Fix #678 -- Data shredders for personally identifiable information (#817)

* Add data shredders for PII * First working shredder * Add more shredders * Add new shredders and download confirmation * tmp * PayPal, Stripe, banktransfer * Add icon to logs * Untested payment log shredders * Add waiting list shredder * First tests * Add tests for shredders * Improve templats, link to shredder * Test payment info shredders * More tests * Documentation * Fix enabled flag in payment provider overview * Fix minor issues
2018-05-02 15:59:59 +02:00
parent 335838f2b2
commit 7bccd62a4f
41 changed files with 1728 additions and 21 deletions
--- a/src/pretix/plugins/stripe/payment.py
+++ b/src/pretix/plugins/stripe/payment.py
@@ -16,7 +16,7 @@ from django.utils.http import urlquote
 from django.utils.translation import pgettext, ugettext, ugettext_lazy as _

 from pretix import __version__
-from pretix.base.models import Event, Quota, RequiredAction
+from pretix.base.models import Event, Order, Quota, RequiredAction
 from pretix.base.payment import BasePaymentProvider, PaymentException
 from pretix.base.services.mail import SendMailException
 from pretix.base.services.orders import mark_order_paid, mark_order_refunded
@@ -480,6 +480,34 @@ class StripeMethod(BasePaymentProvider):
        else:
            return str(url)

+    def shred_payment_info(self, order: Order):
+        if not order.payment_info:
+            return
+        d = json.loads(order.payment_info)
+        new = {}
+        if 'source' in d:
+            new['source'] = {
+                'id': d['source'].get('id'),
+                'type': d['source'].get('type'),
+                'brand': d['source'].get('brand'),
+                'last4': d['source'].get('last4'),
+                'bank_name': d['source'].get('bank_name'),
+                'bank': d['source'].get('bank'),
+                'bic': d['source'].get('bic'),
+                'card': {
+                    'brand': d['source'].get('card', {}).get('brand'),
+                    'country': d['source'].get('card', {}).get('cuntry'),
+                    'last4': d['source'].get('card', {}).get('last4'),
+                }
+            }
+            new['amount'] = d['amount']
+            new['currency'] = d['currency']
+            new['status'] = d['status']
+            new['id'] = d['id']
+            new['_shredded'] = True
+        order.payment_info = json.dumps(new)
+        order.save(update_fields=['payment_info'])
+

 class StripeCC(StripeMethod):
    identifier = 'stripe'