CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Check-in API: Work around libpretixsync issue with space encoding

Browse Source
This commit is contained in:
Raphael Michel
2021-10-26 10:46:11 +02:00
parent 24eea02e0d
commit 2beb0b20ca
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/pretix/api/views/checkin.py
View File

@@ -430,7 +430,13 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
if self.kwargs['pk'].isnumeric(): if self.kwargs['pk'].isnumeric():
op = queryset.get(Q(pk=self.kwargs['pk']) | Q(secret=self.kwargs['pk'])) op = queryset.get(Q(pk=self.kwargs['pk']) | Q(secret=self.kwargs['pk']))
else: else:
op = queryset.get(secret=self.kwargs['pk']) # In application/x-www-form-urlencoded, you can encodes space ' ' with '+' instead of '%20'.
# `id`, however, is part of a path where this technically is not allowed. Old versions of our
# scan apps still do it, so we try work around it!
try:
op = queryset.get(secret=self.kwargs['pk'])
except OrderPosition.DoesNotExist:
op = queryset.get(secret=self.kwargs['pk'].replace('+', ' '))
except OrderPosition.DoesNotExist: except OrderPosition.DoesNotExist:
revoked_matches = list(self.request.event.revoked_secrets.filter(secret=self.kwargs['pk'])) revoked_matches = list(self.request.event.revoked_secrets.filter(secret=self.kwargs['pk']))
if len(revoked_matches) == 0: if len(revoked_matches) == 0:

13
src/tests/api/test_checkin.py
View File

@@ -687,6 +687,19 @@ def test_by_secret_special_chars(token_client, organizer, clist, event, order):
assert resp.data['status'] == 'ok' assert resp.data['status'] == 'ok'
@pytest.mark.django_db
def test_by_secret_special_chars_space_fallback(token_client, organizer, clist, event, order):
with scopes_disabled():
p = order.positions.first()
p.secret = "foo bar"
p.save()
resp = token_client.post('/api/v1/organizers/{}/events/{}/checkinlists/{}/positions/{}/redeem/'.format(
organizer.slug, event.slug, clist.pk, "foo+bar"
), {}, format='json')
assert resp.status_code == 201
assert resp.data['status'] == 'ok'
@pytest.mark.django_db @pytest.mark.django_db
def test_only_once(token_client, organizer, clist, event, order): def test_only_once(token_client, organizer, clist, event, order):
with scopes_disabled(): with scopes_disabled():