CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

reject duplicate gift card secrets

Browse Source
This commit is contained in:
Lukas Bockstaller
2026-03-10 16:59:51 +01:00
parent 0c05b532bf
commit 353a08e094
3 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
doc/api/resources/orders.rst
View File

@@ -117,7 +117,8 @@ cancellation_date datetime Time of order c
reliable for orders that have been cancelled, reliable for orders that have been cancelled,
reactivated and cancelled again. reactivated and cancelled again.
plugin_data object Additional data added by plugins. plugin_data object Additional data added by plugins.
use_gift_cards list of strings List of gift card secrets that are used to pay for this order. use_gift_cards list of strings List of unique gift card secrets that are used to pay
for this order.
===================================== ========================== ======================================================= ===================================== ========================== =======================================================

2
src/pretix/api/serializers/order.py
View File

@@ -1316,6 +1316,8 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
if validated_data.get('status') != Order.STATUS_PENDING and len(gift_card_secrets) > 0: if validated_data.get('status') != Order.STATUS_PENDING and len(gift_card_secrets) > 0:
raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is only supported for orders that are created as pending']}) raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is only supported for orders that are created as pending']})
if len(set(gift_card_secrets)) != len(gift_card_secrets):
raise ValidationError({"use_gift_cards": ['Multiple copies of the same gift card secret are not allowed']})
if not validated_data.get("sales_channel"): if not validated_data.get("sales_channel"):
validated_data["sales_channel"] = self.context['event'].organizer.sales_channels.get(identifier="web") validated_data["sales_channel"] = self.context['event'].organizer.sales_channels.get(identifier="web")

30
src/tests/api/test_order_create.py
View File

@@ -3551,3 +3551,33 @@ def test_order_create_use_gift_card_and_payment_provider(token_client, organizer
assert open_payment.state == OrderPayment.PAYMENT_STATE_CREATED assert open_payment.state == OrderPayment.PAYMENT_STATE_CREATED
assert open_payment.amount == o.total - gc_value assert open_payment.amount == o.total - gc_value
assert open_payment.payment_provider.identifier == res['payment_provider'] assert open_payment.payment_provider.identifier == res['payment_provider']
@pytest.mark.django_db
def test_order_create_use_gift_card_repeated(token_client, organizer, event, item, quota, question):
res = copy.deepcopy(ORDER_CREATE_PAYLOAD)
res['positions'][0]['item'] = item.pk
res['positions'][0]['answers'][0]['question'] = question.pk
with scopes_disabled():
customer = organizer.customers.create()
res['customer'] = customer.identifier
res['api_meta'] = {
'test': 1
}
del res['payment_provider']
gc_one_eur = GiftCard.objects.create(issuer=organizer, currency='EUR')
gc_one_eur.transactions.create(value=Decimal("1.00"), acceptor=organizer).save()
gc_enough_eur = GiftCard.objects.create(issuer=organizer, currency='EUR')
gc_enough_eur.transactions.create(value=Decimal("100.00"), acceptor=organizer).save()
res['use_gift_cards'] = [gc_one_eur.secret, gc_one_eur.secret, gc_enough_eur.secret]
resp = token_client.post(
'/api/v1/organizers/{}/events/{}/orders/'.format(
organizer.slug, event.slug
), format='json', data=res
)
assert resp.status_code == 400
assert resp.json() == {'use_gift_cards': ['Multiple copies of the same gift card secret are not allowed']}