“click here to generate API keys.” does not work
-
the “click here to generate API keys.” link does not appear to work properly – it redirects you to the btcpay url and there once you click “authorize” it redirects you back to the settings page of the store with no API key or store id filled in.
-
Is this correct to test it?
curl -vX POST -H “Content-Type: application/json” -d ‘{“data”: “test”}’ https://mystore.com/?wc-api=btcpaygf_default
If so I get status 500 back with no additional information
EDIT: There was some information in fact:
{“code”:”wp_die”,”message”:”Webhook request validation failed.”,”data”:{“status”:500},”additional_errors”:[]}That looks good, the request validation fails but there is no “403 forbidden” status. So this means nothing is blocking requests where the webhooks send data to and this is good.
A bit difficult to follow along with the other two open threads. Does this mean on your BTCPay settings page you do NOT have the api key and store id prefilled currently? Or did that work in the meantime?
Tell me your name on BTCPayServer’s mattermost please or contact me there, my name is @slate. This is too hard to convey with out a direct conversation.
To reply to your questions though:
>Does this mean on your BTCPay settings page you do NOT have the api key and store id prefilled currently?No it never worked through clicking the link and if I fill the values in manually it “appears” connected but the order status are not updated at all.
I want to help you debugging why this happens but it will be 10 times easier if we do a quick direct conversation via mattermost and I share you my screen and show you all the logs.Jesus… I figured out why it happens.. so you HAVE to click on “select specific stores” for each preselected item after being redirected to “mybtcpay.serverurl.com” at the page of “authorization Request”… else it will not work as by default it appears to assign the permissions to “all stores” which for some reason causes dark magic errors..
Lol and now after doing that and the values being filled in properly and clicking save I get: “The provided API key scope is valid for multiple stores, please make sure to create one for a single store.” ..
Yeah, discussing on Mattermost is always better than here. I will try to reproduce on a fresh install with that caching plugin installed.
If the setup wizard does not work I assume you followed the manual steps here https://docs.btcpayserver.org/WooCommerce/#22-connect-by-manually-creating-the-api-key-and-permissions
That said it is really strange that it shows you that the webhook already exists. I will need to debug this too. Will be afk now but will check later today and reach out to you. What you could do in the meantime is to delete the webhook options “btcpay_gf_webhook” in “wp_options” table, after that it should try to create one for sure. BUT, if you have no clue how to do it then better not do anything and wait until I debugged but I can only do it later, will be afk now for some time.
I can imagine that the caching plugin causes the debug message but i doubt it has anything to do with this one. It would sure be much more effective to debug this on my machine which actually causes the error and we would be able to narrow it down and fix it, no need to install a fully clean new server where it will most likely work out of the box where you configure it yourself knowing precisely how it works… The error is obviously triggered by a different user inceraction behaviour with the UI and not clicking the buttons in the way you would do it.
Lol and now after doing that and the values being filled in properly and clicking save I get: “The provided API key scope is valid for multiple stores, please make sure to create one for a single store.” .: This appears to be CDN related I kept clearing all caches over and over after every change on btcpay server and store url and got this fixed at least.
(stackpath is being used)
This also fixed, that the webhook is being created but the webhooks still fail with 500.
I can see “2022-03-04T18:05:26+00:00 DEBUG Failed to validate signature of webhook request.” in the logs.
Okay I changed the code of processWebhook in AbstractGateway.php to:
if (!isset($signature)) { Logger::debug('The Btcpay-Sig header is not set'); wp_die('The Btcpay-Sig header is not set'); } elseif (!$this->apiHelper->validWebhookRequest($signature, $rawPostData)) { Logger::debug('Failed to validate signature of webhook request.'); wp_die('Webhook request validation failed.'); }and it seems the header is not set which is why it fails…
and it seems upon logging the headers the code looks for Btcpay-Sig while the actual keys name is BTCPay-Sig … yeah and after changing $signature = $headers[‘Btcpay-Sig’] ?? null; to $signature = $headers[‘BTCPay-Sig’] ?? null; it works °_°_°_° <fml>
Thanks a lot for debugging!
The redirect from BTCPay Authorization page back to store does hit a different endpoint (your-domain.com/?btcpay-settings-callback) than the webhook where no signature check is done at all.
The signature validation runs on every
AbstractGateway::processWebhook()call. For some weird reason the PHP functiongetallheaders()CamelCases all the headers in the resulting array, so no matter if the signature header is called “BTCPay-Sig”, “BTCPAY-SIG”, “btcpay-sig” the array key will always get end up as “Btcpay-Sig”.So to sum up the CDN (stackpath) was messing things up? Did they cut out the header? Anything we can leave here for other users that may run into same problem?
Will keep discussion ongoing on Mattermost Chat if anything arises.
- The topic ‘“click here to generate API keys.” does not work’ is closed to new replies.
