CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Improve cookie detection and handling

Browse Source
This commit is contained in:
Raphael Michel
2018-09-02 15:25:33 +02:00
parent e18375ca6d
commit 6a4a8af731
8 changed files with 112 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pretix/presale/views/cart.py
View File

@@ -1,6 +1,7 @@
import mimetypes
import os
from django.conf import settings
from django.contrib import messages
from django.db.models import Q
from django.http import FileResponse, Http404, JsonResponse
@@ -47,7 +48,7 @@ class CartActionMixin:
u += '&require_cookie=true'
else:
u += '?require_cookie=true'
if 'iframe' in self.request.GET:
if 'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
cart_id = get_or_create_cart_id(self.request)
u += '&cart_id={}'.format(cart_id)
return u
@@ -383,6 +384,12 @@ class RedeemView(NoSearchIndexViewMixin, EventViewMixin, TemplateView):
context['subevent'] = self.subevent
context['new_tab'] = (
'require_cookie' in self.request.GET and
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
# Cookies are not supported! Lets just make the form open in a new tab
)
return context
def dispatch(self, request, *args, **kwargs):
@@ -436,6 +443,11 @@ class RedeemView(NoSearchIndexViewMixin, EventViewMixin, TemplateView):
return super().dispatch(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
if 'iframe' in request.GET and 'require_cookie' not in request.GET:
return redirect(request.get_full_path() + '&require_cookie=1')
return super().get(request, *args, **kwargs)
@method_decorator(xframe_options_exempt, 'dispatch')
class AnswerDownload(EventViewMixin, View):

30
src/pretix/presale/views/event.py
View File

@@ -9,8 +9,7 @@ from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.db.models import Count, Prefetch, Q
from django.http import Http404, HttpResponse
from django.shortcuts import get_object_or_404, redirect
from django.urls import reverse
from django.shortcuts import get_object_or_404, redirect, render
from django.utils.decorators import method_decorator
from django.utils.timezone import now
from django.utils.translation import pgettext_lazy, ugettext_lazy as _
@@ -181,8 +180,28 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
self.subevent = None
if request.GET.get('src', '') == 'widget' and 'take_cart_id' in request.GET:
# User has clicked "Open in a new tab" link in widget
get_or_create_cart_id(request)
return redirect(reverse('presale:event.index', kwargs=kwargs))
return redirect(eventreverse(request.event, 'presale:event.index', kwargs=kwargs))
elif request.GET.get('iframe', '') == '1' and 'take_cart_id' in request.GET:
# Widget just opened, a cart already exists. Let's to a stupid redirect to check if cookies are disabled
get_or_create_cart_id(request)
return redirect(eventreverse(request.event, 'presale:event.index', kwargs=kwargs) + '?require_cookie=true&cart_id={}'.format(
request.GET.get('take_cart_id')
))
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported
r = render(request, 'pretixpresale/event/cookies.html', {
'url': eventreverse(
request.event, "presale:event.index", kwargs={'cart_namespace': kwargs.get('cart_namespace')}
) + (
"?src=widget&take_cart_id={}".format(request.GET.get('cart_id'))
if "cart_id" in request.GET else ""
)
})
r._csp_ignore = True
return r
if request.event.has_subevents:
if 'subevent' in kwargs:
self.subevent = request.event.subevents.filter(pk=kwargs['subevent'], active=True).first()
@@ -286,11 +305,6 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
)
)
context['cookie_warning'] = (
'require_cookie' in self.request.GET and
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
)
return context

22
src/pretix/presale/views/waiting.py
View File

@@ -1,5 +1,6 @@
from django.conf import settings
from django.contrib import messages
from django.shortcuts import get_object_or_404, redirect
from django.shortcuts import get_object_or_404, redirect, render
from django.utils import translation
from django.utils.decorators import method_decorator
from django.utils.functional import cached_property
@@ -7,6 +8,8 @@ from django.utils.translation import pgettext_lazy, ugettext_lazy as _
from django.views.generic import FormView
from pretix.base.models.event import SubEvent
from pretix.base.templatetags.urlreplace import url_replace
from pretix.multidomain.urlreverse import eventreverse
from pretix.presale.views import EventViewMixin
from . import allow_frame_if_namespaced
@@ -36,6 +39,23 @@ class WaitingView(EventViewMixin, FormView):
ctx['item'], ctx['variation'] = self.item_and_variation
return ctx
def get(self, request, *args, **kwargs):
if request.GET.get('iframe', '') == '1' and 'require_cookie' not in request.GET:
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
return redirect(request.get_full_path() + '&require_cookie=true')
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
# cookies.
r = render(request, 'pretixpresale/event/cookies.html', {
'url': eventreverse(
request.event, "presale:event.waitinglist", kwargs={'cart_namespace': kwargs.get('cart_namespace')}
) + '?' + url_replace(request, 'require_cookie', '', 'iframe', '')
})
r._csp_ignore = True
return r
return super().get(request, *args, **kwargs)
@cached_property
def item_and_variation(self):
try: