                
+
                 var prettyDropdown = s.Driver.FindElement(By.Id("prettydropdown-DefaultLang"));
                 prettyDropdown.Click();
                 await Task.Delay(200);
@@ -100,13 +100,13 @@ namespace BTCPayServer.Tests
                 await Task.Delay(1000);
                 Assert.NotEqual(payWithTextEnglish, s.Driver.FindElement(By.Id("pay-with-text")).Text);
                 s.Driver.Navigate().GoToUrl(s.Driver.Url + "?lang=da-DK");
-                
+
                 Assert.NotEqual(payWithTextEnglish, s.Driver.FindElement(By.Id("pay-with-text")).Text);
-                
+
                 s.Driver.Quit();
             }
         }
-        
+
         [Fact(Timeout = TestTimeout)]
         [Trait("Altcoins", "Altcoins")]
         [Trait("Lightning", "Lightning")]
@@ -121,7 +121,7 @@ namespace BTCPayServer.Tests
                 s.RegisterNewUser();
                 var store = s.CreateNewStore();
                 s.AddDerivationScheme("BTC");
-                
+
                 //check that there is no dropdown since only one payment method is set
                 var invoiceId = s.CreateInvoice(store.storeName, 10, "USD", "a@g.com");
                 s.GoToInvoiceCheckout(invoiceId);
@@ -129,33 +129,31 @@ namespace BTCPayServer.Tests
                 s.GoToHome();
                 s.GoToStore(store.storeId);
                 s.AddDerivationScheme("LTC");
-                s.AddLightningNode("BTC",LightningConnectionType.CLightning);
+                s.AddLightningNode("BTC", LightningConnectionType.CLightning);
                 //there should be three now
                 invoiceId = s.CreateInvoice(store.storeName, 10, "USD", "a@g.com");
                 s.GoToInvoiceCheckout(invoiceId);
-                var currencyDropdownButton =  s.Driver.FindElement(By.ClassName("payment__currencies"));
+                var currencyDropdownButton = s.Driver.WaitForElement(By.ClassName("payment__currencies"));
                 Assert.Contains("BTC", currencyDropdownButton.Text);
                 currencyDropdownButton.Click();
-                
+
                 var elements = s.Driver.FindElement(By.ClassName("vex-content")).FindElements(By.ClassName("vexmenuitem"));
                 Assert.Equal(3, elements.Count);
                 elements.Single(element => element.Text.Contains("LTC")).Click();
-                Thread.Sleep(1000);
-                currencyDropdownButton =  s.Driver.FindElement(By.ClassName("payment__currencies"));
+                currencyDropdownButton = s.Driver.WaitForElement(By.ClassName("payment__currencies"));
                 Assert.Contains("LTC", currencyDropdownButton.Text);
                 currencyDropdownButton.Click();
 
                 elements = s.Driver.FindElement(By.ClassName("vex-content")).FindElements(By.ClassName("vexmenuitem"));
                 elements.Single(element => element.Text.Contains("Lightning")).Click();
-                Thread.Sleep(1000);
-                currencyDropdownButton = s.Driver.FindElement(By.ClassName("payment__currencies"));
 
+                currencyDropdownButton = s.Driver.WaitForElement(By.ClassName("payment__currencies"));
                 Assert.Contains("Lightning", currencyDropdownButton.Text);
-                
+
                 s.Driver.Quit();
             }
         }
-        
+
         [Fact(Timeout = TestTimeout)]
         [Trait("Lightning", "Lightning")]
         public async Task CanUseLightningSatsFeature()
@@ -171,12 +169,12 @@ namespace BTCPayServer.Tests
                 s.GoToStore(store.storeId, StoreNavPages.Checkout);
                 s.SetCheckbox(s, "LightningAmountInSatoshi", true);
                 var command = s.Driver.FindElement(By.Name("command"));
-               
+
                 command.ForceClick();
                 var invoiceId = s.CreateInvoice(store.storeName, 10, "USD", "a@g.com");
                 s.GoToInvoiceCheckout(invoiceId);
                 Assert.Contains("Sats", s.Driver.FindElement(By.ClassName("payment__currencies_noborder")).Text);
-                
+
             }
         }
 
@@ -207,7 +205,8 @@ namespace BTCPayServer.Tests
                 IWebElement closebutton = null;
                 TestUtils.Eventually(() =>
                 {
-                    var iframe = s.Driver.SwitchTo().Frame("btcpay");
+                    var frameElement = s.Driver.FindElement(By.Name("btcpay"));
+                    var iframe = s.Driver.SwitchTo().Frame(frameElement);
                     closebutton = iframe.FindElement(By.ClassName("close-action"));
                     Assert.True(closebutton.Displayed);
                 });
@@ -218,4 +217,30 @@ namespace BTCPayServer.Tests
             }
         }
     }
+
+    public static class SeleniumExtensions
+    {
+        /// <summary>
+        /// Utility method to wait until timeout for element to be present (optionally displayed)
+        /// </summary>
+        /// <param name="context">Wait context</param>
+        /// <param name="by">How we search for element</param>
+        /// <param name="displayed">Flag to wait for element to be displayed or just present</param>
+        /// <param name="timeout">How long to wait for element to be present/displayed</param>
+        /// <returns>Element we were waiting for</returns>
+        public static IWebElement WaitForElement(this IWebDriver context, By by, bool displayed = true, uint timeout = 3)
+        {
+            var wait = new DefaultWait<IWebDriver>(context);
+            wait.Timeout = TimeSpan.FromSeconds(timeout);
+            wait.IgnoreExceptionTypes(typeof(NoSuchElementException));
+            return wait.Until(ctx =>
+            {
+                var elem = ctx.FindElement(by);
+                if (displayed && !elem.Displayed)
+                    return null;
+
+                return elem;
+            });
+        }
+    }
 }

BTCPayServer.Tests/ElementsTests.cs

@@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.Memory;
 using NBitcoin;
+using NBitcoin.Payment;
 using NBitcoin.RPC;
 using NBitpayClient;
 using Xunit;
@@ -36,14 +37,13 @@ namespace BTCPayServer.Tests
             {
                 tester.ActivateLBTC();
                 await tester.StartAsync();
-                await tester.EnsureChannelsSetup();
                 var user = tester.NewAccount();
                 user.GrantAccess();
                 user.RegisterDerivationScheme("LBTC");
                 user.RegisterDerivationScheme("BTC");
                 user.RegisterDerivationScheme("USDT");
                 
-                Assert.Single(Assert.IsType<ListWalletsViewModel>(Assert.IsType<ViewResult>(await user.GetController<WalletsController>().ListWallets()).Model).Wallets);
+                Assert.Equal(3, Assert.IsType<ListWalletsViewModel>(Assert.IsType<ViewResult>(await user.GetController<WalletsController>().ListWallets()).Model).Wallets.Count);
             }
         }
 
@@ -79,20 +79,28 @@ namespace BTCPayServer.Tests
                 user.GrantAccess();
                 user.RegisterDerivationScheme("LBTC");
                 user.RegisterDerivationScheme("USDT");
-                
+                user.RegisterDerivationScheme("ETB");
+                await tester.LBTCExplorerNode.GenerateAsync(4);
                 //no tether on our regtest, lets create it and set it
                 var tether = tester.NetworkProvider.GetNetwork<ElementsBTCPayNetwork>("USDT");
                 var lbtc = tester.NetworkProvider.GetNetwork<ElementsBTCPayNetwork>("LBTC");
+                var etb = tester.NetworkProvider.GetNetwork<ElementsBTCPayNetwork>("ETB");
                 var issueAssetResult = await tester.LBTCExplorerNode.SendCommandAsync("issueasset", 100000, 0);
                 tether.AssetId = uint256.Parse(issueAssetResult.Result["asset"].ToString());
                 ((ElementsBTCPayNetwork)tester.PayTester.GetService<BTCPayWalletProvider>().GetWallet("USDT").Network)
                     .AssetId = tether.AssetId;
-                Logs.Tester.LogInformation($"Asset is {tether.AssetId}");
                 Assert.Equal(tether.AssetId,  tester.NetworkProvider.GetNetwork<ElementsBTCPayNetwork>("USDT").AssetId);
                 Assert.Equal(tether.AssetId,  ((ElementsBTCPayNetwork)tester.PayTester.GetService<BTCPayWalletProvider>().GetWallet("USDT").Network).AssetId);
+                
+                var issueAssetResult2 = await tester.LBTCExplorerNode.SendCommandAsync("issueasset", 100000, 0);
+                etb.AssetId = uint256.Parse(issueAssetResult2.Result["asset"].ToString());
+                ((ElementsBTCPayNetwork)tester.PayTester.GetService<BTCPayWalletProvider>().GetWallet("ETB").Network)
+                    .AssetId = etb.AssetId;
+                
+                
                 //test: register 2 assets on the same elements network and make sure paying an invoice on one does not affect the other in any way
                 var invoice = await user.BitPay.CreateInvoiceAsync(new Invoice(0.1m, "BTC"));
-                Assert.Equal(2, invoice.SupportedTransactionCurrencies.Count);
+                Assert.Equal(3, invoice.SupportedTransactionCurrencies.Count);
                 var ci = invoice.CryptoInfo.Single(info => info.CryptoCode.Equals("LBTC"));
                 //1 lbtc = 1 btc
                 Assert.Equal(1, ci.Rate);
@@ -109,7 +117,7 @@ namespace BTCPayServer.Tests
                 invoice = await user.BitPay.CreateInvoiceAsync(new Invoice(0.1m, "BTC"));
                 
                 ci = invoice.CryptoInfo.Single(info => info.CryptoCode.Equals("USDT"));
-                Assert.Equal(2, invoice.SupportedTransactionCurrencies.Count);
+                Assert.Equal(3, invoice.SupportedTransactionCurrencies.Count);
                 star = await tester.LBTCExplorerNode.SendCommandAsync("sendtoaddress", ci.Address, ci.Due, "", "", false, true,
                     1, "UNSET", tether.AssetId);
                 
@@ -120,6 +128,14 @@ namespace BTCPayServer.Tests
                     Assert.Single(localInvoice.CryptoInfo.Single(info => info.CryptoCode.Equals("USDT", StringComparison.InvariantCultureIgnoreCase)).Payments);
                 });
 
+                //test precision based on https://github.com/ElementsProject/elements/issues/805#issuecomment-601277606
+                var etbBip21 = new BitcoinUrlBuilder(invoice.CryptoInfo.Single(info => info.CryptoCode == "ETB").PaymentUrls.BIP21.Replace(etb.UriScheme, "bitcoin"), etb.NBitcoinNetwork);
+                //precision = 2, 1ETB  = 0.00000100
+                Assert.Equal(  100,etbBip21.Amount.Satoshi); 
+                
+                var lbtcBip21 = new BitcoinUrlBuilder(invoice.CryptoInfo.Single(info => info.CryptoCode == "LBTC").PaymentUrls.BIP21.Replace(lbtc.UriScheme, "bitcoin"), lbtc.NBitcoinNetwork);
+                //precision = 8, 0.1 = 0.1
+                Assert.Equal(  0.1m,lbtcBip21.Amount.ToDecimal(MoneyUnit.BTC));
             }
         }
     }

BTCPayServer.Tests/Extensions.cs

@@ -88,6 +88,10 @@ namespace BTCPayServer.Tests
                     if (!webElement.Displayed)
                         return;
                 }
+                catch (NoSuchWindowException)
+                {
+                    return;
+                }
                 catch (NoSuchElementException)
                 {
                     return;

BTCPayServer.Tests/GreenfieldAPITests.cs

@@ -0,0 +1,295 @@
+using System;
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Client.Models;
+using BTCPayServer.Controllers;
+using BTCPayServer.Services;
+using BTCPayServer.Tests.Logging;
+using Microsoft.AspNet.SignalR.Client;
+using Microsoft.AspNetCore.Mvc;
+using Xunit;
+using Xunit.Abstractions;
+using CreateApplicationUserRequest = BTCPayServer.Client.Models.CreateApplicationUserRequest;
+
+namespace BTCPayServer.Tests
+{
+    public class GreenfieldAPITests
+    {
+        public const int TestTimeout = TestUtils.TestTimeout;
+
+        public const string TestApiPath = "api/test/apikey";
+
+        public GreenfieldAPITests(ITestOutputHelper helper)
+        {
+            Logs.Tester = new XUnitLog(helper) { Name = "Tests" };
+            Logs.LogProvider = new XUnitLogProvider(helper);
+        }
+
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task ApiKeysControllerTests()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                await user.MakeAdmin();
+                var client = await user.CreateClient(Policies.CanViewProfile);
+                var clientBasic = await user.CreateClient();
+                //Get current api key 
+                var apiKeyData = await client.GetCurrentAPIKeyInfo();
+                Assert.NotNull(apiKeyData);
+                Assert.Equal(client.APIKey, apiKeyData.ApiKey);
+                Assert.Single(apiKeyData.Permissions);
+                
+                //a client using Basic Auth has no business here
+                await AssertHttpError(401, async () => await clientBasic.GetCurrentAPIKeyInfo());
+                
+                //revoke current api key
+                await client.RevokeCurrentAPIKeyInfo();
+                await AssertHttpError(401, async () => await client.GetCurrentAPIKeyInfo());
+                //a client using Basic Auth has no business here
+                await AssertHttpError(401, async () => await clientBasic.RevokeCurrentAPIKeyInfo());
+            }
+        }
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task CanCreateAndDeleteAPIKeyViaAPI()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var acc = tester.NewAccount();
+                await acc.GrantAccessAsync();
+                var unrestricted = await acc.CreateClient();
+                var apiKey = await unrestricted.CreateAPIKey(new CreateApiKeyRequest()
+                {
+                    Label = "Hello world",
+                    Permissions = new Permission[] { Permission.Create(Policies.CanViewProfile) }
+                });
+                Assert.Equal("Hello world", apiKey.Label);
+                var p = Assert.Single(apiKey.Permissions);
+                Assert.Equal(Policies.CanViewProfile, p.Policy);
+
+                var restricted = acc.CreateClientFromAPIKey(apiKey.ApiKey);
+                await AssertHttpError(403, async () => await restricted.CreateAPIKey(new CreateApiKeyRequest()
+                {
+                    Label = "Hello world2",
+                    Permissions = new Permission[] { Permission.Create(Policies.CanViewProfile) }
+                }));
+
+                await unrestricted.RevokeAPIKey(apiKey.ApiKey);
+                await AssertHttpError(404, async () => await unrestricted.RevokeAPIKey(apiKey.ApiKey));
+            }
+        }
+
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task CanCreateUsersViaAPI()
+        {
+            using (var tester = ServerTester.Create(newDb: true))
+            {
+                tester.PayTester.DisableRegistration = true;
+                await tester.StartAsync();
+                var unauthClient = new BTCPayServerClient(tester.PayTester.ServerUri);
+                await AssertHttpError(400, async () => await unauthClient.CreateUser(new CreateApplicationUserRequest()));
+                await AssertHttpError(400, async () => await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test@gmail.com" }));
+                // Pass too simple
+                await AssertHttpError(400, async () => await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test3@gmail.com", Password = "a" }));
+
+                // We have no admin, so it should work
+                var user1 = await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test@gmail.com", Password = "abceudhqw" });
+                // We have no admin, so it should work
+                var user2 = await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test2@gmail.com", Password = "abceudhqw" });
+
+                // Duplicate email
+                await AssertHttpError(400, async () => await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test2@gmail.com", Password = "abceudhqw" }));
+
+                // Let's make an admin
+                var admin = await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin@gmail.com", Password = "abceudhqw", IsAdministrator = true });
+
+                // Creating a new user without proper creds is now impossible (unauthorized) 
+                // Because if registration are locked and that an admin exists, we don't accept unauthenticated connection
+                await AssertHttpError(401, async () => await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test3@gmail.com", Password = "afewfoiewiou" }));
+
+
+                // But should be ok with subscriptions unlocked
+                var settings = tester.PayTester.GetService<SettingsRepository>();
+                await settings.UpdateSetting<PoliciesSettings>(new PoliciesSettings() { LockSubscription = false });
+                await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "test3@gmail.com", Password = "afewfoiewiou" });
+
+                // But it should be forbidden to create an admin without being authenticated
+                await AssertHttpError(403, async () => await unauthClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin2@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }));
+                await settings.UpdateSetting<PoliciesSettings>(new PoliciesSettings() { LockSubscription = true });
+
+                var adminAcc = tester.NewAccount();
+                adminAcc.UserId = admin.Id;
+                adminAcc.IsAdmin = true;
+                var adminClient = await adminAcc.CreateClient(Policies.CanModifyProfile);
+
+                // We should be forbidden to create a new user without proper admin permissions
+                await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" }));
+                await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }));
+
+                // However, should be ok with the unrestricted permissions of an admin
+                adminClient = await adminAcc.CreateClient(Policies.Unrestricted);
+                await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" });
+                // Even creating new admin should be ok
+                await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true });
+
+                var user1Acc = tester.NewAccount();
+                user1Acc.UserId = user1.Id;
+                user1Acc.IsAdmin = false;
+                var user1Client = await user1Acc.CreateClient(Policies.CanModifyServerSettings);
+              
+                // User1 trying to get server management would still fail to create user
+                await AssertHttpError(403, async () => await user1Client.CreateUser(new CreateApplicationUserRequest() { Email = "test8@gmail.com", Password = "afewfoiewiou" }));
+
+                // User1 should be able to create user if subscription unlocked
+                await settings.UpdateSetting<PoliciesSettings>(new PoliciesSettings() { LockSubscription = false });
+                await user1Client.CreateUser(new CreateApplicationUserRequest() { Email = "test8@gmail.com", Password = "afewfoiewiou" });
+
+                // But not an admin
+                await AssertHttpError(403, async () => await user1Client.CreateUser(new CreateApplicationUserRequest() { Email = "admin8@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }));
+            }
+        }
+        
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task StoresControllerTests()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                await user.MakeAdmin();
+                var client = await user.CreateClient(Policies.Unrestricted);
+                
+                //create store
+                var newStore = await client.CreateStore(new CreateStoreRequest() {Name = "A"});
+                
+                //update store
+                var updatedStore = await client.UpdateStore(newStore.Id, new UpdateStoreRequest() {Name = "B"});
+                Assert.Equal("B", updatedStore.Name);
+                Assert.Equal("B", (await client.GetStore(newStore.Id)).Name);
+                
+                //list stores
+                var stores = await client.GetStores();
+                var storeIds = stores.Select(data => data.Id);
+                var storeNames = stores.Select(data => data.Name);
+                Assert.NotNull(stores);
+                Assert.Equal(2, stores.Count());
+                Assert.Contains(newStore.Id, storeIds);
+                Assert.Contains(user.StoreId, storeIds);
+
+                //get store
+                var store = await client.GetStore(user.StoreId);
+                Assert.Equal(user.StoreId,store.Id);
+                Assert.Contains(store.Name,storeNames);
+                
+                //remove store
+                await client.RemoveStore(newStore.Id);
+                await AssertHttpError(403, async () =>
+                {
+                    await client.GetStore(newStore.Id);
+                });
+                Assert.Single(await client.GetStores());
+                
+                newStore = await client.CreateStore(new CreateStoreRequest() {Name = "A"});
+                var scopedClient = await user.CreateClient(Permission.Create(Policies.CanViewStoreSettings, user.StoreId).ToString());
+                Assert.Single(await scopedClient.GetStores());
+            }
+        }
+        
+        private async Task AssertHttpError(int code, Func<Task> act)
+        {
+            var ex = await Assert.ThrowsAsync<HttpRequestException>(act);
+            Assert.Contains(code.ToString(), ex.Message);
+        }
+
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task UsersControllerTests()
+        {
+            using (var tester = ServerTester.Create(newDb: true))
+            {
+                tester.PayTester.DisableRegistration = true;
+                await tester.StartAsync();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                await user.MakeAdmin();
+                var clientProfile = await user.CreateClient(Policies.CanModifyProfile);
+                var clientServer = await user.CreateClient(Policies.CanCreateUser, Policies.CanViewProfile);
+                var clientInsufficient = await user.CreateClient(Policies.CanModifyStoreSettings);
+                var clientBasic = await user.CreateClient();
+
+
+                var apiKeyProfileUserData = await clientProfile.GetCurrentUser();
+                Assert.NotNull(apiKeyProfileUserData);
+                Assert.Equal(apiKeyProfileUserData.Id, user.UserId);
+                Assert.Equal(apiKeyProfileUserData.Email, user.RegisterDetails.Email);
+
+                await Assert.ThrowsAsync<HttpRequestException>(async () => await clientInsufficient.GetCurrentUser());
+                await clientServer.GetCurrentUser();
+                await clientProfile.GetCurrentUser();
+                await clientBasic.GetCurrentUser();
+
+                await Assert.ThrowsAsync<HttpRequestException>(async () => await clientInsufficient.CreateUser(new CreateApplicationUserRequest()
+                {
+                    Email = $"{Guid.NewGuid()}@g.com",
+                    Password = Guid.NewGuid().ToString()
+                }));
+
+                var newUser = await clientServer.CreateUser(new CreateApplicationUserRequest()
+                {
+                    Email = $"{Guid.NewGuid()}@g.com",
+                    Password = Guid.NewGuid().ToString()
+                });
+                Assert.NotNull(newUser);
+
+                var newUser2 = await clientBasic.CreateUser(new CreateApplicationUserRequest()
+                {
+                    Email = $"{Guid.NewGuid()}@g.com",
+                    Password = Guid.NewGuid().ToString()
+                });
+                Assert.NotNull(newUser2);
+
+                await Assert.ThrowsAsync<HttpRequestException>(async () => await clientServer.CreateUser(new CreateApplicationUserRequest()
+                {
+                    Email = $"{Guid.NewGuid()}",
+                    Password = Guid.NewGuid().ToString()
+                }));
+
+                await Assert.ThrowsAsync<HttpRequestException>(async () => await clientServer.CreateUser(new CreateApplicationUserRequest()
+                {
+                    Email = $"{Guid.NewGuid()}@g.com",
+                }));
+
+                await Assert.ThrowsAsync<HttpRequestException>(async () => await clientServer.CreateUser(new CreateApplicationUserRequest()
+                {
+                    Password = Guid.NewGuid().ToString()
+                }));
+
+            }
+        }
+        
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task HealthControllerTests()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var unauthClient = new BTCPayServerClient(tester.PayTester.ServerUri);
+
+                var apiHealthData = await unauthClient.GetHealth();
+                Assert.NotNull(apiHealthData);
+                Assert.True(apiHealthData.Synchronized);
+            }
+        }
+    }
+}

BTCPayServer.Tests/PayJoinTests.cs

@@ -0,0 +1,852 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Controllers;
+using BTCPayServer.Data;
+using BTCPayServer.Events;
+using BTCPayServer.Models;
+using BTCPayServer.Models.InvoicingModels;
+using BTCPayServer.Models.WalletViewModels;
+using BTCPayServer.Payments;
+using BTCPayServer.Payments.Bitcoin;
+using BTCPayServer.Payments.PayJoin;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Invoices;
+using BTCPayServer.Services.Wallets;
+using BTCPayServer.Tests.Logging;
+using BTCPayServer.Views.Wallets;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+using Microsoft.VisualStudio.TestPlatform.CommunicationUtilities.ObjectModel;
+using NBitcoin;
+using NBitcoin.Altcoins;
+using NBitcoin.Payment;
+using NBitpayClient;
+using NBXplorer.Models;
+using OpenQA.Selenium;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace BTCPayServer.Tests
+{
+    public class PayJoinTests
+    {
+        public const int TestTimeout = 60_000;
+
+        public PayJoinTests(ITestOutputHelper helper)
+        {
+            Logs.Tester = new XUnitLog(helper) {Name = "Tests"};
+            Logs.LogProvider = new XUnitLogProvider(helper);
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async Task CanUseTheDelayedBroadcaster()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var network = tester.NetworkProvider.GetNetwork<BTCPayNetwork>("BTC");
+                var broadcaster = tester.PayTester.GetService<DelayedTransactionBroadcaster>();
+                await broadcaster.Schedule(DateTimeOffset.UtcNow + TimeSpan.FromDays(500), RandomTransaction(network), network);
+                var tx = RandomTransaction(network);
+                await broadcaster.Schedule(DateTimeOffset.UtcNow - TimeSpan.FromDays(5), tx, network);
+                // twice on same tx should be noop
+                await broadcaster.Schedule(DateTimeOffset.UtcNow - TimeSpan.FromDays(5), tx, network);
+                broadcaster.Disable();
+                Assert.Equal(0, await broadcaster.ProcessAll());
+                broadcaster.Enable();
+                Assert.Equal(1, await broadcaster.ProcessAll());
+                Assert.Equal(0, await broadcaster.ProcessAll());
+            }
+        }
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async Task CanUsePayjoinRepository()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var network = tester.NetworkProvider.GetNetwork<BTCPayNetwork>("BTC");
+                var repo = tester.PayTester.GetService<PayJoinRepository>();
+                var outpoint = RandomOutpoint();
+                
+                // Should not be locked
+                Assert.False(await repo.TryUnlock(outpoint));
+                
+                // Can lock input
+                Assert.True(await repo.TryLockInputs(new [] { outpoint }));
+                // Can't twice
+                Assert.False(await repo.TryLockInputs(new [] { outpoint }));
+                Assert.False(await repo.TryUnlock(outpoint));
+                
+                // Lock and unlock outpoint utxo
+                Assert.True(await repo.TryLock(outpoint));
+                Assert.True(await repo.TryUnlock(outpoint));
+                Assert.False(await repo.TryUnlock(outpoint));
+            }
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async Task ChooseBestUTXOsForPayjoin()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var network = tester.NetworkProvider.GetNetwork<BTCPayNetwork>("BTC");
+                var controller = tester.PayTester.GetService<PayJoinEndpointController>();
+
+                //Only one utxo, so obvious result
+                var utxos = new[] {FakeUTXO(1.0m)};
+                var paymentAmount = 0.5m;
+                var otherOutputs = new[] {0.5m};
+                var inputs = new[] {1m};
+                var result = await controller.SelectUTXO(network, utxos, inputs, paymentAmount, otherOutputs);
+                Assert.Equal(PayJoinEndpointController.PayjoinUtxoSelectionType.Ordered, result.selectionType);
+                Assert.Contains( result.selectedUTXO, utxo => utxos.Contains(utxo));
+                
+                //no matter what here, no good selection, it seems that payment with 1 utxo generally makes payjoin coin selection unperformant
+                utxos = new[] {FakeUTXO(0.3m),FakeUTXO(0.7m)};
+                paymentAmount = 0.5m;
+                otherOutputs = new[] {0.5m};
+                inputs = new[] {1m};
+                result = await controller.SelectUTXO(network, utxos, inputs, paymentAmount, otherOutputs);
+                Assert.Equal(PayJoinEndpointController.PayjoinUtxoSelectionType.Ordered, result.selectionType);
+                
+                //when there is no change, anything works
+                utxos = new[] {FakeUTXO(1),FakeUTXO(0.1m),FakeUTXO(0.001m),FakeUTXO(0.003m)};
+                paymentAmount = 0.5m;
+                otherOutputs = new decimal[0];
+                inputs = new[] {0.03m, 0.07m};
+                result = await controller.SelectUTXO(network, utxos, inputs, paymentAmount, otherOutputs);
+                Assert.Equal(PayJoinEndpointController.PayjoinUtxoSelectionType.HeuristicBased, result.selectionType);
+            }
+        }
+        
+        
+
+        private Transaction RandomTransaction(BTCPayNetwork network)
+        {
+            var tx = network.NBitcoinNetwork.CreateTransaction();
+            tx.Inputs.Add(new OutPoint(RandomUtils.GetUInt256(), 0), Script.Empty);
+            tx.Outputs.Add(Money.Coins(1.0m), new Key().ScriptPubKey);
+            return tx;
+        }
+
+        private UTXO FakeUTXO(decimal amount)
+        {
+            return new UTXO()
+            {
+                Value = new Money(amount, MoneyUnit.BTC),
+                Outpoint = RandomOutpoint()
+            };
+        }
+
+        private OutPoint RandomOutpoint()
+        {
+            return new OutPoint(RandomUtils.GetUInt256(), 0);
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async Task CanOnlyUseCorrectAddressFormatsForPayjoin()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var broadcaster = tester.PayTester.GetService<DelayedTransactionBroadcaster>();
+                var payjoinRepository = tester.PayTester.GetService<PayJoinRepository>();
+                broadcaster.Disable();
+                var network = tester.NetworkProvider.GetNetwork<BTCPayNetwork>("BTC");
+                var btcPayWallet = tester.PayTester.GetService<BTCPayWalletProvider>().GetWallet(network);
+                var cashCow = tester.ExplorerNode;
+                cashCow.Generate(2); // get some money in case
+
+                var unsupportedFormats = Enum.GetValues(typeof(ScriptPubKeyType))
+                    .AssertType<ScriptPubKeyType[]>()
+                    .Where(type => !PayjoinClient.SupportedFormats.Contains(type));
+                
+                
+                foreach (ScriptPubKeyType senderAddressType in Enum.GetValues(typeof(ScriptPubKeyType)))
+                {
+                    var senderUser = tester.NewAccount();
+                    senderUser.GrantAccess(true);
+                    senderUser.RegisterDerivationScheme("BTC", senderAddressType);
+                    
+                    foreach (ScriptPubKeyType receiverAddressType in Enum.GetValues(typeof(ScriptPubKeyType)))
+                    {
+                        var senderCoin = await senderUser.ReceiveUTXO(Money.Satoshis(100000), network);
+                        
+                        Logs.Tester.LogInformation($"Testing payjoin with sender: {senderAddressType} receiver: {receiverAddressType}");
+                        var receiverUser = tester.NewAccount();
+                        receiverUser.GrantAccess(true);
+                        receiverUser.RegisterDerivationScheme("BTC", receiverAddressType, true);
+                        await receiverUser.EnablePayJoin();
+                        var receiverCoin = await receiverUser.ReceiveUTXO(Money.Satoshis(810), network);
+
+                        var clientShouldError = unsupportedFormats.Contains(senderAddressType);
+                        string errorCode = null;
+                        if (unsupportedFormats.Contains(receiverAddressType))
+                        {
+                            errorCode = "unsupported-inputs";
+                        }else if (receiverAddressType != senderAddressType)
+                        {
+                            errorCode = "out-of-utxos";
+                        }
+                        var invoice = receiverUser.BitPay.CreateInvoice(new Invoice() {Price = 50000, Currency = "sats", FullNotifications = true});
+                        
+                        var invoiceAddress = BitcoinAddress.Create(invoice.BitcoinAddress, cashCow.Network);
+                        var txBuilder = network.NBitcoinNetwork.CreateTransactionBuilder();
+                        
+                        txBuilder.AddCoins(senderCoin);
+                        txBuilder.Send(invoiceAddress, invoice.BtcDue);
+                        txBuilder.SetChange(await senderUser.GetNewAddress(network));
+                        txBuilder.SendEstimatedFees(new FeeRate(50m));
+                        var psbt = txBuilder.BuildPSBT(false);
+                        psbt = await senderUser.Sign(psbt);
+                        var pj = await senderUser.SubmitPayjoin(invoice, psbt, errorCode, clientShouldError);
+                    }
+                }
+                
+            }
+        }
+
+        [Fact] 
+        [Trait("Selenium", "Selenium")] 
+        public async Task CanUsePayjoinViaUI()
+        {
+            using (var s = SeleniumTester.Create())
+            {
+                await s.StartAsync();
+                var invoiceRepository = s.Server.PayTester.GetService<InvoiceRepository>();
+                s.RegisterNewUser(true);
+
+                foreach (var format in PayjoinClient.SupportedFormats)
+                {
+                    var receiver = s.CreateNewStore();
+                    var receiverSeed = s.GenerateWallet("BTC", "", true, true, format);
+                    var receiverWalletId = new WalletId(receiver.storeId, "BTC");
+
+                    //payjoin is not enabled by default.
+                    var invoiceId = s.CreateInvoice(receiver.storeName);
+                    s.GoToInvoiceCheckout(invoiceId);
+                    var bip21 = s.Driver.FindElement(By.ClassName("payment__details__instruction__open-wallet__btn"))
+                        .GetAttribute("href");
+                    Assert.DoesNotContain($"{PayjoinClient.BIP21EndpointKey}=", bip21);
+
+                    s.GoToHome();
+                    s.GoToStore(receiver.storeId);
+                    //payjoin is not enabled by default.
+                    Assert.False(s.Driver.FindElement(By.Id("PayJoinEnabled")).Selected);
+                    s.SetCheckbox(s, "PayJoinEnabled", true);
+                    s.Driver.FindElement(By.Id("Save")).Click();
+                    Assert.True(s.Driver.FindElement(By.Id("PayJoinEnabled")).Selected);
+                    var sender = s.CreateNewStore();
+                    var senderSeed = s.GenerateWallet("BTC", "", true, true, format);
+                    var senderWalletId = new WalletId(sender.storeId, "BTC");
+                    await s.Server.ExplorerNode.GenerateAsync(1);
+                    await s.FundStoreWallet(senderWalletId);
+
+                    invoiceId = s.CreateInvoice(receiver.storeName);
+                    s.GoToInvoiceCheckout(invoiceId);
+                    bip21 = s.Driver.FindElement(By.ClassName("payment__details__instruction__open-wallet__btn"))
+                        .GetAttribute("href");
+                    Assert.Contains($"{PayjoinClient.BIP21EndpointKey}=", bip21);
+
+                    s.GoToWallet(senderWalletId, WalletsNavPages.Send);
+                    s.Driver.FindElement(By.Id("bip21parse")).Click();
+                    s.Driver.SwitchTo().Alert().SendKeys(bip21);
+                    s.Driver.SwitchTo().Alert().Accept();
+                    Assert.False(string.IsNullOrEmpty(s.Driver.FindElement(By.Id("PayJoinEndpointUrl"))
+                        .GetAttribute("value")));
+                    s.Driver.ScrollTo(By.Id("SendMenu"));
+                    s.Driver.FindElement(By.Id("SendMenu")).ForceClick();
+                    s.Driver.FindElement(By.CssSelector("button[value=nbx-seed]")).Click();
+                    await s.Server.WaitForEvent<NewOnChainTransactionEvent>(() =>
+                    {
+                        s.Driver.FindElement(By.CssSelector("button[value=payjoin]")).ForceClick();
+                        return Task.CompletedTask;
+                    });
+                    //no funds in receiver wallet to do payjoin
+                    s.AssertHappyMessage(StatusMessageModel.StatusSeverity.Warning);
+                    await TestUtils.EventuallyAsync(async () =>
+                    {
+                        var invoice = await s.Server.PayTester.GetService<InvoiceRepository>().GetInvoice(invoiceId);
+                        Assert.Equal(InvoiceStatus.Paid, invoice.Status);
+                    });
+
+                    s.GoToInvoices();
+                    var paymentValueRowColumn = s.Driver.FindElement(By.Id($"invoice_{invoiceId}"))
+                        .FindElement(By.ClassName("payment-value"));
+                    Assert.False(paymentValueRowColumn.Text.Contains("payjoin",
+                        StringComparison.InvariantCultureIgnoreCase));
+
+                    //let's do it all again, except now the receiver has funds and is able to payjoin
+                    invoiceId = s.CreateInvoice(receiver.storeName);
+                    s.GoToInvoiceCheckout(invoiceId);
+                    bip21 = s.Driver.FindElement(By.ClassName("payment__details__instruction__open-wallet__btn"))
+                        .GetAttribute("href");
+                    Assert.Contains($"{PayjoinClient.BIP21EndpointKey}", bip21);
+
+                    s.GoToWallet(senderWalletId, WalletsNavPages.Send);
+                    s.Driver.FindElement(By.Id("bip21parse")).Click();
+                    s.Driver.SwitchTo().Alert().SendKeys(bip21);
+                    s.Driver.SwitchTo().Alert().Accept();
+                    Assert.False(string.IsNullOrEmpty(s.Driver.FindElement(By.Id("PayJoinEndpointUrl"))
+                        .GetAttribute("value")));
+                    s.Driver.FindElement(By.Id("FeeSatoshiPerByte")).Clear();
+                    s.Driver.FindElement(By.Id("FeeSatoshiPerByte")).SendKeys("1");
+                    s.Driver.ScrollTo(By.Id("SendMenu"));
+                    s.Driver.FindElement(By.Id("SendMenu")).ForceClick();
+                    s.Driver.FindElement(By.CssSelector("button[value=nbx-seed]")).Click();
+                    var txId = await s.Server.WaitForEvent<NewOnChainTransactionEvent>(() =>
+                    {
+                        s.Driver.FindElement(By.CssSelector("button[value=payjoin]")).ForceClick();
+                        return Task.CompletedTask;
+                    });
+                    s.AssertHappyMessage(StatusMessageModel.StatusSeverity.Success);
+                    await TestUtils.EventuallyAsync(async () =>
+                    {
+                        var invoice = await invoiceRepository.GetInvoice(invoiceId);
+                        var payments = invoice.GetPayments();
+                        Assert.Equal(2, payments.Count);
+                        var originalPayment = payments[0];
+                        var coinjoinPayment = payments[1];
+                        Assert.Equal(-1,
+                            ((BitcoinLikePaymentData)originalPayment.GetCryptoPaymentData()).ConfirmationCount);
+                        Assert.Equal(0,
+                            ((BitcoinLikePaymentData)coinjoinPayment.GetCryptoPaymentData()).ConfirmationCount);
+                        Assert.False(originalPayment.Accounted);
+                        Assert.True(coinjoinPayment.Accounted);
+                        Assert.Equal(((BitcoinLikePaymentData)originalPayment.GetCryptoPaymentData()).Value,
+                            ((BitcoinLikePaymentData)coinjoinPayment.GetCryptoPaymentData()).Value);
+                        Assert.Equal(originalPayment.GetCryptoPaymentData()
+                                .AssertType<BitcoinLikePaymentData>()
+                                .Value,
+                            coinjoinPayment.GetCryptoPaymentData()
+                                .AssertType<BitcoinLikePaymentData>()
+                                .Value);
+                    });
+
+                    await TestUtils.EventuallyAsync(async () =>
+                    {
+                        var invoice = await s.Server.PayTester.GetService<InvoiceRepository>().GetInvoice(invoiceId);
+                        var dto = invoice.EntityToDTO();
+                        Assert.Equal(InvoiceStatus.Paid, invoice.Status);
+                    });
+                    s.GoToInvoices();
+                    paymentValueRowColumn = s.Driver.FindElement(By.Id($"invoice_{invoiceId}"))
+                        .FindElement(By.ClassName("payment-value"));
+                    Assert.False(paymentValueRowColumn.Text.Contains("payjoin",
+                        StringComparison.InvariantCultureIgnoreCase));
+                    
+                    TestUtils.Eventually(() =>
+                    {
+                        s.GoToWallet(receiverWalletId, WalletsNavPages.Transactions);
+                        Assert.Contains(invoiceId, s.Driver.PageSource);
+                        Assert.Contains("payjoin", s.Driver.PageSource);
+                        //this label does not always show since input gets used
+                        // Assert.Contains("payjoin-exposed", s.Driver.PageSource);
+                    });
+                }
+            }
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async Task CanUsePayjoinFeeCornerCase()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                var broadcaster = tester.PayTester.GetService<DelayedTransactionBroadcaster>();
+                var payjoinRepository = tester.PayTester.GetService<PayJoinRepository>();
+                broadcaster.Disable();
+                var network = tester.NetworkProvider.GetNetwork<BTCPayNetwork>("BTC");
+                var btcPayWallet = tester.PayTester.GetService<BTCPayWalletProvider>().GetWallet(network);
+                var cashCow = tester.ExplorerNode;
+                cashCow.Generate(2); // get some money in case
+
+                var senderUser = tester.NewAccount();
+                senderUser.GrantAccess(true);
+                senderUser.RegisterDerivationScheme("BTC", ScriptPubKeyType.Segwit);
+
+                var receiverUser = tester.NewAccount();
+                receiverUser.GrantAccess(true);
+                receiverUser.RegisterDerivationScheme("BTC", ScriptPubKeyType.Segwit, true);
+                await receiverUser.EnablePayJoin();
+                var receiverCoin = await receiverUser.ReceiveUTXO(Money.Satoshis(810), network);
+                string lastInvoiceId = null;
+
+                var vector = (SpentCoin: Money.Satoshis(810), InvoiceAmount: Money.Satoshis(700), Paid: Money.Satoshis(700), Fee: Money.Satoshis(110), InvoicePaid: true, ExpectedError: "not-enough-money");
+                async Task<PSBT> RunVector(bool skipLockedCheck = false)
+                {
+                    var coin = await senderUser.ReceiveUTXO(vector.SpentCoin, network);
+                    var invoice = receiverUser.BitPay.CreateInvoice(new Invoice() {Price = vector.InvoiceAmount.ToDecimal(MoneyUnit.BTC), Currency = "BTC", FullNotifications = true});
+                    lastInvoiceId = invoice.Id;
+                    var invoiceAddress = BitcoinAddress.Create(invoice.BitcoinAddress, cashCow.Network);
+                    var txBuilder = network.NBitcoinNetwork.CreateTransactionBuilder();
+                    txBuilder.OptInRBF = true;
+                    txBuilder.AddCoins(coin);
+                    txBuilder.Send(invoiceAddress, vector.Paid);
+                    txBuilder.SendFees(vector.Fee);
+                    txBuilder.SetChange(await senderUser.GetNewAddress(network));
+                    var psbt = txBuilder.BuildPSBT(false);
+                    psbt = await senderUser.Sign(psbt);
+                    var pj = await senderUser.SubmitPayjoin(invoice, psbt, vector.ExpectedError);
+                    if (vector.ExpectedError is null)
+                    {
+                        Assert.Contains(pj.Inputs, o => o.PrevOut == receiverCoin.Outpoint);
+                        foreach (var input in pj.GetGlobalTransaction().Inputs)
+                        {
+                            Assert.Equal(Sequence.OptInRBF, input.Sequence);
+                        }
+                        if (!skipLockedCheck)
+                            Assert.True(await payjoinRepository.TryUnlock(receiverCoin.Outpoint));
+                    }
+                    else
+                    {
+                        Assert.Null(pj);
+                        if (!skipLockedCheck)
+                            Assert.False(await payjoinRepository.TryUnlock(receiverCoin.Outpoint));
+                    }
+
+                    if (vector.InvoicePaid)
+                    {
+                        await TestUtils.EventuallyAsync(async () =>
+                        {
+                            invoice = await receiverUser.BitPay.GetInvoiceAsync(invoice.Id);
+                            Assert.Equal("paid", invoice.Status);
+                        });
+                    }
+                    return pj;
+                }
+
+                async Task LockAllButReceiverCoin()
+                {
+                    var coins = await btcPayWallet.GetUnspentCoins(receiverUser.DerivationScheme);
+                    foreach (var coin in coins)
+                    {
+                        if (coin.OutPoint != receiverCoin.Outpoint)
+                            await payjoinRepository.TryLock(coin.OutPoint);
+                        else
+                            await payjoinRepository.TryUnlock(coin.OutPoint);
+                    }
+                }
+
+                Logs.Tester.LogInformation("Here we send exactly the right amount. This should fails as\n" +
+                                           "there is not enough to pay the additional payjoin input. (going below the min relay fee" +
+                                           "However, the original tx has been broadcasted!");
+                vector = (SpentCoin: Money.Satoshis(810), InvoiceAmount: Money.Satoshis(700), Paid: Money.Satoshis(700), Fee: Money.Satoshis(110), InvoicePaid: true, ExpectedError: "not-enough-money");
+                await RunVector();
+                await LockAllButReceiverCoin();
+                
+                Logs.Tester.LogInformation("We don't pay enough");
+                vector = (SpentCoin: Money.Satoshis(810), InvoiceAmount: Money.Satoshis(700), Paid: Money.Satoshis(690), Fee: Money.Satoshis(110), InvoicePaid: false, ExpectedError: "invoice-not-fully-paid");
+                await RunVector();
+
+                Logs.Tester.LogInformation("We pay correctly");
+                vector = (SpentCoin: Money.Satoshis(810), InvoiceAmount: Money.Satoshis(500), Paid: Money.Satoshis(500), Fee: Money.Satoshis(110), InvoicePaid: true, ExpectedError: null as string);
+                await RunVector();
+                await LockAllButReceiverCoin();
+                
+                Logs.Tester.LogInformation("We pay a little bit more the invoice with enough fees to support additional input\n" +
+                                           "The receiver should have added a fake output");
+                vector = (SpentCoin: Money.Satoshis(910), InvoiceAmount: Money.Satoshis(500), Paid: Money.Satoshis(700), Fee: Money.Satoshis(110), InvoicePaid: true, ExpectedError: null as string);
+                var proposedPSBT = await RunVector();
+                Assert.Equal(2, proposedPSBT.Outputs.Count);
+                await LockAllButReceiverCoin();
+                
+                Logs.Tester.LogInformation("We pay correctly, but no utxo\n" +
+                                           "However, this has the side effect of having the receiver broadcasting the original tx");
+                await payjoinRepository.TryLock(receiverCoin.Outpoint);
+                vector = (SpentCoin: Money.Satoshis(810), InvoiceAmount: Money.Satoshis(500), Paid: Money.Satoshis(500), Fee: Money.Satoshis(110), InvoicePaid: true, ExpectedError: "out-of-utxos");
+                await RunVector(true);
+                await LockAllButReceiverCoin();
+
+                var originalSenderUser = senderUser;
+                retry:
+                // Additional fee is 96 , minrelaytx is 294
+                // We pay correctly, fees partially taken from what is overpaid
+                // We paid 510, the receiver pay 10 sat
+                // The send pay remaining 86 sat from his pocket
+                // So total paid by sender should be 86 + 510 + 200 so we should get 1090 - (86 + 510 + 200) == 294 back)
+                Logs.Tester.LogInformation($"Check if we can take fee on overpaid utxo{(senderUser == receiverUser ? " (to self)" : "")}");
+                vector = (SpentCoin: Money.Satoshis(1090), InvoiceAmount: Money.Satoshis(500), Paid: Money.Satoshis(510), Fee: Money.Satoshis(200), InvoicePaid: true, ExpectedError: null as string);
+                proposedPSBT = await RunVector();
+                Assert.Equal(2, proposedPSBT.Outputs.Count);
+                Assert.Contains(proposedPSBT.Outputs, o => o.Value == Money.Satoshis(500) + receiverCoin.Amount);
+                Assert.Contains(proposedPSBT.Outputs, o => o.Value == Money.Satoshis(294));
+                proposedPSBT = await senderUser.Sign(proposedPSBT);
+                proposedPSBT = proposedPSBT.Finalize();
+                var explorerClient = tester.PayTester.GetService<ExplorerClientProvider>().GetExplorerClient(proposedPSBT.Network.NetworkSet.CryptoCode);
+                var result = await explorerClient.BroadcastAsync(proposedPSBT.ExtractTransaction());
+                Assert.True(result.Success);
+                Logs.Tester.LogInformation($"We broadcasted the payjoin {proposedPSBT.ExtractTransaction().GetHash()}");
+                Logs.Tester.LogInformation($"Let's make sure that the coinjoin is not over paying, since the 10 overpaid sats have gone to fee");
+                await TestUtils.EventuallyAsync(async () =>
+                {
+                    var invoice = await tester.PayTester.GetService<InvoiceRepository>().GetInvoice(lastInvoiceId);
+                    Assert.Equal(InvoiceStatus.Paid, invoice.Status);
+                    Assert.Equal(InvoiceExceptionStatus.None, invoice.ExceptionStatus);
+                    var coins = await btcPayWallet.GetUnspentCoins(receiverUser.DerivationScheme);
+                    foreach (var coin in coins)
+                        await payjoinRepository.TryLock(coin.OutPoint);
+                });
+                tester.ExplorerNode.Generate(1);
+                receiverCoin = await receiverUser.ReceiveUTXO(Money.Satoshis(810), network);
+                await LockAllButReceiverCoin();
+                if (senderUser != receiverUser)
+                {
+                    Logs.Tester.LogInformation("Let's do the same, this time paying to ourselves");
+                    senderUser = receiverUser;
+                    goto retry;
+                }
+                else
+                {
+                    senderUser = originalSenderUser;                    
+                }
+                
+                
+                // Same as above. Except the sender send one satoshi less, so the change
+                // output would get below dust and would be removed completely.
+                // So we remove as much fee as we can, and still accept the transaction because it is above minrelay fee
+                vector = (SpentCoin: Money.Satoshis(1089), InvoiceAmount: Money.Satoshis(500), Paid: Money.Satoshis(510), Fee: Money.Satoshis(200), InvoicePaid: true, ExpectedError: null as string);
+                proposedPSBT = await RunVector();
+                Assert.Equal(2, proposedPSBT.Outputs.Count);
+                // We should have our payment
+                Assert.Contains(proposedPSBT.Outputs, output => output.Value == Money.Satoshis(500) + receiverCoin.Amount);
+                // Plus our other change output with value just at dust level
+                Assert.Contains(proposedPSBT.Outputs, output => output.Value == Money.Satoshis(294));
+                proposedPSBT = await senderUser.Sign(proposedPSBT);
+                proposedPSBT = proposedPSBT.Finalize();
+                explorerClient = tester.PayTester.GetService<ExplorerClientProvider>().GetExplorerClient(proposedPSBT.Network.NetworkSet.CryptoCode);
+                result = await explorerClient.BroadcastAsync(proposedPSBT.ExtractTransaction(), true);
+                Assert.True(result.Success);
+            }
+        }
+        
+        [Fact(Timeout = TestTimeout)]
+        [Trait("Integration", "Integration")]
+        public async Task CanUsePayjoin()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                await tester.StartAsync();
+                
+                ////var payJoinStateProvider = tester.PayTester.GetService<PayJoinStateProvider>();
+                var btcPayNetwork = tester.NetworkProvider.GetNetwork<BTCPayNetwork>("BTC");
+                var btcPayWallet = tester.PayTester.GetService<BTCPayWalletProvider>().GetWallet(btcPayNetwork);
+                var cashCow = tester.ExplorerNode;
+                cashCow.Generate(2); // get some money in case
+
+                var senderUser = tester.NewAccount();
+                senderUser.GrantAccess(true);
+                senderUser.RegisterDerivationScheme("BTC", ScriptPubKeyType.Segwit, true);
+
+                var invoice = senderUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 100, Currency = "USD", FullNotifications = true});
+                //payjoin is not enabled by default.
+                Assert.DoesNotContain($"{PayjoinClient.BIP21EndpointKey}", invoice.CryptoInfo.First().PaymentUrls.BIP21);
+                cashCow.SendToAddress(BitcoinAddress.Create(invoice.BitcoinAddress, cashCow.Network),
+                    Money.Coins(0.06m));
+
+                var receiverUser = tester.NewAccount();
+                receiverUser.GrantAccess(true);
+                receiverUser.RegisterDerivationScheme("BTC", ScriptPubKeyType.Segwit, true);
+
+                await receiverUser.EnablePayJoin();
+                // payjoin is enabled, with a segwit wallet, and the keys are available in nbxplorer
+                invoice = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.02m, Currency = "BTC", FullNotifications = true});
+                cashCow.SendToAddress(BitcoinAddress.Create(invoice.BitcoinAddress, cashCow.Network),
+                    Money.Coins(0.06m));
+                var receiverWalletId = new WalletId(receiverUser.StoreId, "BTC");
+
+                //give the cow some cash
+                await cashCow.GenerateAsync(1);
+                //let's get some more utxos first
+                await receiverUser.ReceiveUTXO(Money.Coins(0.011m), btcPayNetwork);
+                await receiverUser.ReceiveUTXO(Money.Coins(0.012m), btcPayNetwork);
+                await receiverUser.ReceiveUTXO(Money.Coins(0.013m), btcPayNetwork);
+                await receiverUser.ReceiveUTXO(Money.Coins(0.014m), btcPayNetwork);
+                await senderUser.ReceiveUTXO(Money.Coins(0.021m), btcPayNetwork);
+                await senderUser.ReceiveUTXO(Money.Coins(0.022m), btcPayNetwork);
+                await senderUser.ReceiveUTXO(Money.Coins(0.023m), btcPayNetwork);
+                await senderUser.ReceiveUTXO(Money.Coins(0.024m), btcPayNetwork);
+                await senderUser.ReceiveUTXO(Money.Coins(0.025m), btcPayNetwork);
+                await senderUser.ReceiveUTXO(Money.Coins(0.026m), btcPayNetwork);
+                var senderChange = await senderUser.GetNewAddress(btcPayNetwork);
+
+                //Let's start the harassment
+                invoice = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.02m, Currency = "BTC", FullNotifications = true});
+
+                var parsedBip21 = new BitcoinUrlBuilder(invoice.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+                var invoice2 = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.02m, Currency = "BTC", FullNotifications = true});
+                var secondInvoiceParsedBip21 = new BitcoinUrlBuilder(invoice2.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+                var senderStore = await tester.PayTester.StoreRepository.FindStore(senderUser.StoreId);
+                var paymentMethodId = new PaymentMethodId("BTC", PaymentTypes.BTCLike);
+                var derivationSchemeSettings = senderStore.GetSupportedPaymentMethods(tester.NetworkProvider)
+                    .OfType<DerivationSchemeSettings>().SingleOrDefault(settings =>
+                        settings.PaymentId == paymentMethodId);
+
+                ReceivedCoin[] senderCoins = null;
+                await TestUtils.EventuallyAsync(async () =>
+                {
+                    senderCoins = await btcPayWallet.GetUnspentCoins(senderUser.DerivationScheme);
+                    Assert.Contains(senderCoins, coin => coin.Value.GetValue(btcPayNetwork) == 0.026m);
+                });
+                var coin = senderCoins.Single(coin => coin.Value.GetValue(btcPayNetwork) == 0.021m);
+                var coin2 = senderCoins.Single(coin => coin.Value.GetValue(btcPayNetwork) == 0.022m);
+                var coin3 = senderCoins.Single(coin => coin.Value.GetValue(btcPayNetwork) == 0.023m);
+                var coin4 = senderCoins.Single(coin => coin.Value.GetValue(btcPayNetwork) == 0.024m);
+                var coin5 = senderCoins.Single(coin => coin.Value.GetValue(btcPayNetwork) == 0.025m);
+                var coin6 = senderCoins.Single(coin => coin.Value.GetValue(btcPayNetwork) == 0.026m);
+
+                var signingKeySettings = derivationSchemeSettings.GetSigningAccountKeySettings();
+                signingKeySettings.RootFingerprint =
+                    senderUser.GenerateWalletResponseV.MasterHDKey.GetPublicKey().GetHDFingerPrint();
+
+                var extKey =
+                    senderUser.GenerateWalletResponseV.MasterHDKey.Derive(signingKeySettings.GetRootedKeyPath()
+                        .KeyPath);
+
+
+                var n = tester.ExplorerClient.Network.NBitcoinNetwork;
+                var Invoice1Coin1 = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(parsedBip21.Address, parsedBip21.Amount)
+                    .AddCoins(coin.Coin)
+                    .AddKeys(extKey.Derive(coin.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m))
+                    .BuildTransaction(true);
+
+                var Invoice1Coin2 = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(parsedBip21.Address, parsedBip21.Amount)
+                    .AddCoins(coin2.Coin)
+                    .AddKeys(extKey.Derive(coin2.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m))
+                    .BuildTransaction(true);
+
+                var Invoice2Coin1 = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(secondInvoiceParsedBip21.Address, secondInvoiceParsedBip21.Amount)
+                    .AddCoins(coin.Coin)
+                    .AddKeys(extKey.Derive(coin.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m))
+                    .BuildTransaction(true);
+
+                var Invoice2Coin2 = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(secondInvoiceParsedBip21.Address, secondInvoiceParsedBip21.Amount)
+                    .AddCoins(coin2.Coin)
+                    .AddKeys(extKey.Derive(coin2.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m))
+                    .BuildTransaction(true);
+
+                //Attempt 1: Send a signed tx to invoice 1 that does not pay the invoice at all 
+                //Result: reject
+                // Assert.False((await tester.PayTester.HttpClient.PostAsync(endpoint,
+                //     new StringContent(Invoice2Coin1.ToHex(), Encoding.UTF8, "text/plain"))).IsSuccessStatusCode);
+
+                //Attempt 2: Create two transactions using different inputs and send them to the same invoice. 
+                //Result: Second Tx should be rejected. 
+                var Invoice1Coin1ResponseTx = await senderUser.SubmitPayjoin(invoice, Invoice1Coin1, btcPayNetwork);
+                await senderUser.SubmitPayjoin(invoice, Invoice1Coin1, btcPayNetwork, "already-paid");
+                var contributedInputsInvoice1Coin1ResponseTx =
+                    Invoice1Coin1ResponseTx.Inputs.Where(txin => coin.OutPoint != txin.PrevOut);
+                Assert.Single(contributedInputsInvoice1Coin1ResponseTx);
+
+                //Attempt 3: Send the same inputs from invoice 1 to invoice 2 while invoice 1 tx has not been broadcasted
+                //Result: Reject Tx1 but accept tx 2 as its inputs were never accepted by invoice 1
+                await senderUser.SubmitPayjoin(invoice2, Invoice2Coin1, btcPayNetwork, "inputs-already-used");
+                var Invoice2Coin2ResponseTx = await senderUser.SubmitPayjoin(invoice2, Invoice2Coin2, btcPayNetwork);
+                
+                var contributedInputsInvoice2Coin2ResponseTx =
+                    Invoice2Coin2ResponseTx.Inputs.Where(txin => coin2.OutPoint != txin.PrevOut);
+                Assert.Single(contributedInputsInvoice2Coin2ResponseTx);
+
+                //Attempt 4: Make tx that pays invoice 3 and 4 and submit to both
+                //Result: reject on 4: the protocol should not worry about this complexity
+
+                var invoice3 = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.01m, Currency = "BTC", FullNotifications = true});
+                var invoice3ParsedBip21 = new BitcoinUrlBuilder(invoice3.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+
+                var invoice4 = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.01m, Currency = "BTC", FullNotifications = true});
+                var invoice4ParsedBip21 = new BitcoinUrlBuilder(invoice4.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+
+                var Invoice3AndInvoice4Coin3 = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(invoice3ParsedBip21.Address, invoice3ParsedBip21.Amount)
+                    .Send(invoice4ParsedBip21.Address, invoice4ParsedBip21.Amount)
+                    .AddCoins(coin3.Coin)
+                    .AddKeys(extKey.Derive(coin3.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m))
+                    .BuildTransaction(true);
+
+                await senderUser.SubmitPayjoin(invoice3, Invoice3AndInvoice4Coin3, btcPayNetwork);
+                await senderUser.SubmitPayjoin(invoice4, Invoice3AndInvoice4Coin3, btcPayNetwork, "already-paid");
+
+                //Attempt 5: Make tx that pays invoice 5 with 2 outputs
+                //Result: proposed tx consolidates the outputs
+
+                var invoice5 = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.01m, Currency = "BTC", FullNotifications = true});
+                var invoice5ParsedBip21 = new BitcoinUrlBuilder(invoice5.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+                var Invoice5Coin4TxBuilder = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(invoice5ParsedBip21.Address, invoice5ParsedBip21.Amount / 2)
+                    .Send(invoice5ParsedBip21.Address, invoice5ParsedBip21.Amount / 2)
+                    .AddCoins(coin4.Coin)
+                    .AddKeys(extKey.Derive(coin4.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m));
+
+                var Invoice5Coin4 = Invoice5Coin4TxBuilder.BuildTransaction(true);
+                var Invoice5Coin4ResponseTx = await senderUser.SubmitPayjoin(invoice5, Invoice5Coin4, btcPayNetwork);
+                Assert.Single(Invoice5Coin4ResponseTx.Outputs.To(invoice5ParsedBip21.Address));
+
+                //Attempt 10: send tx with rbf, broadcast payjoin tx, bump the rbf payjoin , attempt to submit tx again
+                //Result: same tx gets sent back
+
+                //give the receiver some more utxos
+                Assert.NotNull(await tester.ExplorerNode.SendToAddressAsync(
+                    (await btcPayWallet.ReserveAddressAsync(receiverUser.DerivationScheme)).Address,
+                    new Money(0.1m, MoneyUnit.BTC)));
+
+                var invoice6 = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.01m, Currency = "BTC", FullNotifications = true});
+                var invoice6ParsedBip21 = new BitcoinUrlBuilder(invoice6.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+                var invoice6Coin5TxBuilder = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .Send(invoice6ParsedBip21.Address, invoice6ParsedBip21.Amount)
+                    .AddCoins(coin5.Coin)
+                    .AddKeys(extKey.Derive(coin5.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m))
+                    .SetLockTime(0);
+
+                var invoice6Coin5 = invoice6Coin5TxBuilder
+                    .BuildTransaction(true);
+
+                var Invoice6Coin5Response1Tx =await senderUser.SubmitPayjoin(invoice6, invoice6Coin5, btcPayNetwork);
+                var Invoice6Coin5Response1TxSigned = invoice6Coin5TxBuilder.SignTransaction(Invoice6Coin5Response1Tx);
+                //broadcast the first payjoin
+                await tester.ExplorerClient.BroadcastAsync(Invoice6Coin5Response1TxSigned);
+
+                // invoice6Coin5TxBuilder = invoice6Coin5TxBuilder.SendEstimatedFees(new FeeRate(100m));
+                // var invoice6Coin5Bumpedfee = invoice6Coin5TxBuilder
+                //     .BuildTransaction(true);
+                //
+                // var Invoice6Coin5Response3 = await tester.PayTester.HttpClient.PostAsync(invoice6Endpoint,
+                //     new StringContent(invoice6Coin5Bumpedfee.ToHex(), Encoding.UTF8, "text/plain"));
+                // Assert.True(Invoice6Coin5Response3.IsSuccessStatusCode);
+                // var Invoice6Coin5Response3Tx =
+                //     Transaction.Parse(await Invoice6Coin5Response3.Content.ReadAsStringAsync(), n);
+                // Assert.True(invoice6Coin5Bumpedfee.Inputs.All(txin =>
+                //     Invoice6Coin5Response3Tx.Inputs.Any(txin2 => txin2.PrevOut == txin.PrevOut)));
+
+                //Attempt 11:
+                //send tx with rbt, broadcast payjoin,
+                //create tx spending the original tx inputs with rbf to self,
+                //Result: the exposed utxos are priorized in the next p2ep
+
+                //give the receiver some more utxos
+                Assert.NotNull(await tester.ExplorerNode.SendToAddressAsync(
+                    (await btcPayWallet.ReserveAddressAsync(receiverUser.DerivationScheme)).Address,
+                    new Money(0.1m, MoneyUnit.BTC)));
+
+                var invoice7 = receiverUser.BitPay.CreateInvoice(
+                    new Invoice() {Price = 0.01m, Currency = "BTC", FullNotifications = true});
+                var invoice7ParsedBip21 = new BitcoinUrlBuilder(invoice7.CryptoInfo.First().PaymentUrls.BIP21,
+                    tester.ExplorerClient.Network.NBitcoinNetwork);
+
+                var txBuilder = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder();
+                txBuilder.OptInRBF = true;
+                var invoice7Coin6TxBuilder = txBuilder
+                    .SetChange(senderChange)
+                    .Send(invoice7ParsedBip21.Address, invoice7ParsedBip21.Amount)
+                    .AddCoins(coin6.Coin)
+                    .AddKeys(extKey.Derive(coin6.KeyPath))
+                    .SendEstimatedFees(new FeeRate(100m));
+
+                var invoice7Coin6Tx = invoice7Coin6TxBuilder
+                    .BuildTransaction(true);
+
+                var invoice7Coin6Response1Tx = await senderUser.SubmitPayjoin(invoice7, invoice7Coin6Tx, btcPayNetwork);
+                var Invoice7Coin6Response1TxSigned = invoice7Coin6TxBuilder.SignTransaction(invoice7Coin6Response1Tx);
+                var contributedInputsInvoice7Coin6Response1TxSigned =
+                    Invoice7Coin6Response1TxSigned.Inputs.Single(txin => coin6.OutPoint != txin.PrevOut);
+                
+                
+                ////var receiverWalletPayJoinState = payJoinStateProvider.Get(receiverWalletId);
+                ////Assert.Contains(receiverWalletPayJoinState.GetRecords(), item => item.InvoiceId == invoice7.Id);
+                //broadcast the payjoin
+                var res = (await tester.ExplorerClient.BroadcastAsync(Invoice7Coin6Response1TxSigned));
+                Assert.True(res.Success);
+                
+                // Paid with coinjoin
+                await TestUtils.EventuallyAsync(async () =>
+                {
+                    var invoiceEntity = await tester.PayTester.GetService<InvoiceRepository>().GetInvoice(invoice7.Id);
+                    Assert.Equal(InvoiceStatus.Paid, invoiceEntity.Status);
+                    Assert.Contains(invoiceEntity.GetPayments(), p => p.Accounted &&
+                                                                      ((BitcoinLikePaymentData)p.GetCryptoPaymentData()).PayjoinInformation is null);
+                });
+                ////Assert.Contains(receiverWalletPayJoinState.GetRecords(), item => item.InvoiceId == invoice7.Id && item.TxSeen);
+
+                var invoice7Coin6Tx2 = tester.ExplorerClient.Network.NBitcoinNetwork.CreateTransactionBuilder()
+                    .SetChange(senderChange)
+                    .AddCoins(coin6.Coin)
+                    .SendAll(senderChange)
+                    .SubtractFees()
+                    .AddKeys(extKey.Derive(coin6.KeyPath))
+                    .SendEstimatedFees(new FeeRate(200m))
+                    .SetLockTime(0)
+                    .BuildTransaction(true);
+
+                //broadcast the "rbf cancel" tx
+                res = (await tester.ExplorerClient.BroadcastAsync(invoice7Coin6Tx2));
+                Assert.True(res.Success);
+
+                // Make a block, this should put back the invoice to new
+                var blockhash = tester.ExplorerNode.Generate(1)[0];
+                Assert.NotNull(await tester.ExplorerNode.GetRawTransactionAsync(invoice7Coin6Tx2.GetHash(), blockhash));
+                Assert.Null(await tester.ExplorerNode.GetRawTransactionAsync(Invoice7Coin6Response1TxSigned.GetHash(), blockhash, false));
+                // Now we should return to New
+                OutPoint ourOutpoint = null;
+                await TestUtils.EventuallyAsync(async () =>
+                {
+                    var invoiceEntity = await tester.PayTester.GetService<InvoiceRepository>().GetInvoice(invoice7.Id);
+                    Assert.Equal(InvoiceStatus.New, invoiceEntity.Status);
+                    Assert.True(invoiceEntity.GetPayments().All(p => !p.Accounted));
+                    ourOutpoint = invoiceEntity.GetAllBitcoinPaymentData().First().PayjoinInformation.ContributedOutPoints[0];
+                });
+                var payjoinRepository = tester.PayTester.GetService<PayJoinRepository>();
+                // The outpoint should now be available for next pj selection
+                Assert.False(await payjoinRepository.TryUnlock(ourOutpoint));
+            }
+        }
+    }
+}

BTCPayServer.Tests/PaymentHandlerTest.cs

@@ -6,10 +6,12 @@ using BTCPayServer.Data;
 using BTCPayServer.Services.Rates;
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using BTCPayServer.Logging;
 using BTCPayServer.Payments;
 using BTCPayServer.Payments.Bitcoin;
 using BTCPayServer.Payments.Lightning;
 using BTCPayServer.Rating;
+using Logs = BTCPayServer.Tests.Logging.Logs;
 
 namespace BTCPayServer.Tests
 {
@@ -41,8 +43,8 @@ namespace BTCPayServer.Tests
             
             currencyPairRateResult.Add(new CurrencyPair("USD", "BTC"), Task.FromResult(rateResultUSDBTC));
             currencyPairRateResult.Add(new CurrencyPair("BTC", "USD"), Task.FromResult(rateResultBTCUSD));
- 
-            handlerBTC = new BitcoinLikePaymentHandler(null, networkProvider, null, null);
+            InvoiceLogs logs = new InvoiceLogs();
+            handlerBTC = new BitcoinLikePaymentHandler(null, networkProvider, null, null, null);
             handlerLN = new LightningLikePaymentHandler(null, null, networkProvider, null);
             
 #pragma warning restore CS0618               

BTCPayServer.Tests/SeleniumTester.cs

@@ -19,7 +19,10 @@ using System.Threading.Tasks;
 using BTCPayServer.Lightning;
 using BTCPayServer.Lightning.CLightning;
 using BTCPayServer.Models;
+using BTCPayServer.Services;
+using BTCPayServer.Views.Manage;
 using BTCPayServer.Views.Stores;
+using BTCPayServer.Views.Wallets;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using OpenQA.Selenium.Interactions;
@@ -31,9 +34,9 @@ namespace BTCPayServer.Tests
         public IWebDriver Driver { get; set; }
         public ServerTester Server { get; set; }
 
-        public static SeleniumTester Create([CallerMemberNameAttribute] string scope = null)
+        public static SeleniumTester Create([CallerMemberNameAttribute] string scope = null, bool newDb = false)
         {
-            var server = ServerTester.Create(scope);
+            var server = ServerTester.Create(scope, newDb);
             return new SeleniumTester()
             {
                 Server = server
@@ -71,19 +74,20 @@ namespace BTCPayServer.Tests
             Driver.AssertNoError();
         }
 
-        internal void AssertHappyMessage(StatusMessageModel.StatusSeverity severity = StatusMessageModel.StatusSeverity.Success)
+        internal IWebElement AssertHappyMessage(StatusMessageModel.StatusSeverity severity = StatusMessageModel.StatusSeverity.Success)
         {
             using var cts = new CancellationTokenSource(20_000);
             while (!cts.IsCancellationRequested)
             {
-                var success = Driver.FindElements(By.ClassName($"alert-{StatusMessageModel.ToString(severity)}")).Any(el => el.Displayed);
-                if (success)
-                    return;
+                var result = Driver.FindElements(By.ClassName($"alert-{StatusMessageModel.ToString(severity)}")).Where(el => el.Displayed);
+                if (result.Any())
+                    return result.First();
                 Thread.Sleep(100);
             }
             Logs.Tester.LogInformation(this.Driver.PageSource);
             Assert.True(false, $"Should have shown {severity} message");
-        }
+            return null;
+         }
 
         public static readonly TimeSpan ImplicitWait = TimeSpan.FromSeconds(10);
         public string Link(string relativeLink)
@@ -118,24 +122,26 @@ namespace BTCPayServer.Tests
 
             return (usr, Driver.FindElement(By.Id("Id")).GetAttribute("value"));
         }
+        
 
-        public string GenerateWallet(string cryptoCode = "BTC", string seed = "", bool importkeys = false, bool privkeys = false)
+        public Mnemonic GenerateWallet(string cryptoCode = "BTC", string seed = "", bool importkeys = false, bool privkeys = false, ScriptPubKeyType format = ScriptPubKeyType.Segwit)
         {
             Driver.FindElement(By.Id($"Modify{cryptoCode}")).ForceClick();
             Driver.FindElement(By.Id("import-from-btn")).ForceClick();
             Driver.FindElement(By.Id("nbxplorergeneratewalletbtn")).ForceClick();
-            Driver.FindElement(By.Id("ExistingMnemonic")).SendKeys(seed);
-            SetCheckbox(Driver.FindElement(By.Id("SavePrivateKeys")), privkeys);
-            SetCheckbox(Driver.FindElement(By.Id("ImportKeysToRPC")), importkeys);
-            Driver.FindElement(By.Id("btn-generate")).ForceClick();
+            Driver.WaitForElement(By.Id("ExistingMnemonic")).SendKeys(seed);
+            SetCheckbox(Driver.WaitForElement(By.Id("SavePrivateKeys")), privkeys);
+            SetCheckbox(Driver.WaitForElement(By.Id("ImportKeysToRPC")), importkeys);
+            Driver.WaitForElement(By.Id("ScriptPubKeyType")).Click();
+            Driver.WaitForElement(By.CssSelector($"#ScriptPubKeyType option[value={format}]")).Click();
+            Logs.Tester.LogInformation("Trying to click btn-generate");
+            Driver.WaitForElement(By.Id("btn-generate")).ForceClick();
             AssertHappyMessage();
             if (string.IsNullOrEmpty(seed))
             {
                 seed = Driver.FindElements(By.ClassName("alert-success")).First().FindElement(By.TagName("code")).Text;
             }
-            Driver.FindElement(By.Id("Confirm")).ForceClick();
-            AssertHappyMessage();
-            return seed;
+            return new Mnemonic(seed);
         }
 
         public void AddDerivationScheme(string cryptoCode = "BTC", string derivationScheme = "xpub661MyMwAqRbcGABgHMUXDzPzH1tU7eZaAaJQXhDXsSxsqyQzQeU6kznNfSuAyqAK9UaWSaZaMFdNiY5BCF4zBPAzSnwfUAwUhwttuAKwfRX-[legacy]")
@@ -251,13 +257,14 @@ namespace BTCPayServer.Tests
 
             if (value != element.Selected)
             {
+                Logs.Tester.LogInformation("SetCheckbox recursion, trying to click again");
                 SetCheckbox(element, value);
             }
         }
 
-        public void SetCheckbox(SeleniumTester s, string inputName, bool value)
+        public void SetCheckbox(SeleniumTester s, string checkboxId, bool value)
         {
-            SetCheckbox(s.Driver.FindElement(By.Name(inputName)), value);
+            SetCheckbox(s.Driver.WaitForElement(By.Id(checkboxId)), value);
         }
 
         public void ScrollToElement(IWebElement element)
@@ -271,6 +278,20 @@ namespace BTCPayServer.Tests
         {
             Driver.FindElement(By.Id("Invoices")).Click();
         }
+        
+        public void GoToProfile(ManageNavPages navPages =  ManageNavPages.Index)
+        {
+            Driver.FindElement(By.Id("MySettings")).Click();
+            if (navPages != ManageNavPages.Index)
+            {
+                Driver.FindElement(By.Id(navPages.ToString())).Click();
+            }
+        }
+
+        public void GoToLogin()
+        {
+            Driver.Navigate().GoToUrl(new Uri(Server.PayTester.ServerUri, "Account/Login"));
+        }
 
         public void GoToCreateInvoicePage()
         {
@@ -278,7 +299,7 @@ namespace BTCPayServer.Tests
             Driver.FindElement(By.Id("CreateNewInvoice")).Click();
         }
 
-        public string CreateInvoice(string store, decimal amount = 100, string currency = "USD", string refundEmail = "")
+        public string CreateInvoice(string storeName, decimal amount = 100, string currency = "USD", string refundEmail = "")
         {
             GoToInvoices();
             Driver.FindElement(By.Id("CreateNewInvoice")).Click();
@@ -287,7 +308,7 @@ namespace BTCPayServer.Tests
             currencyEl.Clear();
             currencyEl.SendKeys(currency);
             Driver.FindElement(By.Id("BuyerEmail")).SendKeys(refundEmail);
-            Driver.FindElement(By.Name("StoreId")).SendKeys(store + Keys.Enter);
+            Driver.FindElement(By.Name("StoreId")).SendKeys(storeName + Keys.Enter);
             Driver.FindElement(By.Id("Create")).ForceClick();
             Assert.True(Driver.PageSource.Contains("just created!"), "Unable to create Invoice");
             var statusElement = Driver.FindElement(By.ClassName("alert-success"));
@@ -296,8 +317,38 @@ namespace BTCPayServer.Tests
             return id;
         }
 
+        public async Task FundStoreWallet(WalletId walletId, int coins = 1, decimal denomination = 1m)
+        {
+            GoToWallet(walletId, WalletsNavPages.Receive);
+            Driver.FindElement(By.Id("generateButton")).Click();
+            var addressStr = Driver.FindElement(By.Id("vue-address")).GetProperty("value");
+            var address = BitcoinAddress.Create(addressStr, ((BTCPayNetwork)Server.NetworkProvider.GetNetwork(walletId.CryptoCode)).NBitcoinNetwork);
+            for (int i = 0; i < coins; i++)
+            {
+                await Server.ExplorerNode.SendToAddressAsync(address, Money.Coins(denomination));
+            }
+        }
+        
+        public void PayInvoice(WalletId walletId, string invoiceId)
+        {
+            GoToInvoiceCheckout(invoiceId);
+            var bip21 = Driver.FindElement(By.ClassName("payment__details__instruction__open-wallet__btn"))
+                .GetAttribute("href");
+            Assert.Contains($"{PayjoinClient.BIP21EndpointKey}", bip21);
+               
+            GoToWallet(walletId, WalletsNavPages.Send);
+            Driver.FindElement(By.Id("bip21parse")).Click();
+            Driver.SwitchTo().Alert().SendKeys(bip21);
+            Driver.SwitchTo().Alert().Accept();
+            Driver.ScrollTo(By.Id("SendMenu"));
+            Driver.FindElement(By.Id("SendMenu")).ForceClick();
+            Driver.FindElement(By.CssSelector("button[value=nbx-seed]")).Click();
+            Driver.FindElement(By.CssSelector("button[value=broadcast]")).ForceClick();
+        }
 
 
+        
+
         private void CheckForJSErrors()
         {
             //wait for seleniun update: https://stackoverflow.com/questions/57520296/selenium-webdriver-3-141-0-driver-manage-logs-availablelogtypes-throwing-syste
@@ -321,6 +372,13 @@ namespace BTCPayServer.Tests
 
         }
 
-
+        public void GoToWallet(WalletId walletId, WalletsNavPages navPages = WalletsNavPages.Send)
+        {
+            Driver.Navigate().GoToUrl(new Uri(Server.PayTester.ServerUri, $"wallets/{walletId}"));
+            if (navPages != WalletsNavPages.Transactions)
+            {
+                Driver.FindElement(By.Id($"Wallet{navPages}")).Click();
+            }
+        }
     }
 }

BTCPayServer.Tests/SeleniumTests.cs

@@ -11,6 +11,10 @@ using System.Threading.Tasks;
 using System.Text.RegularExpressions;
 using BTCPayServer.Models;
 using NBitcoin.Payment;
+using BTCPayServer.Controllers;
+using BTCPayServer.Data;
+using BTCPayServer.Services.Wallets;
+using BTCPayServer.Views.Wallets;
 
 namespace BTCPayServer.Tests
 {
@@ -417,7 +421,68 @@ namespace BTCPayServer.Tests
                 s.Driver.Quit();
             }
         }
-        
+
+
+        [Fact(Timeout = TestTimeout)]
+        public async Task CanUseCoinSelection()
+        {
+            using (var s = SeleniumTester.Create())
+            {
+                await s.StartAsync();
+                var userId = s.RegisterNewUser(true);
+                var storeId = s.CreateNewStore().storeId;
+                s.GenerateWallet("BTC", "", false, true);
+                var walletId = new WalletId(storeId, "BTC");
+                s.GoToWallet(walletId, WalletsNavPages.Receive);
+                s.Driver.FindElement(By.Id("generateButton")).Click();
+                var addressStr = s.Driver.FindElement(By.Id("vue-address")).GetProperty("value");
+                var address = BitcoinAddress.Create(addressStr, ((BTCPayNetwork)s.Server.NetworkProvider.GetNetwork("BTC")).NBitcoinNetwork);
+                await s.Server.ExplorerNode.GenerateAsync(1);
+                for (int i = 0; i < 6; i++)
+                {
+                    await s.Server.ExplorerNode.SendToAddressAsync(address, Money.Coins(1.0m));
+                }
+                var targetTx = await s.Server.ExplorerNode.SendToAddressAsync(address, Money.Coins(1.2m));
+                var tx = await s.Server.ExplorerNode.GetRawTransactionAsync(targetTx);
+                var spentOutpoint = new OutPoint(targetTx, tx.Outputs.FindIndex(txout => txout.Value == Money.Coins(1.2m)));
+                await TestUtils.EventuallyAsync(async () =>
+                {
+                    var store = await s.Server.PayTester.StoreRepository.FindStore(storeId);
+                    var x = store.GetSupportedPaymentMethods(s.Server.NetworkProvider)
+                        .OfType<DerivationSchemeSettings>()
+                        .Single(settings => settings.PaymentId.CryptoCode == walletId.CryptoCode);
+                    Assert.Contains(
+                        await s.Server.PayTester.GetService<BTCPayWalletProvider>().GetWallet(walletId.CryptoCode)
+                            .GetUnspentCoins(x.AccountDerivation),
+                        coin => coin.OutPoint == spentOutpoint);
+                });
+                await s.Server.ExplorerNode.GenerateAsync(1);
+                s.GoToWallet(walletId, WalletsNavPages.Send);
+                s.Driver.FindElement(By.Id("advancedSettings")).Click();
+                s.Driver.FindElement(By.Id("toggleInputSelection")).Click();
+                s.Driver.WaitForElement(By.Id(spentOutpoint.ToString()));
+                Assert.Equal("true", s.Driver.FindElement(By.Name("InputSelection")).GetAttribute("value").ToLowerInvariant());
+                var el = s.Driver.FindElement(By.Id(spentOutpoint.ToString()));
+                s.Driver.FindElement(By.Id(spentOutpoint.ToString())).Click();
+                var inputSelectionSelect = s.Driver.FindElement(By.Name("SelectedInputs"));
+                Assert.Single(inputSelectionSelect.FindElements(By.CssSelector("[selected]")));
+
+                var bob = new Key().PubKey.Hash.GetAddress(Network.RegTest);
+                SetTransactionOutput(s, 0, bob, 0.3m);
+                s.Driver.FindElement(By.Id("SendMenu")).Click();
+                s.Driver.FindElement(By.Id("spendWithNBxplorer")).Click();
+                s.Driver.FindElement(By.CssSelector("button[value=broadcast]")).ForceClick();
+                var happyElement = s.AssertHappyMessage();
+                var happyText = happyElement.Text;
+                var txid = Regex.Match(happyText, @"\((.*)\)").Groups[1].Value;
+
+                tx = await s.Server.ExplorerNode.GetRawTransactionAsync(new uint256(txid));
+                Assert.Single(tx.Inputs);
+                Assert.Equal(spentOutpoint, tx.Inputs[0].PrevOut);
+            }
+        }
+
+
         [Fact(Timeout = TestTimeout)]
         public async Task CanManageWallet()
         {
@@ -476,7 +541,7 @@ namespace BTCPayServer.Tests
                 Assert.NotEqual( receiveAddr, s.Driver.FindElement(By.Id("vue-address")).GetAttribute("value"));
                 
                 
-                var invoiceId = s.CreateInvoice(storeId.storeId);
+                var invoiceId = s.CreateInvoice(storeId.storeName);
                 var invoice = await s.Server.PayTester.InvoiceRepository.GetInvoice(invoiceId);
                 var address = invoice.EntityToDTO().Addresses["BTC"];
                 
@@ -488,8 +553,8 @@ namespace BTCPayServer.Tests
                 var mnemonic = s.GenerateWallet("BTC", "", true, true);
                 
                 //lets import and save private keys
-                var root = new Mnemonic(mnemonic).DeriveExtKey();
-                 invoiceId = s.CreateInvoice(storeId.storeId);
+                var root = mnemonic.DeriveExtKey();
+                 invoiceId = s.CreateInvoice(storeId.storeName);
                  invoice = await s.Server.PayTester.InvoiceRepository.GetInvoice( invoiceId);
                  address = invoice.EntityToDTO().Addresses["BTC"];
                  result = await s.Server.ExplorerNode.GetAddressInfoAsync(BitcoinAddress.Create(address, Network.RegTest));
@@ -518,18 +583,18 @@ namespace BTCPayServer.Tests
                 Assert.Contains(tx.ToString(), s.Driver.PageSource);
 
                 
-                void SignWith(string signingSource)
+                void SignWith(Mnemonic signingSource)
                 {
                     // Send to bob
                     s.Driver.FindElement(By.Id("WalletSend")).Click();
                     var bob = new Key().PubKey.Hash.GetAddress(Network.RegTest);
-                    SetTransactionOutput(0, bob, 1);
+                    SetTransactionOutput(s, 0, bob, 1);
                     s.Driver.ScrollTo(By.Id("SendMenu"));
                     s.Driver.FindElement(By.Id("SendMenu")).ForceClick();
                     s.Driver.FindElement(By.CssSelector("button[value=seed]")).Click();
 
                     // Input the seed
-                    s.Driver.FindElement(By.Id("SeedOrKey")).SendKeys(signingSource + Keys.Enter);
+                    s.Driver.FindElement(By.Id("SeedOrKey")).SendKeys(signingSource.ToString() + Keys.Enter);
 
                     // Broadcast
                     Assert.Contains(bob.ToString(), s.Driver.PageSource);
@@ -537,19 +602,6 @@ namespace BTCPayServer.Tests
                     s.Driver.FindElement(By.CssSelector("button[value=broadcast]")).ForceClick();
                     Assert.Equal(walletTransactionLink, s.Driver.Url);
                 }
-
-                void SetTransactionOutput(int index, BitcoinAddress dest, decimal amount, bool subtract = false)
-                {
-                    s.Driver.FindElement(By.Id($"Outputs_{index}__DestinationAddress")).SendKeys(dest.ToString());
-                    var amountElement = s.Driver.FindElement(By.Id($"Outputs_{index}__Amount"));
-                    amountElement.Clear();
-                    amountElement.SendKeys(amount.ToString());
-                    var checkboxElement = s.Driver.FindElement(By.Id($"Outputs_{index}__SubtractFeesFromOutput"));
-                    if (checkboxElement.Selected != subtract)
-                    {
-                        checkboxElement.Click();
-                    }
-                }
                 
                 SignWith(mnemonic);
                 
@@ -558,7 +610,7 @@ namespace BTCPayServer.Tests
                 s.Driver.FindElement(By.Id("WalletSend")).Click();
                 
                 var jack = new Key().PubKey.Hash.GetAddress(Network.RegTest);
-                SetTransactionOutput(0, jack, 0.01m);
+                SetTransactionOutput(s, 0, jack, 0.01m);
                 s.Driver.ScrollTo(By.Id("SendMenu"));
                 s.Driver.FindElement(By.Id("SendMenu")).ForceClick();
                 
@@ -587,6 +639,25 @@ namespace BTCPayServer.Tests
                 Assert.Equal(parsedBip21.Amount.ToString(false), s.Driver.FindElement(By.Id($"Outputs_0__Amount")).GetAttribute("value"));
                 Assert.Equal(parsedBip21.Address.ToString(), s.Driver.FindElement(By.Id($"Outputs_0__DestinationAddress")).GetAttribute("value"));
                 
+                
+                s.GoToWallet(new WalletId(storeId.storeId, "BTC"), WalletsNavPages.Settings);
+                
+                s.Driver.FindElement(By.Id("SettingsMenu")).ForceClick();
+                s.Driver.FindElement(By.CssSelector("button[value=view-seed]")).Click();
+                s.AssertHappyMessage();
+                Assert.Equal(mnemonic.ToString(), s.Driver.FindElements(By.ClassName("alert-success")).First().FindElement(By.TagName("code")).Text);
+            }
+        }
+        void SetTransactionOutput(SeleniumTester s, int index, BitcoinAddress dest, decimal amount, bool subtract = false)
+        {
+            s.Driver.FindElement(By.Id($"Outputs_{index}__DestinationAddress")).SendKeys(dest.ToString());
+            var amountElement = s.Driver.FindElement(By.Id($"Outputs_{index}__Amount"));
+            amountElement.Clear();
+            amountElement.SendKeys(amount.ToString());
+            var checkboxElement = s.Driver.FindElement(By.Id($"Outputs_{index}__SubtractFeesFromOutput"));
+            if (checkboxElement.Selected != subtract)
+            {
+                checkboxElement.Click();
             }
         }
     }

BTCPayServer.Tests/ServerTester.cs

@@ -29,13 +29,13 @@ namespace BTCPayServer.Tests
 {
     public class ServerTester : IDisposable
     {
-        public static ServerTester Create([CallerMemberNameAttribute]string scope = null)
+        public static ServerTester Create([CallerMemberNameAttribute]string scope = null, bool newDb = false)
         {
-            return new ServerTester(scope);
+            return new ServerTester(scope, newDb);
         }
 
         string _Directory;
-        public ServerTester(string scope)
+        public ServerTester(string scope, bool newDb)
         {
             _Directory = scope;
             if (Directory.Exists(_Directory))
@@ -53,9 +53,18 @@ namespace BTCPayServer.Tests
             {
                 NBXplorerUri = ExplorerClient.Address,
                 TestDatabase = Enum.Parse<TestDatabases>(GetEnvironment("TESTS_DB", TestDatabases.Postgres.ToString()), true),
+                // TODO: The fact that we use same conn string as development database can cause huge problems with tests
+                // since in dev we already can have some users / stores registered, while on CI database is being initalized
+                // for the first time and first registered user gets admin status by default
                 Postgres = GetEnvironment("TESTS_POSTGRES", "User ID=postgres;Host=127.0.0.1;Port=39372;Database=btcpayserver"),
                 MySQL = GetEnvironment("TESTS_MYSQL", "User ID=root;Host=127.0.0.1;Port=33036;Database=btcpayserver")
             };
+            if (newDb)
+            {
+                var r = RandomUtils.GetUInt32();
+                PayTester.Postgres = PayTester.Postgres.Replace("btcpayserver", $"btcpayserver{r}");
+                PayTester.MySQL = PayTester.MySQL.Replace("btcpayserver", $"btcpayserver{r}");
+            }
             PayTester.Port = int.Parse(GetEnvironment("TESTS_PORT", Utils.FreeTcpPort().ToString(CultureInfo.InvariantCulture)), CultureInfo.InvariantCulture);
             PayTester.HostName = GetEnvironment("TESTS_HOSTNAME", "127.0.0.1");
             PayTester.InContainer = bool.Parse(GetEnvironment("TESTS_INCONTAINER", "false"));
@@ -63,6 +72,7 @@ namespace BTCPayServer.Tests
             PayTester.SSHPassword = GetEnvironment("TESTS_SSHPASSWORD", "opD3i2282D");
             PayTester.SSHKeyFile = GetEnvironment("TESTS_SSHKEYFILE", "");
             PayTester.SSHConnection = GetEnvironment("TESTS_SSHCONNECTION", "root@127.0.0.1:21622");
+            PayTester.SocksEndpoint = GetEnvironment("TESTS_SOCKSENDPOINT", "localhost:9050");
         }
 
         public void ActivateLTC()
@@ -108,6 +118,7 @@ namespace BTCPayServer.Tests
         public async Task EnsureChannelsSetup()
         {
             Logs.Tester.LogInformation("Connecting channels");
+            BTCPayServer.Lightning.Tests.ConnectChannels.Logs = Logs.LogProvider.CreateLogger("Connect channels");
             await BTCPayServer.Lightning.Tests.ConnectChannels.ConnectAll(ExplorerNode, GetLightningSenderClients(), GetLightningDestClients()).ConfigureAwait(false);
             Logs.Tester.LogInformation("Channels connected");
         }
@@ -135,6 +146,19 @@ namespace BTCPayServer.Tests
             await CustomerLightningD.Pay(bolt11);
         }
 
+        public async Task<T> WaitForEvent<T>(Func<Task> action)
+        {
+            var tcs = new TaskCompletionSource<T>(TaskCreationOptions.RunContinuationsAsynchronously);
+            var sub = PayTester.GetService<EventAggregator>().Subscribe<T>(evt =>
+            {
+                tcs.TrySetResult(evt);
+            });
+            await action.Invoke();
+            var result = await tcs.Task;
+            sub.Dispose();
+            return result;
+        }
+
         public ILightningClient CustomerLightningD { get; set; }
 
         public ILightningClient MerchantLightningD { get; private set; }

BTCPayServer.Tests/TestAccount.cs

@@ -8,8 +8,10 @@ using NBitcoin;
 using NBitpayClient;
 using System;
 using System.Collections.Generic;
+using System.Net.Http;
 using System.Text;
 using System.Threading.Tasks;
+using Amazon.S3.Model;
 using Xunit;
 using NBXplorer.DerivationStrategy;
 using BTCPayServer.Payments;
@@ -18,48 +20,102 @@ using BTCPayServer.Tests.Logging;
 using BTCPayServer.Lightning;
 using BTCPayServer.Lightning.CLightning;
 using BTCPayServer.Data;
-using OpenIddict.Abstractions;
-using OpenIddict.Core;
 using Microsoft.AspNetCore.Identity;
 using NBXplorer.Models;
+using BTCPayServer.Client;
+using BTCPayServer.Events;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Services.Wallets;
+using NBitcoin.Payment;
+using Newtonsoft.Json.Linq;
 
 namespace BTCPayServer.Tests
 {
     public class TestAccount
     {
         ServerTester parent;
+
         public TestAccount(ServerTester parent)
         {
             this.parent = parent;
             BitPay = new Bitpay(new Key(), parent.PayTester.ServerUri);
         }
 
-        public void GrantAccess()
+        public void GrantAccess(bool isAdmin = false)
         {
-            GrantAccessAsync().GetAwaiter().GetResult();
+            GrantAccessAsync(isAdmin).GetAwaiter().GetResult();
         }
 
-        public async Task MakeAdmin()
+        public async Task MakeAdmin(bool isAdmin = true)
         {
             var userManager = parent.PayTester.GetService<UserManager<ApplicationUser>>();
             var u = await userManager.FindByIdAsync(UserId);
-            await userManager.AddToRoleAsync(u, Roles.ServerAdmin);
+            if (isAdmin)
+                await userManager.AddToRoleAsync(u, Roles.ServerAdmin);
+            else
+                await userManager.RemoveFromRoleAsync(u, Roles.ServerAdmin);
             IsAdmin = true;
         }
 
-        public void Register()
+        public Task<BTCPayServerClient> CreateClient()
         {
-            RegisterAsync().GetAwaiter().GetResult();
+            return Task.FromResult(new BTCPayServerClient(parent.PayTester.ServerUri, RegisterDetails.Email,
+                RegisterDetails.Password));
         }
-        public async Task GrantAccessAsync()
+
+        public async Task<BTCPayServerClient> CreateClient(params string[] permissions)
         {
-            await RegisterAsync();
+            var manageController = parent.PayTester.GetController<ManageController>(UserId, StoreId, IsAdmin);
+            var x = Assert.IsType<RedirectToActionResult>(await manageController.AddApiKey(
+                new ManageController.AddApiKeyViewModel()
+                {
+                    PermissionValues = permissions.Select(s =>
+                    {
+                        Permission.TryParse(s, out var p);
+                        return p;
+                    }).GroupBy(permission => permission.Policy).Select(p =>
+                    {
+                        var stores = p.Where(permission => !string.IsNullOrEmpty(permission.StoreId))
+                            .Select(permission => permission.StoreId).ToList();
+                        return new ManageController.AddApiKeyViewModel.PermissionValueItem()
+                        {
+                            Permission = p.Key,
+                            Forbidden = false,
+                            StoreMode = stores.Any()?  ManageController.AddApiKeyViewModel.ApiKeyStoreMode.Specific: ManageController.AddApiKeyViewModel.ApiKeyStoreMode.AllStores,
+                            SpecificStores = stores,
+                            Value = true
+                        };
+                    }).ToList()
+                }));
+            var statusMessage = manageController.TempData.GetStatusMessageModel();
+            Assert.NotNull(statusMessage);
+            var str = "<code class='alert-link'>";
+            var apiKey = statusMessage.Html.Substring(statusMessage.Html.IndexOf(str) + str.Length);
+            apiKey = apiKey.Substring(0, apiKey.IndexOf("</code>"));
+            return new BTCPayServerClient(parent.PayTester.ServerUri, apiKey);
+        }
+
+        public void Register(bool isAdmin = false)
+        {
+            RegisterAsync(isAdmin).GetAwaiter().GetResult();
+        }
+
+        public async Task GrantAccessAsync(bool isAdmin = false)
+        {
+            await RegisterAsync(isAdmin);
             await CreateStoreAsync();
             var store = this.GetController<StoresController>();
             var pairingCode = BitPay.RequestClientAuthorization("test", Facade.Merchant);
             Assert.IsType<ViewResult>(await store.RequestPairing(pairingCode.ToString()));
             await store.Pair(pairingCode.ToString(), StoreId);
         }
+
+        public BTCPayServerClient CreateClientFromAPIKey(string apiKey)
+        {
+            return new BTCPayServerClient(parent.PayTester.ServerUri, apiKey);
+        }
+
         public void CreateStore()
         {
             CreateStoreAsync().GetAwaiter().GetResult();
@@ -72,6 +128,7 @@ namespace BTCPayServer.Tests
                 store.NetworkFeeMode = mode;
             });
         }
+
         public void ModifyStore(Action<StoreViewModel> modify)
         {
             var storeController = GetController<StoresController>();
@@ -89,44 +146,60 @@ namespace BTCPayServer.Tests
         public async Task CreateStoreAsync()
         {
             var store = this.GetController<UserStoresController>();
-            await store.CreateStore(new CreateStoreViewModel() { Name = "Test Store" });
+            await store.CreateStore(new CreateStoreViewModel() {Name = "Test Store"});
             StoreId = store.CreatedStoreId;
             parent.Stores.Add(StoreId);
         }
 
         public BTCPayNetwork SupportedNetwork { get; set; }
 
-        public WalletId RegisterDerivationScheme(string crytoCode, bool segwit = false, bool importKeysToNBX = false)
+        public WalletId RegisterDerivationScheme(string crytoCode, ScriptPubKeyType segwit = ScriptPubKeyType.Legacy, bool importKeysToNBX = false)
         {
             return RegisterDerivationSchemeAsync(crytoCode, segwit, importKeysToNBX).GetAwaiter().GetResult();
         }
-        public async Task<WalletId> RegisterDerivationSchemeAsync(string cryptoCode, bool segwit = false, bool importKeysToNBX = false)
+
+        public async Task<WalletId> RegisterDerivationSchemeAsync(string cryptoCode, ScriptPubKeyType segwit = ScriptPubKeyType.Legacy,
+            bool importKeysToNBX = false)
         {
             SupportedNetwork = parent.NetworkProvider.GetNetwork<BTCPayNetwork>(cryptoCode);
             var store = parent.PayTester.GetController<StoresController>(UserId, StoreId);
             GenerateWalletResponseV = await parent.ExplorerClient.GenerateWalletAsync(new GenerateWalletRequest()
             {
-                ScriptPubKeyType = segwit ? ScriptPubKeyType.Segwit : ScriptPubKeyType.Legacy,
-                SavePrivateKeys = importKeysToNBX
+                ScriptPubKeyType = segwit,
+                SavePrivateKeys = importKeysToNBX,
             });
-
-            await store.AddDerivationScheme(StoreId, new DerivationSchemeViewModel()
-            {
-                Enabled = true,
-                CryptoCode = cryptoCode,
-                Network = SupportedNetwork,
-                RootFingerprint = GenerateWalletResponseV.AccountKeyPath.MasterFingerprint.ToString(),
-                RootKeyPath = SupportedNetwork.GetRootKeyPath(),
-                Source = "NBXplorer",
-                AccountKey = GenerateWalletResponseV.AccountHDKey.Neuter().ToWif(),
-                DerivationSchemeFormat = "BTCPay",
-                KeyPath = GenerateWalletResponseV.AccountKeyPath.KeyPath.ToString(),
-                DerivationScheme = DerivationScheme.ToString(),
-                Confirmation = true
-            }, cryptoCode);
+            await store.AddDerivationScheme(StoreId,
+                new DerivationSchemeViewModel()
+                {
+                    Enabled = true,
+                    CryptoCode = cryptoCode,
+                    Network = SupportedNetwork,
+                    RootFingerprint = GenerateWalletResponseV.AccountKeyPath.MasterFingerprint.ToString(),
+                    RootKeyPath = SupportedNetwork.GetRootKeyPath(),
+                    Source = "NBXplorer",
+                    AccountKey = GenerateWalletResponseV.AccountHDKey.Neuter().ToWif(),
+                    DerivationSchemeFormat = "BTCPay",
+                    KeyPath = GenerateWalletResponseV.AccountKeyPath.KeyPath.ToString(),
+                    DerivationScheme = DerivationScheme.ToString(),
+                    Confirmation = true
+                }, cryptoCode);
             return new WalletId(StoreId, cryptoCode);
         }
 
+        public async Task EnablePayJoin()
+        {
+            var storeController = parent.PayTester.GetController<StoresController>(UserId, StoreId);
+            var storeVM =
+                Assert.IsType<StoreViewModel>(Assert
+                    .IsType<ViewResult>(storeController.UpdateStore()).Model);
+
+            storeVM.PayJoinEnabled = true;
+
+            Assert.Equal(nameof(storeController.UpdateStore),
+                Assert.IsType<RedirectToActionResult>(
+                    await storeController.UpdateStore(storeVM)).ActionName);
+        }
+
         public GenerateWalletResponse GenerateWalletResponseV { get; set; }
 
         public DerivationStrategyBase DerivationScheme
@@ -137,7 +210,7 @@ namespace BTCPayServer.Tests
             }
         }
 
-        private async Task RegisterAsync()
+        private async Task RegisterAsync(bool isAdmin = false)
         {
             var account = parent.PayTester.GetController<AccountController>();
             RegisterDetails = new RegisterViewModel()
@@ -145,26 +218,33 @@ namespace BTCPayServer.Tests
                 Email = Guid.NewGuid() + "@toto.com",
                 ConfirmPassword = "Kitten0@",
                 Password = "Kitten0@",
+                IsAdmin = isAdmin
             };
             await account.Register(RegisterDetails);
             UserId = account.RegisteredUserId;
+            IsAdmin = account.RegisteredAdmin;
         }
 
-        public RegisterViewModel RegisterDetails{ get; set; }
+        public RegisterViewModel RegisterDetails { get; set; }
 
         public Bitpay BitPay
         {
-            get; set;
+            get;
+            set;
         }
+
         public string UserId
         {
-            get; set;
+            get;
+            set;
         }
 
         public string StoreId
         {
-            get; set;
+            get;
+            set;
         }
+
         public bool IsAdmin { get; internal set; }
 
         public void RegisterLightningNode(string cryptoCode, LightningConnectionType connectionType)
@@ -180,28 +260,145 @@ namespace BTCPayServer.Tests
             if (connectionType == LightningConnectionType.Charge)
                 connectionString = "type=charge;server=" + parent.MerchantCharge.Client.Uri.AbsoluteUri;
             else if (connectionType == LightningConnectionType.CLightning)
-                connectionString = "type=clightning;server=" + ((CLightningClient)parent.MerchantLightningD).Address.AbsoluteUri;
+                connectionString = "type=clightning;server=" +
+                                   ((CLightningClient)parent.MerchantLightningD).Address.AbsoluteUri;
             else if (connectionType == LightningConnectionType.LndREST)
                 connectionString = $"type=lnd-rest;server={parent.MerchantLnd.Swagger.BaseUrl};allowinsecure=true";
             else
                 throw new NotSupportedException(connectionType.ToString());
 
-            await storeController.AddLightningNode(StoreId, new LightningNodeViewModel()
-            {
-                ConnectionString = connectionString,
-                SkipPortTest = true
-            }, "save", "BTC");
+            await storeController.AddLightningNode(StoreId,
+                new LightningNodeViewModel() {ConnectionString = connectionString, SkipPortTest = true}, "save", "BTC");
             if (storeController.ModelState.ErrorCount != 0)
                 Assert.False(true, storeController.ModelState.FirstOrDefault().Value.Errors[0].ErrorMessage);
         }
 
-        public async Task<BTCPayOpenIdClient> RegisterOpenIdClient(OpenIddictApplicationDescriptor descriptor, string secret = null)
+        public async Task<Coin> ReceiveUTXO(Money value, BTCPayNetwork network)
         {
-          var openIddictApplicationManager = parent.PayTester.GetService<OpenIddictApplicationManager<BTCPayOpenIdClient>>();
-          var client = new BTCPayOpenIdClient { Id = Guid.NewGuid().ToString(), ApplicationUserId = UserId};
-          await openIddictApplicationManager.PopulateAsync(client, descriptor);
-          await openIddictApplicationManager.CreateAsync(client, secret);
-          return client;
+            var cashCow = parent.ExplorerNode;
+            var btcPayWallet = parent.PayTester.GetService<BTCPayWalletProvider>().GetWallet(network);
+            var address = (await btcPayWallet.ReserveAddressAsync(this.DerivationScheme)).Address;
+            await parent.WaitForEvent<NewOnChainTransactionEvent>(async () =>
+            {
+                await cashCow.SendToAddressAsync(address, value);
+            });
+            int i = 0;
+            while (i <30)
+            {
+                var result = (await btcPayWallet.GetUnspentCoins(DerivationScheme))
+                    .FirstOrDefault(c => c.ScriptPubKey == address.ScriptPubKey)?.Coin;
+                if (result != null)
+                {
+                    return result;
+                }
+
+                await Task.Delay(1000);
+                i++;
+            }
+            Assert.False(true);
+            return null;
+        }
+
+        public async Task<BitcoinAddress> GetNewAddress(BTCPayNetwork network)
+        {
+            var cashCow = parent.ExplorerNode;
+            var btcPayWallet = parent.PayTester.GetService<BTCPayWalletProvider>().GetWallet(network);
+            var address = (await btcPayWallet.ReserveAddressAsync(this.DerivationScheme)).Address;
+            return address;
+        }
+
+        public async Task<PSBT> Sign(PSBT psbt)
+        {
+            var btcPayWallet = parent.PayTester.GetService<BTCPayWalletProvider>()
+                .GetWallet(psbt.Network.NetworkSet.CryptoCode);
+            var explorerClient = parent.PayTester.GetService<ExplorerClientProvider>()
+                .GetExplorerClient(psbt.Network.NetworkSet.CryptoCode);
+            psbt = (await explorerClient.UpdatePSBTAsync(new UpdatePSBTRequest()
+            {
+                DerivationScheme = DerivationScheme, PSBT = psbt
+            })).PSBT;
+            return psbt.SignAll(this.DerivationScheme, GenerateWalletResponseV.AccountHDKey,
+                GenerateWalletResponseV.AccountKeyPath);
+        }
+
+        public async Task<PSBT> SubmitPayjoin(Invoice invoice, PSBT psbt, string expectedError = null, bool senderError= false)
+        {
+            var endpoint = GetPayjoinEndpoint(invoice, psbt.Network);
+            if (endpoint == null)
+            {
+                return null;
+            }
+            var pjClient = parent.PayTester.GetService<PayjoinClient>();
+            var storeRepository = parent.PayTester.GetService<StoreRepository>();
+            var store = await storeRepository.FindStore(StoreId);
+            var settings = store.GetSupportedPaymentMethods(parent.NetworkProvider).OfType<DerivationSchemeSettings>()
+                .First();
+            Logs.Tester.LogInformation($"Proposing {psbt.GetGlobalTransaction().GetHash()}");
+            if (expectedError is null && !senderError)
+            {
+                var proposed = await pjClient.RequestPayjoin(endpoint, settings, psbt, default);
+                Logs.Tester.LogInformation($"Proposed payjoin is {proposed.GetGlobalTransaction().GetHash()}");
+                Assert.NotNull(proposed);
+                return proposed;
+            }
+            else
+            {
+                if (senderError)
+                {
+                    await Assert.ThrowsAsync<PayjoinSenderException>(async () => await pjClient.RequestPayjoin(endpoint, settings, psbt, default));
+                }
+                else
+                {
+                    var ex = await Assert.ThrowsAsync<PayjoinReceiverException>(async () => await pjClient.RequestPayjoin(endpoint, settings, psbt, default));
+                    Assert.Equal(expectedError, ex.ErrorCode);
+                }
+                return null;
+            }
+        }
+
+        public async Task<Transaction> SubmitPayjoin(Invoice invoice, Transaction transaction, BTCPayNetwork network,
+            string expectedError = null)
+        {
+            var response =
+                await SubmitPayjoinCore(transaction.ToHex(), invoice, network.NBitcoinNetwork, expectedError);
+            if (response == null)
+                return null;
+            var signed = Transaction.Parse(await response.Content.ReadAsStringAsync(), network.NBitcoinNetwork);
+            return signed;
+        }
+
+        async Task<HttpResponseMessage> SubmitPayjoinCore(string content, Invoice invoice, Network network,
+            string expectedError)
+        {
+            var endpoint = GetPayjoinEndpoint(invoice, network);
+            var response = await parent.PayTester.HttpClient.PostAsync(endpoint,
+                new StringContent(content, Encoding.UTF8, "text/plain"));
+            if (expectedError != null)
+            {
+                Assert.False(response.IsSuccessStatusCode);
+                var error = JObject.Parse(await response.Content.ReadAsStringAsync());
+                Assert.Equal(expectedError, error["errorCode"].Value<string>());
+                return null;
+            }
+            else
+            {
+                if (!response.IsSuccessStatusCode)
+                {
+                    var error = JObject.Parse(await response.Content.ReadAsStringAsync());
+                    Assert.True(false,
+                        $"Error: {error["errorCode"].Value<string>()}: {error["message"].Value<string>()}");
+                }
+            }
+
+            return response;
+        }
+
+        private static Uri GetPayjoinEndpoint(Invoice invoice, Network network)
+        {
+            var parsedBip21 = new BitcoinUrlBuilder(
+                invoice.CryptoInfo.First(c => c.CryptoCode == network.NetworkSet.CryptoCode).PaymentUrls.BIP21,
+                network);
+            return parsedBip21.UnknowParameters.TryGetValue($"{PayjoinClient.BIP21EndpointKey}", out var uri) ? new Uri(uri, UriKind.Absolute) : null;
         }
     }
 }

BTCPayServer.Tests/TestUtils.cs

@@ -9,6 +9,7 @@ using Xunit.Sdk;
 using System.Linq;
 using System.Net.Http;
 using Microsoft.Extensions.DependencyInjection;
+using Xunit;
 
 namespace BTCPayServer.Tests
 {
@@ -41,6 +42,12 @@ namespace BTCPayServer.Tests
             return Path.Combine(directory.FullName, "TestData", relativeFilePath);
         }
 
+        public static T AssertType<T>(this object obj)
+        {
+            Assert.IsType<T>(obj);
+            return (T)obj;
+        }
+        
         public static FormFile GetFormFile(string filename, string content)
         {
             File.WriteAllText(filename, content);

BTCPayServer.Tests/docker-bitcoin-generate.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bitcoind_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=bitcoind)"
+address=$(docker exec -ti $bitcoind_container_id bitcoin-cli -datadir="/data" getnewaddress)
+docker exec -ti $bitcoind_container_id bitcoin-cli -datadir="/data" generatetoaddress "$@" "$address"

BTCPayServer.Tests/docker-compose.monero.yml

@@ -3,26 +3,26 @@ version: "3"
 services:
 
     monerod:
-        image: kukks/docker-monero:test
+        image: btcpayserver/monero:0.15.0.1-amd64
         restart: unless-stopped
         container_name: xmr_monerod
-        entrypoint: monerod --fixed-difficulty 100 --rpc-bind-ip=0.0.0.0 --confirm-external-bind --rpc-bind-port=18081 --non-interactive --block-notify="/scripts/notifier.sh https://127.0.0.1:14142/monerolikedaemoncallback/block?cryptoCode=xmr&hash=%s" --testnet --no-igd --hide-my-port --no-sync --offline
+        entrypoint: sleep 999999
+#        entrypoint: monerod --fixed-difficulty 200 --rpc-bind-ip=0.0.0.0 --confirm-external-bind --rpc-bind-port=18081 --block-notify="/bin/sh ./scripts/notifier.sh -k -X GET https://host.docker.internal:14142/monerolikedaemoncallback/block?cryptoCode=xmr&hash=%s" --testnet --no-igd --hide-my-port --offline
         volumes:
             - "monero_data:/home/monero/.bitmonero"
         ports:
             - "18081:18081"
     monero_wallet:
-        image: kukks/docker-monero:test
+        image: btcpayserver/monero:0.15.0.1-amd64
         restart: unless-stopped
         container_name: xmr_wallet_rpc
-        entrypoint: monero-wallet-rpc --testnet --rpc-bind-ip=0.0.0.0 --disable-rpc-login --confirm-external-bind --rpc-bind-port=18082 --non-interactive --trusted-daemon  --daemon-address=127.0.0.1:18081 --wallet-file=/wallet/wallet.keys --tx-notify="/scripts/notifier.sh https://127.0.0.1:14142/monerolikedaemoncallback/tx?cryptoCode=xmr&hash=%s"
+        entrypoint: monero-wallet-rpc --testnet --rpc-bind-ip=0.0.0.0 --disable-rpc-login --confirm-external-bind --rpc-bind-port=18082 --non-interactive --trusted-daemon  --daemon-address=monerod:18081 --wallet-file=/wallet/wallet.keys --password-file=/wallet/password --tx-notify="/bin/sh ./scripts/notifier.sh -k -X GET https://host.docker.internal:14142/monerolikedaemoncallback/tx?cryptoCode=xmr&hash=%s"
         ports:
             - "18082:18082"
         volumes:
-            - "monero_wallet:/wallet"
+            - "./monero_wallet:/wallet"
         depends_on:
             - monerod
         
 volumes:
     monero_data:
-    monero_wallet:

BTCPayServer.Tests/docker-compose.yml

@@ -27,6 +27,7 @@ services:
       TESTS_SSHCONNECTION: "root@sshd:22"
       TESTS_SSHPASSWORD: ""
       TESTS_SSHKEYFILE: ""
+      TESTS_SOCKSENDPOINT: "tor:9050"
     expose:
       - "80"
     links:
@@ -51,6 +52,7 @@ services:
       - customer_lnd
       - merchant_lnd
       - sshd
+      - tor
 
   sshd:
     build:
@@ -76,7 +78,7 @@ services:
       - customer_lnd
       - merchant_lnd
   nbxplorer:
-    image: nicolasdorier/nbxplorer:2.1.8
+    image: nicolasdorier/nbxplorer:2.1.25
     restart: unless-stopped
     ports:
       - "32838:32838"
@@ -134,7 +136,7 @@ services:
       - "bitcoin_datadir:/data"
 
   customer_lightningd:
-    image: btcpayserver/lightning:v0.8.0-dev
+    image: btcpayserver/lightning:v0.8.2-dev
     stop_signal: SIGKILL
     restart: unless-stopped
     environment: 
@@ -161,7 +163,7 @@ services:
       - bitcoind
 
   lightning-charged:
-    image: shesek/lightning-charge:0.4.11-standalone
+    image: shesek/lightning-charge:0.4.19-standalone
     restart: unless-stopped
     environment:
       NETWORK: regtest
@@ -181,7 +183,7 @@ services:
       - merchant_lightningd
 
   merchant_lightningd:
-    image: btcpayserver/lightning:v0.8.0-dev
+    image: btcpayserver/lightning:v0.8.2-dev
     stop_signal: SIGKILL
     environment: 
       EXPOSE_TCP: "true"
@@ -226,7 +228,7 @@ services:
   elementsd-liquid:
       restart: always
       container_name: btcpayserver_elementsd_liquid
-      image: btcpayserver/elements:0.18.1.1-1
+      image: btcpayserver/elements:0.18.1.7
       environment:
           ELEMENTS_CHAIN: elementsregtest
           ELEMENTS_EXTRA_ARGS: |
@@ -319,6 +321,21 @@ services:
     links:
       - bitcoind
 
+  tor:
+    restart: unless-stopped
+    image: btcpayserver/tor:0.4.1.5
+    container_name: tor
+    environment:
+        TOR_PASSWORD: btcpayserver
+    ports:
+        - "9050:9050" # SOCKS
+        - "9051:9051" # Tor Control
+    volumes:
+        - "tor_datadir:/home/tor/.tor"
+        - "torrcdir:/usr/local/etc/tor"
+        - "tor_servicesdir:/var/lib/tor/hidden_services"
+
+
 volumes:
     sshd_datadir:
     bitcoin_datadir:
@@ -328,3 +345,6 @@ volumes:
     lightning_charge_datadir:
     customer_lnd_datadir:
     merchant_lnd_datadir:
+    tor_datadir:
+    torrcdir:
+    tor_servicesdir:

BTCPayServer.Tests/docker-customer-lightning-cli.ps1

@@ -1,2 +1,2 @@
 $customer_lightning_container_id=$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=customer_lightningd)
-docker exec -ti $customer_lightning_container_id lightning-cli $args
+docker exec -ti $customer_lightning_container_id lightning-cli --rpc-file=/root/.lightning/lightning-rpc $args

BTCPayServer.Tests/docker-customer-lightning-cli.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 
 customer_lightning_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=customer_lightningd)"
-docker exec -ti $customer_lightning_container_id lightning-cli "$@"
+docker exec -ti $customer_lightning_container_id lightning-cli --rpc-file=/root/.lightning/lightning-rpc "$@"

BTCPayServer.Tests/docker-elements.ps1

@@ -0,0 +1 @@
+docker exec -ti btcpayserver_elementsd_liquid elements-cli -datadir="/data" $args

BTCPayServer.Tests/docker-merchant-lightning-cli.ps1

@@ -1,2 +1,2 @@
 $merchant_lightning_container_id=$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=merchant_lightningd)
-docker exec -ti $merchant_lightning_container_id lightning-cli $args
+docker exec -ti $merchant_lightning_container_id lightning-cli --rpc-file=/root/.lightning/lightning-rpc $args

BTCPayServer.Tests/docker-merchant-lightning-cli.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 
 merchant_lightning_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=merchant_lightningd)"
-docker exec -ti $merchant_lightning_container_id lightning-cli "$@"
+docker exec -ti $merchant_lightning_container_id lightning-cli --rpc-file=/root/.lightning/lightning-rpc "$@"

BTCPayServer.Tests/xunit.runner.json

@@ -1,5 +1,6 @@
 {
     "parallelizeTestCollections": false,
     "longRunningTestSeconds": 60,
-    "diagnosticMessages": true
+    "diagnosticMessages": true,
+    "methodDisplay": "method"
 }

BTCPayServer/BTCPayServer.csproj

@@ -1,8 +1,9 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
   <Import Project="../Build/Version.csproj" Condition="Exists('../Build/Version.csproj')" />
   <Import Project="../Build/Common.csproj" />
-  <PropertyGroup Condition="'$(Configuration)' == 'Debug'">
+  <PropertyGroup Condition="'$(Configuration)' == 'Debug' And '$(RazorCompileOnBuild)' != 'true'">
     <RazorCompileOnBuild>false</RazorCompileOnBuild>
+    <DefineConstants>$(DefineConstants);RAZOR_RUNTIME_COMPILE</DefineConstants>
   </PropertyGroup>
   <PropertyGroup>
     <OutputType>Exe</OutputType>
@@ -30,7 +31,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="BTCPayServer.Hwi" Version="1.1.3" />
-    <PackageReference Include="BTCPayServer.Lightning.All" Version="1.1.8" />
+    <PackageReference Include="BTCPayServer.Lightning.All" Version="1.1.13" />
     <PackageReference Include="BuildBundlerMinifier" Version="3.2.435" />
     <PackageReference Include="BundlerMinifier.Core" Version="3.2.435" />
     <PackageReference Include="BundlerMinifier.TagHelpers" Version="3.2.435" />
@@ -41,7 +42,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="NBitpayClient" Version="1.0.0.35" />	  
+    <PackageReference Include="NBitpayClient" Version="1.0.0.38" />	  
     <PackageReference Include="DBriize" Version="1.0.1.3" />
     <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
     <PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.2" />
@@ -66,10 +67,7 @@
     <PackageReference Include="TwentyTwenty.Storage.Local" Version="2.12.1" />
     <PackageReference Include="U2F.Core" Version="1.0.4" />
 		<PackageReference Include="YamlDotNet" Version="8.0.0" />
-    <PackageReference Include="OpenIddict" Version="3.0.0-alpha1.20058.15" />
-    <PackageReference Include="OpenIddict.Server.AspNetCore" Version="3.0.0-alpha1.20058.15"></PackageReference>
-    <PackageReference Include="OpenIddict.Validation.AspNetCore" Version="3.0.0-alpha1.20058.15"></PackageReference>
-    <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.1.1" Condition="'$(Configuration)' == 'Debug'" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="3.1.1" Condition="'$(RazorCompileOnBuild)' != 'true'" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.1" />
   </ItemGroup>
 
@@ -123,9 +121,11 @@
 	  <Folder Include="wwwroot\vendor\highlightjs\" />
 	  <Folder Include="wwwroot\vendor\summernote" />
 	  <Folder Include="wwwroot\vendor\u2f" />
+	  <Folder Include="wwwroot\vendor\vue-qrcode-reader" />
 	</ItemGroup>
 
 	<ItemGroup>
+	  <ProjectReference Include="..\BTCPayServer.Client\BTCPayServer.Client.csproj" />
 	  <ProjectReference Include="..\BTCPayServer.Data\BTCPayServer.Data.csproj" />
 	  <ProjectReference Include="..\BTCPayServer.Rating\BTCPayServer.Rating.csproj" />
 	  <ProjectReference Include="..\BTCPayServer.Common\BTCPayServer.Common.csproj" />
@@ -208,8 +208,6 @@
 	  <Content Update="Views\Wallets\WalletTransactions.cshtml">
 	    <Pack>$(IncludeRazorContentInPack)</Pack>
 	  </Content>
-    <Content Remove="Views\Server\EditGoogleCloudStorageStorageProvider.cshtml">
-    </Content>
 	  <Content Update="Views\Wallets\_Nav.cshtml">
 	    <Pack>$(IncludeRazorContentInPack)</Pack>
 	  </Content>
@@ -220,4 +218,10 @@
 	    <Pack>$(IncludeRazorContentInPack)</Pack>
 	  </Content>
 	</ItemGroup>
+
+	<ItemGroup>
+	  <_ContentIncludedByDefault Remove="Views\Authorization\Authorize.cshtml" />
+	</ItemGroup>
+
+	<ProjectExtensions><VisualStudio><UserProperties wwwroot_4swagger_4v1_4swagger_1template_1json__JsonSchema="https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v3.0/schema.json" /></VisualStudio></ProjectExtensions>
 </Project>

BTCPayServer/Controllers/AccountController.cs

@@ -23,6 +23,7 @@ using BTCPayServer.U2F.Models;
 using Newtonsoft.Json;
 using NicolasDorier.RateLimits;
 using BTCPayServer.Data;
+using BTCPayServer.Events;
 using U2F.Core.Exceptions;
 
 namespace BTCPayServer.Controllers
@@ -39,7 +40,8 @@ namespace BTCPayServer.Controllers
         SettingsRepository _SettingsRepository;
         Configuration.BTCPayServerOptions _Options;
         private readonly BTCPayServerEnvironment _btcPayServerEnvironment;
-        public  U2FService _u2FService;
+        public U2FService _u2FService;
+        private readonly EventAggregator _eventAggregator;
         ILogger _logger;
 
         public AccountController(
@@ -51,7 +53,8 @@ namespace BTCPayServer.Controllers
             SettingsRepository settingsRepository,
             Configuration.BTCPayServerOptions options,
             BTCPayServerEnvironment btcPayServerEnvironment,
-            U2FService u2FService)
+            U2FService u2FService,
+            EventAggregator eventAggregator)
         {
             this.storeRepository = storeRepository;
             _userManager = userManager;
@@ -62,6 +65,7 @@ namespace BTCPayServer.Controllers
             _Options = options;
             _btcPayServerEnvironment = btcPayServerEnvironment;
             _u2FService = u2FService;
+            _eventAggregator = eventAggregator;
             _logger = Logs.PayServer;
         }
 
@@ -75,7 +79,7 @@ namespace BTCPayServer.Controllers
         [AllowAnonymous]
         public async Task<IActionResult> Login(string returnUrl = null)
         {
-            
+
             if (User.Identity.IsAuthenticated && string.IsNullOrEmpty(returnUrl))
                 return RedirectToLocal();
             // Clear the existing external cookie to ensure a clean login process
@@ -85,7 +89,7 @@ namespace BTCPayServer.Controllers
             {
                 SetInsecureFlags();
             }
-            
+
             ViewData["ReturnUrl"] = returnUrl;
             return View();
         }
@@ -126,7 +130,7 @@ namespace BTCPayServer.Controllers
                     if (await _userManager.CheckPasswordAsync(user, model.Password))
                     {
                         LoginWith2faViewModel twoFModel = null;
-                        
+
                         if (user.TwoFactorEnabled)
                         {
                             // we need to do an actual sign in attempt so that 2fa can function in next step
@@ -145,14 +149,14 @@ namespace BTCPayServer.Controllers
                     }
                     else
                     {
-                      var incrementAccessFailedResult = await  _userManager.AccessFailedAsync(user);
-                      ModelState.AddModelError(string.Empty, "Invalid login attempt.");
-                      return View(model);
-                      
+                        var incrementAccessFailedResult = await _userManager.AccessFailedAsync(user);
+                        ModelState.AddModelError(string.Empty, "Invalid login attempt.");
+                        return View(model);
+
                     }
                 }
-                
-               
+
+
                 var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
                 if (result.Succeeded)
                 {
@@ -215,7 +219,7 @@ namespace BTCPayServer.Controllers
             {
                 return RedirectToAction("Login");
             }
-            
+
             ViewData["ReturnUrl"] = returnUrl;
             var user = await _userManager.FindByIdAsync(viewModel.UserId);
 
@@ -276,7 +280,7 @@ namespace BTCPayServer.Controllers
             return View("SecondaryLogin", new SecondaryLoginViewModel()
             {
                 LoginWith2FaViewModel = new LoginWith2faViewModel { RememberMe = rememberMe },
-                LoginWithU2FViewModel =  (await _u2FService.HasDevices(user.Id))? await BuildU2FViewModel(rememberMe, user): null
+                LoginWithU2FViewModel = (await _u2FService.HasDevices(user.Id)) ? await BuildU2FViewModel(rememberMe, user) : null
             });
         }
 
@@ -322,7 +326,7 @@ namespace BTCPayServer.Controllers
                 return View("SecondaryLogin", new SecondaryLoginViewModel()
                 {
                     LoginWith2FaViewModel = model,
-                    LoginWithU2FViewModel =  (await _u2FService.HasDevices(user.Id))? await BuildU2FViewModel(rememberMe, user): null
+                    LoginWithU2FViewModel = (await _u2FService.HasDevices(user.Id)) ? await BuildU2FViewModel(rememberMe, user) : null
                 });
             }
         }
@@ -400,6 +404,7 @@ namespace BTCPayServer.Controllers
 
         [HttpGet]
         [AllowAnonymous]
+        [RateLimitsFilter(ZoneLimits.Register, Scope = RateLimitsScope.RemoteAddress)]
         public async Task<IActionResult> Register(string returnUrl = null, bool logon = true, bool useBasicLayout = false)
         {
             if (!CanLoginOrRegister())
@@ -439,7 +444,6 @@ namespace BTCPayServer.Controllers
                 if (result.Succeeded)
                 {
                     var admin = await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin);
-                    Logs.PayServer.LogInformation($"A new user just registered {user.Email} {(admin.Count == 0 ? "(admin)" : "")}");
                     if (admin.Count == 0 || (model.IsAdmin && _Options.AllowAdminRegistration))
                     {
                         await _RoleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin));
@@ -447,22 +451,27 @@ namespace BTCPayServer.Controllers
                         var settings = await _SettingsRepository.GetSettingAsync<ThemeSettings>();
                         settings.FirstRun = false;
                         await _SettingsRepository.UpdateSetting<ThemeSettings>(settings);
-                        if(_Options.DisableRegistration)
+                        if (_Options.DisableRegistration)
                         {
                             // Once the admin user has been created lock subsequent user registrations (needs to be disabled for unit tests that require multiple users).
+                            Logs.PayServer.LogInformation("First admin created, disabling subscription (disable-registration is set to true)");
                             policies.LockSubscription = true;
                             await _SettingsRepository.UpdateSetting(policies);
                         }
+                        RegisteredAdmin = true;
                     }
 
-                    var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
-                    var callbackUrl = Url.EmailConfirmationLink(user.Id, code, Request.Scheme);
+                    _eventAggregator.Publish(new UserRegisteredEvent()
+                    {
+                        RequestUri = Request.GetAbsoluteRootUri(),
+                        User = user,
+                        Admin = RegisteredAdmin
+                    });
                     RegisteredUserId = user.Id;
 
-                    _EmailSenderFactory.GetEmailSender().SendEmailConfirmation(model.Email, callbackUrl);
                     if (!policies.RequiresConfirmedEmail)
                     {
-                        if(logon)
+                        if (logon)
                             await _signInManager.SignInAsync(user, isPersistent: false);
                         return RedirectToLocal(returnUrl);
                     }
@@ -479,13 +488,9 @@ namespace BTCPayServer.Controllers
             return View(model);
         }
 
-        /// <summary> 
-        /// Test property
-        /// </summary>
-        public string RegisteredUserId
-        {
-            get; set;
-        }
+        // Properties used by tests
+        public string RegisteredUserId { get; set; }
+        public bool RegisteredAdmin { get; set; }
 
         [HttpGet]
         public async Task<IActionResult> Logout()
@@ -539,7 +544,7 @@ namespace BTCPayServer.Controllers
                 var callbackUrl = Url.ResetPasswordCallbackLink(user.Id, code, Request.Scheme);
                 _EmailSenderFactory.GetEmailSender().SendEmail(model.Email, "Reset Password",
                     $"Please reset your password by clicking here: <a href='{callbackUrl}'>link</a>");
-                
+
                 return RedirectToAction(nameof(ForgotPasswordConfirmation));
             }
 
@@ -625,8 +630,8 @@ namespace BTCPayServer.Controllers
                 return RedirectToAction(nameof(HomeController.Index), "Home");
             }
         }
-        
-        
+
+
         private bool CanLoginOrRegister()
         {
             return _btcPayServerEnvironment.IsDevelopping || _btcPayServerEnvironment.IsSecure;
@@ -639,7 +644,7 @@ namespace BTCPayServer.Controllers
                 Severity = StatusMessageModel.StatusSeverity.Error,
                 Message = "You cannot login over an insecure connection. Please use HTTPS or Tor."
             });
-            
+
             ViewData["disabled"] = true;
         }
 

BTCPayServer/Controllers/AppsController.cs

@@ -83,7 +83,7 @@ namespace BTCPayServer.Controllers
                 TempData.SetStatusMessageModel(new StatusMessageModel()
                 {
                     Html =
-                        $"Error: You need to create at least one store. <a href='{(Url.Action("CreateStore", "UserStores"))}'>Create store</a>",
+                        $"Error: You need to create at least one store. <a href='{(Url.Action("CreateStore", "UserStores"))}' class='alert-link'>Create store</a>",
                     Severity = StatusMessageModel.StatusSeverity.Error
                 });
                 return RedirectToAction(nameof(ListApps));
@@ -103,7 +103,7 @@ namespace BTCPayServer.Controllers
                 TempData.SetStatusMessageModel(new StatusMessageModel()
                 {
                     Html =
-                        $"Error: You need to create at least one store. <a href='{(Url.Action("CreateStore", "UserStores"))}'>Create store</a>",
+                        $"Error: You need to create at least one store. <a href='{(Url.Action("CreateStore", "UserStores"))}' class='alert-link'>Create store</a>",
                     Severity = StatusMessageModel.StatusSeverity.Error
                 });
                 return RedirectToAction(nameof(ListApps));

BTCPayServer/Controllers/AppsPublicController.cs

@@ -237,6 +237,10 @@ namespace BTCPayServer.Controllers
         [EnableCors(CorsPolicies.All)]
         public async Task<IActionResult> ContributeToCrowdfund(string appId, ContributeToCrowdfund request, CancellationToken cancellationToken)
         {
+            if (request.Amount <= 0)
+            {
+                return NotFound("Please provide an amount greater than 0");
+            }
             var app = await _AppService.GetApp(appId, AppType.Crowdfund, true);
 
             if (app == null)

BTCPayServer/Controllers/AuthorizationController.cs

@@ -1,136 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
- * See https://github.com/openiddict/openiddict-core for more information concerning
- * the license and the contributors participating to this project.
- */
-
-using System;
-using System.Collections.Immutable;
-using System.Linq;
-using System.Threading.Tasks;
-using BTCPayServer.Security.OpenId;
-using BTCPayServer.Data;
-using BTCPayServer.Models;
-using BTCPayServer.Models.Authorization;
-using BTCPayServer.Security;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using Microsoft.AspNetCore;
-using OpenIddict.Abstractions;
-using OpenIddict.Core;
-using OpenIddict.Server;
-using System.Security.Claims;
-using OpenIddict.Server.AspNetCore;
-
-namespace BTCPayServer.Controllers
-{
-    public class AuthorizationController : Controller
-    {
-        private readonly OpenIddictApplicationManager<BTCPayOpenIdClient> _applicationManager;
-        private readonly SignInManager<ApplicationUser> _signInManager;
-        private readonly OpenIddictAuthorizationManager<BTCPayOpenIdAuthorization> _authorizationManager;
-        private readonly UserManager<ApplicationUser> _userManager;
-        private readonly IOptions<IdentityOptions> _IdentityOptions;
-
-        public AuthorizationController(
-            OpenIddictApplicationManager<BTCPayOpenIdClient> applicationManager,
-            SignInManager<ApplicationUser> signInManager,
-            OpenIddictAuthorizationManager<BTCPayOpenIdAuthorization> authorizationManager,
-            UserManager<ApplicationUser> userManager,
-            IOptions<IdentityOptions> identityOptions)
-        {
-            _applicationManager = applicationManager;
-            _signInManager = signInManager;
-            _authorizationManager = authorizationManager;
-            _userManager = userManager;
-            _IdentityOptions = identityOptions;
-        }
-
-        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] 
-        [HttpGet("/connect/authorize")]
-        public async Task<IActionResult> Authorize()
-        {
-            var request = HttpContext.GetOpenIddictServerRequest();
-            // Retrieve the application details from the database.
-            var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
-
-            if (application == null)
-            {
-                return View("Error",
-                    new ErrorViewModel
-                    {
-                        Error = OpenIddictConstants.Errors.InvalidClient,
-                        ErrorDescription =
-                            "Details concerning the calling client application cannot be found in the database"
-                    });
-            }
-
-            var userId = _userManager.GetUserId(User);
-            if (!string.IsNullOrEmpty(
-                await OpenIdExtensions.IsUserAuthorized(_authorizationManager, request, userId, application.Id)))
-            {
-                return await Authorize("YES", false);
-            }
-
-            // Flow the request_id to allow OpenIddict to restore
-            // the original authorization request from the cache.
-            return View(new AuthorizeViewModel
-            {
-                ApplicationName = await _applicationManager.GetDisplayNameAsync(application),
-                RequestId = request.RequestId,
-                Scope = request.GetScopes()
-            });
-        }
-
-        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
-        [HttpPost("/connect/authorize")]
-        public async Task<IActionResult> Authorize(string consent, bool createAuthorization = true)
-        {
-            var request = HttpContext.GetOpenIddictServerRequest();
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                return View("Error",
-                    new ErrorViewModel
-                    {
-                        Error = OpenIddictConstants.Errors.ServerError,
-                        ErrorDescription = "The specified user could not be found"
-                    });
-            }
-
-            string type = null;
-            switch (consent.ToUpperInvariant())
-            {
-                case "YESTEMPORARY":
-                    type = OpenIddictConstants.AuthorizationTypes.AdHoc;
-                    break;
-                case "YES":
-                    type = OpenIddictConstants.AuthorizationTypes.Permanent;
-                    break;
-                case "NO":
-                default:
-                    // Notify OpenIddict that the authorization grant has been denied by the resource owner
-                    // to redirect the user agent to the client application using the appropriate response_mode.
-                    return Forbid(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
-            }
-
-
-            var principal = await _signInManager.CreateUserPrincipalAsync(user);
-            principal = await _signInManager.CreateUserPrincipalAsync(user);
-            principal.SetScopes(request.GetScopes().Restrict(principal));
-            principal.SetDestinations(_IdentityOptions.Value);
-            if (createAuthorization)
-            {
-                var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
-                var authorization = await _authorizationManager.CreateAsync(User, user.Id, application.Id,
-                                    type, principal.GetScopes());
-                principal.SetInternalAuthorizationId(authorization.Id);
-            }
-
-            // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
-            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
-        }
-    }
-}

BTCPayServer/Controllers/ErrorController.cs

@@ -12,16 +12,20 @@ namespace BTCPayServer.Controllers
     {
         public IActionResult Handle(int? statusCode = null)
         {
-            if (statusCode.HasValue)
+            if (Request.Headers.TryGetValue("Accept", out var v) && v.Any(v => v.Contains("text/html", StringComparison.OrdinalIgnoreCase)))
             {
-                var specialPages = new[] { 404, 429, 500 };
-                if (specialPages.Any(a => a == statusCode.Value))
+                if (statusCode.HasValue)
                 {
-                    var viewName = statusCode.ToString();
-                    return View(viewName);
+                    var specialPages = new[] { 404, 429, 500 };
+                    if (specialPages.Any(a => a == statusCode.Value))
+                    {
+                        var viewName = statusCode.ToString();
+                        return View(viewName);
+                    }
                 }
+                return View(statusCode);
             }
-            return View(statusCode);
+            return this.StatusCode(statusCode.Value);
         }
     }
 }

BTCPayServer/Controllers/GreenField/ApiKeysController.cs

@@ -0,0 +1,94 @@
+using System.Threading.Tasks;
+using System.Linq;
+using BTCPayServer.Client;
+using BTCPayServer.Client.Models;
+using BTCPayServer.Data;
+using BTCPayServer.Security;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using BTCPayServer.Security.GreenField;
+using NBitcoin.DataEncoders;
+using NBitcoin;
+
+namespace BTCPayServer.Controllers.GreenField
+{
+    [ApiController]
+    [Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
+    public class ApiKeysController : ControllerBase
+    {
+        private readonly APIKeyRepository _apiKeyRepository;
+        private readonly UserManager<ApplicationUser> _userManager;
+
+        public ApiKeysController(APIKeyRepository apiKeyRepository, UserManager<ApplicationUser> userManager)
+        {
+            _apiKeyRepository = apiKeyRepository;
+            _userManager = userManager;
+        }
+    
+        [HttpGet("~/api/v1/api-keys/current")]
+        public async Task<ActionResult<ApiKeyData>> GetKey()
+        {
+            if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
+            {
+                return NotFound();
+            }
+            var data = await _apiKeyRepository.GetKey(apiKey);
+            return Ok(FromModel(data));
+        }
+
+        [HttpPost("~/api/v1/api-keys")]
+        [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public async Task<ActionResult<ApiKeyData>> CreateKey(CreateApiKeyRequest request)
+        {
+            if (request is null)
+                return BadRequest();
+            var key = new APIKeyData()
+            {
+                Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),
+                Type = APIKeyType.Permanent,
+                UserId = _userManager.GetUserId(User),
+                Label = request.Label
+            };
+            key.SetBlob(new APIKeyBlob()
+            {
+                Permissions = request.Permissions.Select(p => p.ToString()).Distinct().ToArray()
+            });
+            await _apiKeyRepository.CreateKey(key);
+            return Ok(FromModel(key));
+        }
+
+        [HttpDelete("~/api/v1/api-keys/current")]
+        [Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
+        public Task<IActionResult> RevokeCurrentKey()
+        {
+            if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
+            {
+                // Should be impossible (we force apikey auth)
+                return Task.FromResult<IActionResult>(BadRequest());
+            }
+            return RevokeKey(apiKey);
+        }
+        [HttpDelete("~/api/v1/api-keys/{apikey}", Order = 1)]
+        [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public async Task<IActionResult> RevokeKey(string apikey)
+        {
+            if (string.IsNullOrEmpty(apikey))
+                return BadRequest();
+            if (await _apiKeyRepository.Remove(apikey, _userManager.GetUserId(User)))
+                return Ok();
+            else
+                return NotFound();
+        }
+
+        private static ApiKeyData FromModel(APIKeyData data)
+        {
+            return new ApiKeyData()
+            {
+                Permissions = Permission.ToPermissions(data.GetBlob().Permissions).ToArray(),
+                ApiKey = data.Id,
+                Label = data.Label ?? string.Empty
+            };
+        }
+    }
+}

BTCPayServer/Controllers/GreenField/HealthController.cs

@@ -0,0 +1,22 @@
+using BTCPayServer.HostedServices;
+using BTCPayServer.Client.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers.GreenField
+{
+    [Controller]
+    public class HealthController : ControllerBase
+    {
+        [AllowAnonymous]
+        [HttpGet("~/api/v1/health")]
+        public ActionResult GetHealth(NBXplorerDashboard dashBoard)
+        {
+            ApiHealthData model = new ApiHealthData()
+            {
+                Synchronized = dashBoard.IsFullySynched()
+            };
+            return Ok(model);
+        }
+    }
+}

BTCPayServer/Controllers/GreenField/StoresController.cs

@@ -0,0 +1,123 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Client.Models;
+using BTCPayServer.Data;
+using BTCPayServer.Security;
+using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers.GreenField
+{
+    [ApiController]
+    [Authorize(AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+    public class GreenFieldController : ControllerBase
+    {
+        private readonly StoreRepository _storeRepository;
+        private readonly UserManager<ApplicationUser> _userManager;
+
+        public GreenFieldController(StoreRepository storeRepository, UserManager<ApplicationUser> userManager)
+        {
+            _storeRepository = storeRepository;
+            _userManager = userManager;
+        }
+        [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        [HttpGet("~/api/v1/stores")]
+        public ActionResult<IEnumerable<Client.Models.StoreData>> GetStores()
+        {
+           var stores = HttpContext.GetStoresData();
+           return Ok(stores.Select(FromModel));
+        }
+        
+        [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        [HttpGet("~/api/v1/stores/{storeId}")]
+        public ActionResult<Client.Models.StoreData> GetStore(string storeId)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+            {
+                return NotFound();
+            }
+            return Ok(FromModel(store));
+        }
+        
+        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        [HttpDelete("~/api/v1/stores/{storeId}")]
+        public async Task<ActionResult> RemoveStore(string storeId)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+            {
+                return NotFound();
+            }
+
+            if (!_storeRepository.CanDeleteStores())
+            {
+                ModelState.AddModelError(string.Empty, "BTCPay Server is using a database server that does not allow you to remove stores.");
+                return BadRequest(new ValidationProblemDetails(ModelState));
+            }
+            await _storeRepository.RemoveStore(storeId, _userManager.GetUserId(User));
+            return Ok();
+        }
+        
+        [HttpPost("~/api/v1/stores")]
+        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public async Task<IActionResult> CreateStore(CreateStoreRequest request)
+        {
+            var validationResult = Validate(request);
+            if (validationResult != null)
+            {
+                return validationResult;
+            }
+
+            var store = new Data.StoreData();
+            ToModel(request, store);
+            await _storeRepository.CreateStore(_userManager.GetUserId(User), store);
+            return Ok(FromModel(store));
+        }
+        
+        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        [HttpPut("~/api/v1/stores/{storeId}")]
+        public async Task<IActionResult> UpdateStore(string storeId, UpdateStoreRequest request)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+            {
+                return NotFound();
+            }
+            var validationResult = Validate(request);
+            if (validationResult != null)
+            {
+                return validationResult;
+            }
+
+            ToModel(request, store);
+            await _storeRepository.UpdateStore(store);
+            return Ok(FromModel(store));
+        }
+
+        private static Client.Models.StoreData FromModel(Data.StoreData data)
+        {
+            return new Client.Models.StoreData()
+            {
+                Id = data.Id,
+                Name = data.StoreName
+            };
+        }
+        
+        private static void ToModel(StoreBaseData restModel,Data.StoreData model)
+        {
+            model.StoreName = restModel.Name;
+        }
+
+        private IActionResult Validate(StoreBaseData request)
+        {
+            if (request?.Name is null)
+                ModelState.AddModelError(nameof(request.Name), "Name is missing");
+            return !ModelState.IsValid ? BadRequest(new ValidationProblemDetails(ModelState)) : null;
+        }
+    }
+}

BTCPayServer/Controllers/GreenField/TestApiKeyController.cs

@@ -0,0 +1,73 @@
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Data;
+using BTCPayServer.Security;
+using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers.GreenField
+{
+    /// <summary>
+    /// this controller serves as a testing endpoint for our api key unit tests
+    /// </summary>
+    [Route("api/test/apikey")]
+    [ApiController]
+    [Authorize(AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+    public class TestApiKeyController : ControllerBase
+    {
+        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly StoreRepository _storeRepository;
+
+        public TestApiKeyController(UserManager<ApplicationUser> userManager, StoreRepository storeRepository)
+        {
+            _userManager = userManager;
+            _storeRepository = storeRepository;
+        }
+
+        [HttpGet("me/id")]
+        [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public string GetCurrentUserId()
+        {
+            return _userManager.GetUserId(User);
+        }
+
+        [HttpGet("me")]
+        [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public async Task<ApplicationUser> GetCurrentUser()
+        {
+            return await _userManager.GetUserAsync(User);
+        }
+
+        [HttpGet("me/is-admin")]
+        [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public bool AmIAnAdmin()
+        {
+            return true;
+        }
+
+        [HttpGet("me/stores")]
+        [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public StoreData[] GetCurrentUserStores()
+        {
+            return this.HttpContext.GetStoresData();
+        }
+
+        [HttpGet("me/stores/{storeId}/can-view")]
+        [Authorize(Policy = Policies.CanViewStoreSettings,
+            AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public bool CanViewStore(string storeId)
+        {
+            return true;
+        }
+
+        [HttpGet("me/stores/{storeId}/can-edit")]
+        [Authorize(Policy = Policies.CanModifyStoreSettings,
+            AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        public bool CanEditStore(string storeId)
+        {
+            return true;
+        }
+    }
+}

BTCPayServer/Controllers/GreenField/UsersController.cs

@@ -0,0 +1,173 @@
+using Microsoft.Extensions.Logging;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Client.Models;
+using BTCPayServer.Configuration;
+using BTCPayServer.Data;
+using BTCPayServer.Events;
+using BTCPayServer.Logging;
+using BTCPayServer.Security;
+using BTCPayServer.Security.GreenField;
+using BTCPayServer.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+using NicolasDorier.RateLimits;
+using BTCPayServer.Client;
+
+namespace BTCPayServer.Controllers.GreenField
+{
+    [ApiController]
+    [Authorize(AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+    public class UsersController : ControllerBase
+    {
+        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly BTCPayServerOptions _btcPayServerOptions;
+        private readonly RoleManager<IdentityRole> _roleManager;
+        private readonly SettingsRepository _settingsRepository;
+        private readonly EventAggregator _eventAggregator;
+        private readonly IPasswordValidator<ApplicationUser> _passwordValidator;
+        private readonly RateLimitService _throttleService;
+        private readonly BTCPayServerOptions _options;
+        private readonly IAuthorizationService _authorizationService;
+
+        public UsersController(UserManager<ApplicationUser> userManager, BTCPayServerOptions btcPayServerOptions,
+            RoleManager<IdentityRole> roleManager, SettingsRepository settingsRepository,
+            EventAggregator eventAggregator,
+            IPasswordValidator<ApplicationUser> passwordValidator,
+            RateLimitService throttleService,
+            BTCPayServerOptions options,
+            IAuthorizationService authorizationService)
+        {
+            _userManager = userManager;
+            _btcPayServerOptions = btcPayServerOptions;
+            _roleManager = roleManager;
+            _settingsRepository = settingsRepository;
+            _eventAggregator = eventAggregator;
+            _passwordValidator = passwordValidator;
+            _throttleService = throttleService;
+            _options = options;
+            _authorizationService = authorizationService;
+        }
+
+        [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
+        [HttpGet("~/api/v1/users/me")]
+        public async Task<ActionResult<ApplicationUserData>> GetCurrentUser()
+        {
+            var user = await _userManager.GetUserAsync(User);
+            return FromModel(user);
+        }
+
+        [AllowAnonymous]
+        [HttpPost("~/api/v1/users")]
+        public async Task<ActionResult<ApplicationUserData>> CreateUser(CreateApplicationUserRequest request, CancellationToken cancellationToken = default)
+        {
+            if (request?.Email is null)
+                return BadRequest(CreateValidationProblem(nameof(request.Email), "Email is missing"));
+            if (!Validation.EmailValidator.IsEmail(request.Email))
+            {
+                return BadRequest(CreateValidationProblem(nameof(request.Email), "Invalid email"));
+            }
+            if (request?.Password is null)
+                return BadRequest(CreateValidationProblem(nameof(request.Password), "Password is missing"));
+            var anyAdmin = (await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Any();
+            var policies = await _settingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
+            var isAuth = User.Identity.AuthenticationType == GreenFieldConstants.AuthenticationType;
+
+            // If registration are locked and that an admin exists, don't accept unauthenticated connection
+            if (anyAdmin && policies.LockSubscription && !isAuth)
+                return Unauthorized();
+
+            // Even if subscription are unlocked, it is forbidden to create admin unauthenticated
+            if (anyAdmin && request.IsAdministrator is true && !isAuth)
+                return Forbid(AuthenticationSchemes.GreenfieldBasic);
+            // You are de-facto admin if there is no other admin, else you need to be auth and pass policy requirements
+            bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanModifyServerSettings))).Succeeded
+                                     && (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.Unrestricted))).Succeeded
+                                     && isAuth
+                                    : true;
+            // You need to be admin to create an admin
+            if (request.IsAdministrator is true && !isAdmin)
+                return Forbid(AuthenticationSchemes.GreenfieldBasic);
+
+            if (!isAdmin && policies.LockSubscription)
+            {
+                // If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
+                var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser))).Succeeded;
+                if (!isAuth || !canCreateUser)
+                    return Forbid(AuthenticationSchemes.GreenfieldBasic);
+            }
+
+            var user = new ApplicationUser
+            {
+                UserName = request.Email,
+                Email = request.Email,
+                RequiresEmailConfirmation = policies.RequiresConfirmedEmail
+            };
+            var passwordValidation = await this._passwordValidator.ValidateAsync(_userManager, user, request.Password);
+            if (!passwordValidation.Succeeded)
+            {
+                foreach (var error in passwordValidation.Errors)
+                {
+                    ModelState.AddModelError(nameof(request.Password), error.Description);
+                }
+                return BadRequest(new ValidationProblemDetails(ModelState));
+            }
+            if (!isAdmin)
+            {
+                if (!await _throttleService.Throttle(ZoneLimits.Register, this.HttpContext.Connection.RemoteIpAddress, cancellationToken))
+                    return new TooManyRequestsResult(ZoneLimits.Register);
+            }
+            var identityResult = await _userManager.CreateAsync(user, request.Password);
+            if (!identityResult.Succeeded)
+            {
+                foreach (var error in identityResult.Errors)
+                {
+                    ModelState.AddModelError(string.Empty, error.Description);
+                }
+                return BadRequest(new ValidationProblemDetails(ModelState));
+            }
+
+            if (request.IsAdministrator is true)
+            {
+                if (!anyAdmin)
+                {
+                    await _roleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin));
+                }
+                await _userManager.AddToRoleAsync(user, Roles.ServerAdmin);
+                if (!anyAdmin)
+                {
+                    if (_options.DisableRegistration)
+                    {
+                        // automatically lock subscriptions now that we have our first admin
+                        Logs.PayServer.LogInformation("First admin created, disabling subscription (disable-registration is set to true)");
+                        policies.LockSubscription = true;
+                        await _settingsRepository.UpdateSetting(policies);
+                    }
+                }
+            }
+            _eventAggregator.Publish(new UserRegisteredEvent() {RequestUri = Request.GetAbsoluteRootUri(), User = user, Admin = request.IsAdministrator is true });
+            return CreatedAtAction(string.Empty, user);
+        }
+
+        private ValidationProblemDetails CreateValidationProblem(string propertyName, string errorMessage)
+        {
+            var modelState = new ModelStateDictionary();
+            modelState.AddModelError(propertyName, errorMessage);
+            return new ValidationProblemDetails(modelState);
+        }
+
+        private static ApplicationUserData FromModel(ApplicationUser data)
+        {
+            return new ApplicationUserData()
+            {
+                Id = data.Id,
+                Email = data.Email,
+                EmailConfirmed = data.EmailConfirmed,
+                RequiresEmailConfirmation = data.RequiresEmailConfirmation
+            };
+        }
+    }
+}

BTCPayServer/Controllers/HomeController.cs

@@ -14,22 +14,30 @@ using BTCPayServer.HostedServices;
 using BTCPayServer.Services.Apps;
 using Microsoft.AspNetCore.Identity;
 using BTCPayServer.Data;
+using Microsoft.Extensions.FileProviders;
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authorization;
+using BTCPayServer.Security;
 
 namespace BTCPayServer.Controllers
 {
     public class HomeController : Controller
     {
         private readonly CssThemeManager _cachedServerSettings;
+        private readonly IFileProvider _fileProvider;
 
         public IHttpClientFactory HttpClientFactory { get; }
         SignInManager<ApplicationUser> SignInManager { get;  }
 
         public HomeController(IHttpClientFactory httpClientFactory, 
                               CssThemeManager cachedServerSettings,
+                              IWebHostEnvironment webHostEnvironment,
                               SignInManager<ApplicationUser> signInManager)
         {
             HttpClientFactory = httpClientFactory;
             _cachedServerSettings = cachedServerSettings;
+            _fileProvider = webHostEnvironment.WebRootFileProvider;
             SignInManager = signInManager;
         }
 
@@ -105,6 +113,30 @@ namespace BTCPayServer.Controllers
             return View(new BitpayTranslatorViewModel());
         }
 
+        [Route("swagger/v1/swagger.json")]
+        public async Task<IActionResult> Swagger()
+        {
+            JObject json = new JObject();
+            var directoryContents = _fileProvider.GetDirectoryContents("swagger/v1");
+            foreach (IFileInfo fi in directoryContents)
+            {
+                await using var stream = fi.CreateReadStream();
+                using var reader = new StreamReader(fi.CreateReadStream());
+                json.Merge(JObject.Parse(await reader.ReadToEndAsync()));
+            }
+            var servers = new JArray();
+            servers.Add(new JObject(new JProperty("url", HttpContext.Request.GetAbsoluteRoot())));
+            json["servers"] = servers;
+            return Json(json);
+        }
+
+        [Route("docs")]
+        public IActionResult SwaggerDocs()
+        {
+            return View();
+        }
+
+
         [HttpPost]
         [Route("translate")]
         public async Task<IActionResult> BitpayTranslator(BitpayTranslatorViewModel vm)

BTCPayServer/Controllers/InvoiceController.API.cs

@@ -2,6 +2,7 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using BTCPayServer.Client;
 using BTCPayServer.Filters;
 using BTCPayServer.Models;
 using BTCPayServer.Security;
@@ -12,7 +13,7 @@ using Microsoft.AspNetCore.Mvc;
 namespace BTCPayServer.Controllers
 {
     [BitpayAPIConstraint]
-    [Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = AuthenticationSchemes.Bitpay)]
+    [Authorize(Policies.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Bitpay)]
     public class InvoiceControllerAPI : Controller
     {
         private InvoiceController _InvoiceController;

BTCPayServer/Controllers/InvoiceController.UI.cs

@@ -6,6 +6,7 @@ using System.Net.Mime;
 using System.Net.WebSockets;
 using System.Threading;
 using System.Threading.Tasks;
+using BTCPayServer.Client;
 using BTCPayServer.Data;
 using BTCPayServer.Events;
 using BTCPayServer.Filters;
@@ -103,6 +104,7 @@ namespace BTCPayServer.Controllers
                 cryptoPayment.Paid = _CurrencyNameTable.DisplayFormatCurrency(accounting.CryptoPaid.ToDecimal(MoneyUnit.BTC), paymentMethodId.CryptoCode);
                 cryptoPayment.Overpaid = _CurrencyNameTable.DisplayFormatCurrency(accounting.OverpaidHelper.ToDecimal(MoneyUnit.BTC), paymentMethodId.CryptoCode);
                 var paymentMethodDetails = data.GetPaymentMethodDetails();
+                cryptoPayment.Address = paymentMethodDetails.GetPaymentDestination();
                 cryptoPayment.Rate = ExchangeRate(data);
                 model.CryptoPayments.Add(cryptoPayment);
             }
@@ -222,6 +224,9 @@ namespace BTCPayServer.Controllers
                 : (decimal?)null;
 
             var paymentMethodHandler = _paymentMethodHandlerDictionary[paymentMethodId];
+            
+            var divisibility = _CurrencyNameTable.GetNumberFormatInfo(paymentMethod.GetId().CryptoCode, false)?.CurrencyDecimalDigits;
+
             var model = new PaymentModel()
             {
                 CryptoCode = network.CryptoCode,
@@ -229,13 +234,13 @@ namespace BTCPayServer.Controllers
                 OrderId = invoice.OrderId,
                 InvoiceId = invoice.Id,
                 DefaultLang = storeBlob.DefaultLang ?? "en",
-                HtmlTitle = storeBlob.HtmlTitle ?? "BTCPay Invoice",
                 CustomCSSLink = storeBlob.CustomCSS,
                 CustomLogoLink = storeBlob.CustomLogo,
+                HtmlTitle = storeBlob.HtmlTitle ?? "BTCPay Invoice",
                 CryptoImage = Request.GetRelativePathOrAbsolute(paymentMethodHandler.GetCryptoImage(paymentMethodId)),
                 BtcAddress = paymentMethodDetails.GetPaymentDestination(),
-                BtcDue = accounting.Due.ToString(),
-                OrderAmount = (accounting.TotalDue - accounting.NetworkFee).ToString(),
+                BtcDue = accounting.Due.ShowMoney(divisibility),
+                OrderAmount = (accounting.TotalDue - accounting.NetworkFee).ShowMoney(divisibility),
                 OrderAmountFiat = OrderAmountFromInvoice(network.CryptoCode, invoice.ProductInformation),
                 CustomerEmail = invoice.RefundMail,
                 RequiresRefundEmail = storeBlob.RequiresRefundEmail,
@@ -251,7 +256,7 @@ namespace BTCPayServer.Controllers
                 StoreName = store.StoreName,
                 PeerInfo = (paymentMethodDetails as LightningLikePaymentMethodDetails)?.NodeInfo,
                 TxCount = accounting.TxRequired,
-                BtcPaid = accounting.Paid.ToString(),
+                BtcPaid = accounting.Paid.ShowMoney(divisibility),
 #pragma warning disable CS0618 // Type or member is obsolete
                 Status = invoice.StatusString,
 #pragma warning restore CS0618 // Type or member is obsolete
@@ -509,7 +514,7 @@ namespace BTCPayServer.Controllers
 
         [HttpPost]
         [Route("invoices/create")]
-        [Authorize(Policy = Policies.CanCreateInvoice.Key, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
         [BitpayAPIConstraint(false)]
         public async Task<IActionResult> CreateInvoice(CreateInvoiceModel model, CancellationToken cancellationToken)
         {

BTCPayServer/Controllers/InvoiceController.cs

@@ -74,7 +74,11 @@ namespace BTCPayServer.Controllers
             var getAppsTaggingStore = _InvoiceRepository.GetAppsTaggingStore(store.Id);
             var storeBlob = store.GetStoreBlob();
             EmailAddressAttribute emailValidator = new EmailAddressAttribute();
-            entity.ExpirationTime = entity.InvoiceTime.AddMinutes(storeBlob.InvoiceExpiration);
+            entity.ExpirationTime = invoice.ExpirationTime is DateTimeOffset v ? v : entity.InvoiceTime.AddMinutes(storeBlob.InvoiceExpiration);
+            if (entity.ExpirationTime - TimeSpan.FromSeconds(30.0) < entity.InvoiceTime)
+            {
+                throw new BitpayHttpException(400, "The expirationTime is set too soon");
+            }
             entity.MonitoringExpiration = entity.ExpirationTime + TimeSpan.FromMinutes(storeBlob.MonitoringExpiration);
             entity.OrderId = invoice.OrderId;
             entity.ServerUrl = serverUrl;
@@ -150,6 +154,7 @@ namespace BTCPayServer.Controllers
             var rateRules = storeBlob.GetRateRules(_NetworkProvider);
             var fetchingByCurrencyPair = _RateProvider.FetchRates(currencyPairsToFetch, rateRules, cancellationToken);
             var fetchingAll = WhenAllFetched(logs, fetchingByCurrencyPair);
+
             var supportedPaymentMethods = store.GetSupportedPaymentMethods(_NetworkProvider)
                                                .Where(s => !excludeFilter.Match(s.PaymentId) && _paymentMethodHandlerDictionary.Support(s.PaymentId))
                                                .Select(c =>
@@ -175,7 +180,8 @@ namespace BTCPayServer.Controllers
             if (supported.Count == 0)
             {
                 StringBuilder errors = new StringBuilder();
-                errors.AppendLine("Warning: No wallet has been linked to your BTCPay Store. See the following link for more information on how to connect your store and wallet. (https://docs.btcpayserver.org/getting-started/connectwallet)");
+                if (!store.GetSupportedPaymentMethods(_NetworkProvider).Any())
+                    errors.AppendLine("Warning: No wallet has been linked to your BTCPay Store. See the following link for more information on how to connect your store and wallet. (https://docs.btcpayserver.org/getting-started/connectwallet)");
                 foreach (var error in logs.ToList())
                 {
                     errors.AppendLine(error.ToString());
@@ -253,7 +259,7 @@ namespace BTCPayServer.Controllers
 
                 using (logs.Measure($"{logPrefix} Payment method details creation"))
                 {
-                    var paymentDetails = await handler.CreatePaymentMethodDetails(supportedPaymentMethod, paymentMethod, store, network, preparePayment);
+                    var paymentDetails = await handler.CreatePaymentMethodDetails(logs, supportedPaymentMethod, paymentMethod, store, network, preparePayment);
                     paymentMethod.SetPaymentMethodDetails(paymentDetails);
                 }
 

BTCPayServer/Controllers/ManageController.2FA.cs

@@ -162,23 +162,6 @@ namespace BTCPayServer.Controllers
             return View(model);
         }
 
-        [HttpGet]
-        public async Task<IActionResult> GenerateRecoveryCodesWarning()
-        {
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
-            }
-
-            if (!user.TwoFactorEnabled)
-            {
-                throw new ApplicationException($"Cannot generate recovery codes for user with ID '{user.Id}' because they do not have 2FA enabled.");
-            }
-
-            return View(nameof(GenerateRecoveryCodesWarning));
-        }
-
         private string GenerateQrCodeUri(string email, string unformattedKey)
         {
             return string.Format(CultureInfo.InvariantCulture,

BTCPayServer/Controllers/ManageController.APIKeys.cs

@@ -0,0 +1,405 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Data;
+using BTCPayServer.Models;
+using BTCPayServer.Security;
+using BTCPayServer.Security.GreenField;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using NBitcoin;
+using NBitcoin.DataEncoders;
+using YamlDotNet.Core.Tokens;
+
+namespace BTCPayServer.Controllers
+{
+    public partial class ManageController
+    {
+        [HttpGet]
+        public async Task<IActionResult> APIKeys()
+        {
+            return View(new ApiKeysViewModel()
+            {
+                ApiKeyDatas = await _apiKeyRepository.GetKeys(new APIKeyRepository.APIKeyQuery()
+                {
+                    UserId = new[] { _userManager.GetUserId(User) }
+                })
+            });
+        }
+
+        [HttpGet("api-keys/{id}/delete")]
+        public async Task<IActionResult> RemoveAPIKey(string id)
+        {
+            var key = await _apiKeyRepository.GetKey(id);
+            if (key == null || key.UserId != _userManager.GetUserId(User))
+            {
+                return NotFound();
+            }
+            return View("Confirm", new ConfirmModel()
+            {
+                Title = "Delete API Key " + (string.IsNullOrEmpty(key.Label) ? string.Empty : key.Label) + "(" + key.Id + ")",
+                Description = "Any application using this api key will immediately lose access",
+                Action = "Delete",
+                ActionUrl = this.Url.ActionLink(nameof(RemoveAPIKeyPost), values: new { id = id })
+            });
+        }
+
+        [HttpPost("api-keys/{id}/delete")]
+        public async Task<IActionResult> RemoveAPIKeyPost(string id)
+        {
+            var key = await _apiKeyRepository.GetKey(id);
+            if (key == null || key.UserId != _userManager.GetUserId(User))
+            {
+                return NotFound();
+            }
+            await _apiKeyRepository.Remove(id, _userManager.GetUserId(User));
+            TempData.SetStatusMessageModel(new StatusMessageModel()
+            {
+                Severity = StatusMessageModel.StatusSeverity.Success,
+                Message = "API Key removed"
+            });
+            return RedirectToAction("APIKeys");
+        }
+
+        [HttpGet]
+        public async Task<IActionResult> AddApiKey()
+        {
+            if (!_btcPayServerEnvironment.IsSecure)
+            {
+                TempData.SetStatusMessageModel(new StatusMessageModel()
+                {
+                    Severity = StatusMessageModel.StatusSeverity.Error,
+                    Message = "Cannot generate api keys while not on https or tor"
+                });
+                return RedirectToAction("APIKeys");
+            }
+
+            return View("AddApiKey", await SetViewModelValues(new AddApiKeyViewModel()));
+        }
+
+        [HttpGet("~/api-keys/authorize")]
+        public async Task<IActionResult> AuthorizeAPIKey(string[] permissions, string applicationName = null,
+            bool strict = true, bool selectiveStores = false)
+        {
+            if (!_btcPayServerEnvironment.IsSecure)
+            {
+                TempData.SetStatusMessageModel(new StatusMessageModel()
+                {
+                    Severity = StatusMessageModel.StatusSeverity.Error,
+                    Message = "Cannot generate api keys while not on https or tor"
+                });
+                return RedirectToAction("APIKeys");
+            }
+        
+            permissions ??= Array.Empty<string>();
+
+            var parsedPermissions = Permission.ToPermissions(permissions).GroupBy(permission => permission.Policy);
+            var vm = await SetViewModelValues(new AuthorizeApiKeysViewModel()
+            {
+                Label = applicationName,
+                ApplicationName = applicationName,
+                SelectiveStores = selectiveStores,
+                Strict = strict,
+                Permissions = string.Join(';', parsedPermissions.SelectMany(grouping => grouping.Select(permission => permission.ToString())))
+            });
+            AdjustVMForAuthorization(vm);
+            
+            return View(vm);
+        }
+
+        private void AdjustVMForAuthorization(AuthorizeApiKeysViewModel vm)
+        {
+             var parsedPermissions = Permission.ToPermissions(vm.Permissions.Split(';')).GroupBy(permission => permission.Policy);
+
+            for (var index = vm.PermissionValues.Count - 1; index >= 0; index--)
+            {
+                var permissionValue = vm.PermissionValues[index];
+                var wanted = parsedPermissions?.SingleOrDefault(permission =>
+                    permission.Key.Equals(permissionValue.Permission,
+                        StringComparison.InvariantCultureIgnoreCase));
+                if (vm.Strict && !(wanted?.Any()??false))
+                {
+                    vm.PermissionValues.RemoveAt(index);
+                    continue;
+                }
+                else if (wanted?.Any()??false)
+                {
+                    if (vm.SelectiveStores && Policies.IsStorePolicy(permissionValue.Permission) &&
+                        wanted.Any(permission => !string.IsNullOrEmpty(permission.StoreId)))
+                    {
+                        permissionValue.StoreMode = AddApiKeyViewModel.ApiKeyStoreMode.Specific;
+                        permissionValue.SpecificStores = wanted.Select(permission => permission.StoreId).ToList();
+                    }
+                    else
+                    {
+                        permissionValue.StoreMode = AddApiKeyViewModel.ApiKeyStoreMode.AllStores;
+                        permissionValue.SpecificStores = new List<string>();
+                        permissionValue.Value = true;
+                    }
+                }
+            }
+        }
+
+        [HttpPost("~/api-keys/authorize")]
+        public async Task<IActionResult> AuthorizeAPIKey([FromForm] AuthorizeApiKeysViewModel viewModel)
+        {
+            await SetViewModelValues(viewModel);
+            
+            AdjustVMForAuthorization(viewModel);
+            var ar = HandleCommands(viewModel);
+        
+            if (ar != null)
+            {
+                return ar;
+            }
+        
+            for (int i = 0; i < viewModel.PermissionValues.Count; i++)
+            {
+                if (viewModel.PermissionValues[i].Forbidden && viewModel.Strict)
+                {
+                    viewModel.PermissionValues[i].Value = false;
+                    ModelState.AddModelError($"{viewModel.PermissionValues}[{i}].Value",
+                        $"The permission '{viewModel.PermissionValues[i].Title}' is required for this application.");
+                }
+
+                if (viewModel.PermissionValues[i].StoreMode == AddApiKeyViewModel.ApiKeyStoreMode.Specific &&
+                    !viewModel.SelectiveStores)
+                {
+                    viewModel.PermissionValues[i].StoreMode = AddApiKeyViewModel.ApiKeyStoreMode.AllStores;
+                    ModelState.AddModelError($"{viewModel.PermissionValues}[{i}].Value",
+                        $"The permission '{viewModel.PermissionValues[i].Title}' cannot be store specific for this application.");
+                }
+            }
+            
+            
+            if (!ModelState.IsValid)
+            {
+                return View(viewModel);
+            }
+        
+            switch (viewModel.Command.ToLowerInvariant())
+            {
+                case "no":
+                    return RedirectToAction("APIKeys");
+                case "yes":
+                    var key = await CreateKey(viewModel);
+                    TempData.SetStatusMessageModel(new StatusMessageModel()
+                    {
+                        Severity = StatusMessageModel.StatusSeverity.Success,
+                        Html = $"API key generated! <code class='alert-link'>{key.Id}</code>"
+                    });
+                    return RedirectToAction("APIKeys", new { key = key.Id });
+                default:
+                    return View(viewModel);
+            }
+        }
+
+        [HttpPost]
+        public async Task<IActionResult> AddApiKey(AddApiKeyViewModel viewModel)
+        {
+            await SetViewModelValues(viewModel);
+
+            var ar = HandleCommands(viewModel);
+
+            if (ar != null)
+            {
+                return ar;
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return View(viewModel);
+            }
+
+            var key = await CreateKey(viewModel);
+
+            TempData.SetStatusMessageModel(new StatusMessageModel()
+            {
+                Severity = StatusMessageModel.StatusSeverity.Success,
+                Html = $"API key generated! <code class='alert-link'>{key.Id}</code>"
+            });
+            return RedirectToAction("APIKeys");
+        }
+        private IActionResult HandleCommands(AddApiKeyViewModel viewModel)
+        {
+            if (string.IsNullOrEmpty(viewModel.Command))
+            {
+                return null;
+            }
+            var parts = viewModel.Command.Split(':', StringSplitOptions.RemoveEmptyEntries);
+            var permission = parts[0];
+            if (!Policies.IsStorePolicy(permission))
+            {
+                return null;
+            }
+            var permissionValueItem = viewModel.PermissionValues.Single(item => item.Permission == permission);
+            var command = parts[1];
+            var storeIndex = parts.Length == 3 ? parts[2] : null;
+            
+            ModelState.Clear();
+            switch (command)
+            {
+                case "change-store-mode":
+                    
+                    permissionValueItem.StoreMode = permissionValueItem.StoreMode == AddApiKeyViewModel.ApiKeyStoreMode.Specific
+                        ? AddApiKeyViewModel.ApiKeyStoreMode.AllStores
+                        : AddApiKeyViewModel.ApiKeyStoreMode.Specific;
+
+                    if (permissionValueItem.StoreMode == AddApiKeyViewModel.ApiKeyStoreMode.Specific &&
+                        !permissionValueItem.SpecificStores.Any() && viewModel.Stores.Any())
+                    {
+                        permissionValueItem.SpecificStores.Add(null);
+                    }
+                    return View(viewModel);
+                case "add-store":
+                    permissionValueItem.SpecificStores.Add(null);
+                    return View(viewModel);
+
+                case "remove-store":
+                {
+                    if (storeIndex != null)
+                        permissionValueItem.SpecificStores.RemoveAt(int.Parse(storeIndex,
+                            CultureInfo.InvariantCulture));
+                    return View(viewModel);
+                }
+            }
+            
+            return null;
+        }
+
+        private async Task<APIKeyData> CreateKey(AddApiKeyViewModel viewModel)
+        {
+            var key = new APIKeyData()
+            {
+                Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),
+                Type = APIKeyType.Permanent,
+                UserId = _userManager.GetUserId(User),
+                Label = viewModel.Label
+            };
+            key.SetBlob(new APIKeyBlob()
+            {
+                Permissions = GetPermissionsFromViewModel(viewModel).Select(p => p.ToString()).Distinct().ToArray()
+            });
+            await _apiKeyRepository.CreateKey(key);
+            return key;
+        }
+
+        private IEnumerable<Permission> GetPermissionsFromViewModel(AddApiKeyViewModel viewModel)
+        {
+            List<Permission> permissions = new List<Permission>();
+            foreach (var p in viewModel.PermissionValues.Where(tuple => !tuple.Forbidden))
+            {
+                if (Policies.IsStorePolicy(p.Permission))
+                {
+                    if (p.StoreMode == AddApiKeyViewModel.ApiKeyStoreMode.AllStores && p.Value)
+                    {
+                        permissions.Add(Permission.Create(p.Permission));
+                    }
+                    else if (p.StoreMode == AddApiKeyViewModel.ApiKeyStoreMode.Specific)
+                    {
+                        permissions.AddRange(p.SpecificStores.Select(s => Permission.Create(p.Permission, s)));
+                    }
+                }
+                else if (p.Value &&  Permission.TryCreatePermission(p.Permission, null, out var pp))
+                    permissions.Add(pp);
+            }
+
+            
+            return permissions.Distinct();
+        }
+
+        private async Task<T> SetViewModelValues<T>(T viewModel) where T : AddApiKeyViewModel
+        {
+            viewModel.Stores = await _StoreRepository.GetStoresByUserId(_userManager.GetUserId(User));
+            var isAdmin = (await _authorizationService.AuthorizeAsync(User, Policies.CanModifyServerSettings))
+                .Succeeded;
+            viewModel.PermissionValues ??= Policies.AllPolicies
+                .Select(s => new AddApiKeyViewModel.PermissionValueItem()
+                {
+                    Permission = s, 
+                    Value = false, 
+                    Forbidden = Policies.IsServerPolicy(s) && !isAdmin
+                }).ToList();
+
+
+            if (!isAdmin)
+            {
+                foreach (var p in viewModel.PermissionValues.Where(item => Policies.IsServerPolicy(item.Permission)))
+                {
+                    p.Forbidden = true;
+                }
+            }
+
+            return viewModel;
+        }
+
+        public class AddApiKeyViewModel
+        {
+            public string Label { get; set; }
+            public StoreData[] Stores { get; set; }
+            public string Command { get; set; }
+            public List<PermissionValueItem> PermissionValues { get; set; }
+
+            public enum ApiKeyStoreMode
+            {
+                AllStores,
+                Specific
+            }
+
+            public class PermissionValueItem
+            {
+                public static readonly Dictionary<string, (string Title, string Description)> PermissionDescriptions = new Dictionary<string, (string Title, string Description)>()
+                {
+                    {BTCPayServer.Client.Policies.Unrestricted, ("Unrestricted access", "The app will have unrestricted access to your account.")},
+                    {BTCPayServer.Client.Policies.CanCreateUser, ("Create new users", "The app will be able to create new users on this server.")},
+                    {BTCPayServer.Client.Policies.CanModifyStoreSettings, ("Modify your stores", "The app will be able to create, view and modify, delete and create new invoices on the  all your stores.")},
+                    {$"{BTCPayServer.Client.Policies.CanModifyStoreSettings}:", ("Manage selected stores", "The app will be able to view, modify, delete and create new invoices on the selected stores.")},
+                    {BTCPayServer.Client.Policies.CanViewStoreSettings, ("View your stores", "The app will be able to view stores settings.")},
+                    {$"{BTCPayServer.Client.Policies.CanViewStoreSettings}:", ("View your stores", "The app will be able to view the selected stores' settings.")},
+                    {BTCPayServer.Client.Policies.CanModifyServerSettings, ("Manage your server", "The app will have total control on the server settings of your server")},
+                    {BTCPayServer.Client.Policies.CanViewProfile, ("View your profile", "The app will be able to view your user profile.")},
+                    {BTCPayServer.Client.Policies.CanModifyProfile, ("Manage your profile", "The app will be able to view and modify your user profile.")},
+                    {BTCPayServer.Client.Policies.CanCreateInvoice, ("Create an invoice", "The app will be able to create new invoices.")},
+                    {$"{BTCPayServer.Client.Policies.CanCreateInvoice}:", ("Create an invoice", "The app will be able to create new invoices on the selected stores.")},
+                };
+                public string Title
+                {
+                    get
+                    {
+                        return PermissionDescriptions[$"{Permission}{(StoreMode == ApiKeyStoreMode.Specific? ":": "")}"].Title;
+                    }
+                }
+                public string Description
+                {
+                    get
+                    {
+                        return PermissionDescriptions[$"{Permission}{(StoreMode == ApiKeyStoreMode.Specific? ":": "")}"].Description;
+                    }
+                }
+                public string Permission { get; set; }
+                public bool Value { get; set; }
+                public bool Forbidden { get; set; }
+
+                public ApiKeyStoreMode StoreMode { get; set; } = ApiKeyStoreMode.AllStores;
+                public List<string> SpecificStores { get; set; } = new List<string>();
+            }
+        }
+
+        public class AuthorizeApiKeysViewModel : AddApiKeyViewModel
+        {
+            public string ApplicationName { get; set; }
+            public bool Strict { get; set; }
+            public bool SelectiveStores { get; set; }
+            public string Permissions { get; set; }
+        }
+
+
+        public class ApiKeysViewModel
+        {
+            public List<APIKeyData> ApiKeyDatas { get; set; }
+        }
+    }
+}

BTCPayServer/Controllers/ManageController.cs

@@ -19,6 +19,8 @@ using System.Globalization;
 using BTCPayServer.Security;
 using BTCPayServer.U2F;
 using BTCPayServer.Data;
+using Microsoft.AspNetCore.Routing;
+using BTCPayServer.Security.GreenField;
 
 namespace BTCPayServer.Controllers
 {
@@ -34,6 +36,9 @@ namespace BTCPayServer.Controllers
         IWebHostEnvironment _Env;
         public U2FService _u2FService;
         private readonly BTCPayServerEnvironment _btcPayServerEnvironment;
+        private readonly APIKeyRepository _apiKeyRepository;
+        private readonly IAuthorizationService _authorizationService;
+        private readonly LinkGenerator _linkGenerator;
         StoreRepository _StoreRepository;
 
 
@@ -48,7 +53,11 @@ namespace BTCPayServer.Controllers
           StoreRepository storeRepository,
           IWebHostEnvironment env, 
           U2FService  u2FService,
-          BTCPayServerEnvironment btcPayServerEnvironment)
+          BTCPayServerEnvironment btcPayServerEnvironment,
+          APIKeyRepository apiKeyRepository,
+          IAuthorizationService authorizationService,
+          LinkGenerator linkGenerator
+          )
         {
             _userManager = userManager;
             _signInManager = signInManager;
@@ -58,6 +67,9 @@ namespace BTCPayServer.Controllers
             _Env = env;
             _u2FService = u2FService;
             _btcPayServerEnvironment = btcPayServerEnvironment;
+            _apiKeyRepository = apiKeyRepository;
+            _authorizationService = authorizationService;
+            _linkGenerator = linkGenerator;
             _StoreRepository = storeRepository;
         }
 
@@ -137,7 +149,7 @@ namespace BTCPayServer.Controllers
         {
             if (!ModelState.IsValid)
             {
-                return View(model);
+                return View(nameof(Index), model);
             }
 
             var user = await _userManager.GetUserAsync(User);
@@ -147,7 +159,7 @@ namespace BTCPayServer.Controllers
             }
 
             var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
-            var callbackUrl = Url.EmailConfirmationLink(user.Id, code, Request.Scheme);
+            var callbackUrl = _linkGenerator.EmailConfirmationLink(user.Id, code, Request.Scheme, Request.Host, Request.PathBase);
             var email = user.Email;
             _EmailSenderFactory.GetEmailSender().SendEmailConfirmation(email, callbackUrl);
             TempData[WellKnownTempData.SuccessMessage] = "Verification email sent. Please check your email.";

BTCPayServer/Controllers/PaymentRequestController.cs

@@ -25,6 +25,7 @@ using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Rendering;
+using Microsoft.AspNetCore.Routing;
 using Microsoft.EntityFrameworkCore.Metadata.Internal;
 using NBitpayClient;
 
@@ -42,6 +43,7 @@ namespace BTCPayServer.Controllers
         private readonly EventAggregator _EventAggregator;
         private readonly CurrencyNameTable _Currencies;
         private readonly InvoiceRepository _InvoiceRepository;
+        private readonly LinkGenerator _linkGenerator;
 
         public PaymentRequestController(
             InvoiceController invoiceController,
@@ -51,7 +53,8 @@ namespace BTCPayServer.Controllers
             PaymentRequestService paymentRequestService,
             EventAggregator eventAggregator,
             CurrencyNameTable currencies,
-            InvoiceRepository invoiceRepository)
+            InvoiceRepository invoiceRepository,
+            LinkGenerator linkGenerator)
         {
             _InvoiceController = invoiceController;
             _UserManager = userManager;
@@ -61,6 +64,7 @@ namespace BTCPayServer.Controllers
             _EventAggregator = eventAggregator;
             _Currencies = currencies;
             _InvoiceRepository = invoiceRepository;
+            _linkGenerator = linkGenerator;
         }
 
         [HttpGet]
@@ -98,7 +102,7 @@ namespace BTCPayServer.Controllers
             {
                 TempData.SetStatusMessageModel(new StatusMessageModel()
                 {
-                    Html = $"Error: You need to create at least one store. <a href='{Url.Action("CreateStore", "UserStores")}'>Create store</a>",
+                    Html = $"Error: You need to create at least one store. <a href='{Url.Action("CreateStore", "UserStores")}' class='alert-link'>Create store</a>",
                     Severity = StatusMessageModel.StatusSeverity.Error
                 });
                 return RedirectToAction("GetPaymentRequests");
@@ -225,6 +229,10 @@ namespace BTCPayServer.Controllers
         public async Task<IActionResult> PayPaymentRequest(string id, bool redirectToInvoice = true,
             decimal? amount = null, CancellationToken cancellationToken = default)
         {
+            if (amount.HasValue && amount.Value <= 0)
+            {
+                return BadRequest("Please provide an amount greater than 0");
+            }
             var result = await _PaymentRequestService.GetPaymentRequest(id, GetUserId());
             if (result == null)
             {
@@ -280,8 +288,7 @@ namespace BTCPayServer.Controllers
             var store = pr.StoreData;
             try
             {
-                var redirectUrl = Request.GetDisplayUrl().TrimEnd("/pay", StringComparison.InvariantCulture)
-                    .Replace("hub?id=", string.Empty, StringComparison.InvariantCultureIgnoreCase);
+                var redirectUrl = _linkGenerator.PaymentRequestLink(id, Request.Scheme, Request.Host, Request.PathBase);
                 var newInvoiceId = (await _InvoiceController.CreateInvoiceCore(new CreateInvoiceRequest()
                         {
                             OrderId = $"{PaymentRequestRepository.GetOrderIdForPaymentRequest(id)}",

BTCPayServer/Controllers/PublicController.cs

@@ -37,7 +37,6 @@ namespace BTCPayServer.Controllers
         
         [HttpPost]
         [Route("api/v1/invoices")]
-        [MediaTypeAcceptConstraintAttribute("text/html")]
         [IgnoreAntiforgeryToken]
         [EnableCors(CorsPolicies.All)]
         public async Task<IActionResult> PayButtonHandle([FromForm]PayButtonViewModel model, CancellationToken cancellationToken)
@@ -78,6 +77,15 @@ namespace BTCPayServer.Controllers
                 ModelState.AddModelError("Store", e.Message);
                 return View();
             }
+            
+            if (model.JsonResponse)
+            {
+                return Json(new
+                {
+                    InvoiceId = invoice.Data.Id,
+                    InvoiceUrl = invoice.Data.Url
+                });
+            }
 
             if (string.IsNullOrEmpty(model.CheckoutQueryString))
             {