CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Customer accounts & Memberships (#2024)

Browse Source
This commit is contained in:
Raphael Michel
2021-05-04 16:56:06 +02:00
committed by GitHub
parent 62e412bbc0
commit 8e79eb570e
116 changed files with 7975 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

250
src/tests/presale/test_checkout.py
View File

@@ -3690,3 +3690,253 @@ class CheckoutVoucherBudgetTest(BaseCheckoutTestCase, TestCase):
'web')
self.cp2.refresh_from_db()
assert self.cp2.price == Decimal('23.00')
class CustomerCheckoutTestCase(BaseCheckoutTestCase, TestCase):
@scopes_disabled()
def setUp(self):
super().setUp()
self.orga.settings.customer_accounts = True
self.event.settings.set('payment_stripe__enabled', True)
self.event.settings.set('payment_banktransfer__enabled', True)
with scopes_disabled():
CartPosition.objects.create(
event=self.event, cart_id=self.session_key, item=self.ticket,
price=23, expires=now() + timedelta(minutes=10)
)
self.customer = self.orga.customers.create(email='john@example.org', is_verified=True)
self.customer.set_password('foo')
self.customer.save()
def _finish(self):
self._set_session('payment', 'banktransfer')
self.client.post('/%s/%s/checkout/confirm/' % (self.orga.slug, self.event.slug), follow=True)
with scopes_disabled():
return Order.objects.last()
def test_guest(self):
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'guest'
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
order = self._finish()
assert order.email == 'admin@localhost'
assert not order.customer
def test_guest_even_if_logged_in(self):
self.client.post('/%s/account/login' % self.orga.slug, {
'email': 'john@example.org',
'password': 'foo',
})
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
assert 'john@example.org' in response.content.decode()
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'guest'
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
order = self._finish()
assert order.email == 'admin@localhost'
assert not order.customer
def test_login_already_logged_in_and_forced_email(self):
self.client.post('/%s/account/login' % self.orga.slug, {
'email': 'john@example.org',
'password': 'foo',
})
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
assert 'john@example.org' in response.content.decode()
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'login'
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug), {
'email': 'will-be-ignored'
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/payment/' % (self.orga.slug, self.event.slug),
target_status_code=200)
order = self._finish()
assert order.email == 'john@example.org'
assert order.customer == self.customer
def test_login_valid(self):
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'login',
'login-email': 'john@example.org',
'login-password': 'foo',
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
order = self._finish()
assert order.customer == self.customer
def test_login_invalid(self):
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'login',
'login-email': 'john@example.org',
'login-password': 'bar',
}, follow=False)
assert response.status_code == 200
assert b'alert-danger' in response.content
def test_register_valid(self):
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'register',
'register-email': 'foo@example.com',
'register-name_parts_0': 'John Doe',
}, follow=False)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
assert len(djmail.outbox) == 1
# After a valid registration form, we apply a kind of soft login. Since the email address hasn't yet been
# verified, we do not do a proper login, since that would cause security problems. However, if the customer
# goes back to this step manually, they can re-use the account.
response = self.client.get('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug))
assert response.content.decode().count('foo@example.com') == 1
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'login',
}, follow=False)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug), {
'email': 'will-be-ignored'
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/payment/' % (self.orga.slug, self.event.slug),
target_status_code=200)
order = self._finish()
assert order.customer != self.customer
assert order.customer.email == 'foo@example.com'
assert order.email == 'foo@example.com'
assert not order.customer.is_verified
def test_register_invalid(self):
response = self.client.get('/%s/%s/checkout/start' % (self.orga.slug, self.event.slug), follow=True)
self.assertRedirects(response, '/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug),
target_status_code=200)
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'register',
'register-email': 'john@example.org',
'register-name_parts_0': 'John Doe',
}, follow=False)
assert response.status_code == 200
assert b'has-error' in response.content
def test_guest_not_allowed_if_granting_membership(self):
self.ticket.grant_membership_type = self.orga.membership_types.create(
name='Week pass'
)
self.ticket.save()
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'guest'
}, follow=False)
assert response.status_code == 200
def test_guest_not_allowed_if_requiring_membership(self):
self.ticket.require_membership = True
self.ticket.save()
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'guest'
}, follow=False)
assert response.status_code == 200
def test_select_membership(self):
mtype = self.orga.membership_types.create(name='Week pass', transferable=False)
mtype2 = self.orga.membership_types.create(name='Invalid pass')
self.ticket.require_membership = True
self.ticket.require_membership_types.add(mtype)
self.ticket.admission = True
self.ticket.save()
self.event.settings.attendee_names_asked = True
with scopes_disabled():
cp = CartPosition.objects.get()
m_correct1 = self.customer.memberships.create(
membership_type=mtype,
date_start=self.event.date_from - datetime.timedelta(days=1),
date_end=self.event.date_from + datetime.timedelta(days=1),
attendee_name_parts={'_scheme': 'full', 'full_name': 'John Doe'},
)
self.customer.memberships.create(
membership_type=mtype,
date_start=self.event.date_from - datetime.timedelta(days=1),
date_end=self.event.date_from + datetime.timedelta(days=1),
attendee_name_parts={'_scheme': 'full', 'full_name': 'Mark Fisher'},
)
self.customer.memberships.create(
membership_type=mtype,
date_start=self.event.date_from - datetime.timedelta(days=5),
date_end=self.event.date_from - datetime.timedelta(days=1),
attendee_name_parts={'_scheme': 'full', 'full_name': 'Sue Fisher'},
)
self.customer.memberships.create(
membership_type=mtype2,
date_start=self.event.date_from - datetime.timedelta(days=5),
date_end=self.event.date_from + datetime.timedelta(days=1),
attendee_name_parts={'_scheme': 'full', 'full_name': 'Mike Miller'},
)
response = self.client.post('/%s/%s/checkout/customer/' % (self.orga.slug, self.event.slug), {
'customer_mode': 'login',
'login-email': 'john@example.org',
'login-password': 'foo',
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/membership/' % (self.orga.slug, self.event.slug),
target_status_code=200)
assert b'John Doe' in response.content
assert b'Mark Fisher' in response.content
assert b'Sue Fisher' not in response.content
assert b'Mike Miller' not in response.content
response = self.client.post('/%s/%s/checkout/membership/' % (self.orga.slug, self.event.slug), {
f'membership-{cp.pk}-membership': m_correct1.pk,
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug),
target_status_code=200)
assert b'John Doe' in response.content
assert b'Mark Fisher' not in response.content
response = self.client.post('/%s/%s/checkout/questions/' % (self.orga.slug, self.event.slug), {
'email': 'will-be-ignored',
f'{cp.pk}-attendee_name_parts_0': 'will-be-ignored'
}, follow=True)
self.assertRedirects(response, '/%s/%s/checkout/payment/' % (self.orga.slug, self.event.slug),
target_status_code=200)
order = self._finish()
assert order.customer == self.customer
assert order.customer.email == order.email
with scopes_disabled():
assert order.positions.first().used_membership == m_correct1
assert order.positions.first().attendee_name == 'John Doe'

14
src/tests/presale/test_checkoutflow.py
View File

@@ -100,10 +100,12 @@ def test_plugin_in_order(event, mocker):
flow = with_mocked_step(mocker, MockingStep, event)
assert isinstance(flow[0], checkoutflow.AddOnsStep)
assert isinstance(flow[1], checkoutflow.QuestionsStep)
assert isinstance(flow[2], MockingStep)
assert isinstance(flow[3], checkoutflow.PaymentStep)
assert isinstance(flow[4], checkoutflow.ConfirmStep)
assert isinstance(flow[1], checkoutflow.CustomerStep)
assert isinstance(flow[2], checkoutflow.MembershipStep)
assert isinstance(flow[3], checkoutflow.QuestionsStep)
assert isinstance(flow[4], MockingStep)
assert isinstance(flow[5], checkoutflow.PaymentStep)
assert isinstance(flow[6], checkoutflow.ConfirmStep)
@pytest.mark.django_db
@@ -117,9 +119,9 @@ def test_step_ignored(event, mocker, req_with_session):
flow = with_mocked_step(mocker, MockingStep, event)
req_with_session.event = event
assert flow[1].get_next_applicable(req_with_session) is flow[4]
assert flow[3].get_next_applicable(req_with_session) is flow[6]
# flow[3] is also skipped because no payment is required if there is no cart
assert flow[1] is flow[4].get_prev_applicable(req_with_session)
assert flow[3] is flow[6].get_prev_applicable(req_with_session)
@pytest.mark.django_db

405
src/tests/presale/test_customer.py Normal file
View File

@@ -0,0 +1,405 @@
#
# This file is part of pretix (Community Edition).
#
# Copyright (C) 2014-2020 Raphael Michel and contributors
# Copyright (C) 2020-2021 rami.io GmbH and contributors
#
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
# Public License as published by the Free Software Foundation in version 3 of the License.
#
# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
# this file, see <https://pretix.eu/about/en/license>.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along with this program. If not, see
# <https://www.gnu.org/licenses/>.
#
import datetime
from datetime import timedelta
from decimal import Decimal
import pytest
from django.core import mail as djmail
from django.core.signing import dumps
from django.utils.timezone import now
from django_scopes import scopes_disabled
from pretix.base.models import Event, Item, Order, OrderPosition, Organizer
from pretix.presale.forms.customer import TokenGenerator
@pytest.fixture
def env():
o = Organizer.objects.create(name='Big Events LLC', slug='bigevents')
o.settings.customer_accounts = True
event = Event.objects.create(
organizer=o, name='Conference', slug='conf',
date_from=now() + timedelta(days=10),
live=True, is_public=False
)
return o, event
@pytest.mark.django_db
def test_disabled(env, client):
env[0].settings.customer_accounts = False
r = client.get('/bigevents/account/register')
assert r.status_code == 404
r = client.get('/bigevents/account/login')
assert r.status_code == 404
r = client.get('/bigevents/account/pwreset')
assert r.status_code == 404
r = client.get('/bigevents/account/pwrecover')
assert r.status_code == 404
r = client.get('/bigevents/account/activate')
assert r.status_code == 404
r = client.get('/bigevents/account/change')
assert r.status_code == 404
r = client.get('/bigevents/account/confirmchange')
assert r.status_code == 404
r = client.get('/bigevents/account/')
assert r.status_code == 404
@pytest.mark.django_db
def test_org_register(env, client):
r = client.post('/bigevents/account/register', {
'email': 'john@example.org',
'name_parts_0': 'John Doe',
})
assert r.status_code == 302
assert len(djmail.outbox) == 1
with scopes_disabled():
customer = env[0].customers.get(email='john@example.org')
assert not customer.is_verified
assert customer.is_active
r = client.post(
f'/bigevents/account/activate?id={customer.identifier}&token={TokenGenerator().make_token(customer)}', {
'password': 'PANioMR62',
'password_repeat': 'PANioMR62',
})
assert r.status_code == 302
customer.refresh_from_db()
assert customer.check_password('PANioMR62')
assert customer.is_verified
@pytest.mark.django_db
def test_org_register_duplicate_email(env, client):
with scopes_disabled():
env[0].customers.create(email='john@example.org')
r = client.post('/bigevents/account/register', {
'email': 'john@example.org',
'name_parts_0': 'John Doe',
})
assert b'already registered' in r.content
assert r.status_code == 200
@pytest.mark.django_db
def test_org_resetpw(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=False)
r = client.post('/bigevents/account/pwreset', {
'email': 'john@example.org',
})
assert r.status_code == 302
assert len(djmail.outbox) == 1
r = client.post(
f'/bigevents/account/pwrecover?id={customer.identifier}&token={TokenGenerator().make_token(customer)}', {
'password': 'PANioMR62',
'password_repeat': 'PANioMR62',
})
assert r.status_code == 302
customer.refresh_from_db()
assert customer.check_password('PANioMR62')
assert customer.is_verified
@pytest.mark.django_db
def test_org_activate_invalid_token(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=False)
r = client.get(
f'/bigevents/account/activate?id={customer.identifier}&token=.invalid.{TokenGenerator().make_token(customer)}')
assert r.status_code == 302
@pytest.mark.django_db
def test_org_login_logout(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 302
r = client.get(f'/bigevents/account/')
assert r.status_code == 200
r = client.get('/bigevents/account/logout')
assert r.status_code == 302
r = client.get(f'/bigevents/account/')
assert r.status_code == 302
@pytest.mark.django_db
def test_org_login_invalid_password(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'invalid',
})
assert r.status_code == 200
assert b'alert-danger' in r.content
@pytest.mark.django_db
def test_org_login_not_verified(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=False)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 200
assert b'alert-danger' in r.content
@pytest.mark.django_db
def test_org_login_not_active(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True, is_active=False)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 200
assert b'alert-danger' in r.content
@pytest.mark.django_db
@pytest.mark.parametrize("url", [
"account/change",
"account/membership/1/",
"account/",
])
def test_login_required(client, env, url):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
assert client.get('/bigevents/' + url).status_code == 302
client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert client.get('/bigevents/' + url).status_code in (200, 404)
@pytest.mark.django_db
def test_org_order_list(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
event = env[1]
ticket = Item.objects.create(event=event, name='Early-bird ticket', default_price=23, admission=True)
o1 = Order.objects.create(
status=Order.STATUS_PENDING,
event=event,
email='admin@localhost',
datetime=now() - datetime.timedelta(days=3),
expires=now() + datetime.timedelta(days=11),
total=Decimal("23"),
)
OrderPosition.objects.create(
order=o1,
item=ticket,
variation=None,
price=Decimal("23"),
attendee_name_parts={'full_name': "Peter"}
)
o2 = Order.objects.create(
status=Order.STATUS_PENDING,
event=event,
email='john@example.org',
datetime=now() - datetime.timedelta(days=3),
expires=now() + datetime.timedelta(days=11),
total=Decimal("23"),
)
OrderPosition.objects.create(
order=o2,
item=ticket,
variation=None,
price=Decimal("23"),
attendee_name_parts={'full_name': "Peter"}
)
o3 = Order.objects.create(
status=Order.STATUS_PENDING,
event=event,
email='admin@localhost',
customer=customer,
datetime=now() - datetime.timedelta(days=3),
expires=now() + datetime.timedelta(days=11),
total=Decimal("23"),
)
OrderPosition.objects.create(
order=o3,
item=ticket,
variation=None,
price=Decimal("23"),
attendee_name_parts={'full_name': "Peter"}
)
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 302
r = client.get(f'/bigevents/account/')
assert r.status_code == 200
content = r.content.decode()
assert o1.code not in content
assert o2.code in content
assert o3.code in content
@pytest.mark.django_db
def test_change_name(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 302
r = client.post(f'/bigevents/account/change', {
'name_parts_0': 'John Doe',
'email': 'john@example.org',
})
assert r.status_code == 302
customer.refresh_from_db()
assert customer.name == 'John Doe'
@pytest.mark.django_db
def test_change_email(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 302
r = client.post(f'/bigevents/account/change', {
'name_parts_0': 'John Doe',
'email': 'john@example.com'
})
assert r.status_code == 200
customer.refresh_from_db()
assert customer.email == 'john@example.org'
r = client.post(f'/bigevents/account/change', {
'name_parts_0': 'John Doe',
'email': 'john@example.com',
'password_current': 'foo',
})
assert r.status_code == 302
customer.refresh_from_db()
assert customer.email == 'john@example.org'
assert len(djmail.outbox) == 1
token = dumps({
'customer': customer.pk,
'email': 'john@example.com'
}, salt='pretix.presale.views.customer.ChangeInformationView')
r = client.get(f'/bigevents/account/confirmchange?token={token}')
assert r.status_code == 302
customer.refresh_from_db()
assert customer.email == 'john@example.com'
@pytest.mark.django_db
def test_change_pw(env, client):
with scopes_disabled():
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
r = client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert r.status_code == 302
r = client.post(f'/bigevents/account/password', {
'password_current': 'invalid',
'password': 'aYLBRNg4',
'password_repeat': 'aYLBRNg4',
})
assert r.status_code == 200
customer.refresh_from_db()
assert customer.check_password('foo')
r = client.post(f'/bigevents/account/password', {
'password_current': 'foo',
'password': 'aYLBRNg4',
'password_repeat': 'aYLBRNg4',
})
assert r.status_code == 302
customer.refresh_from_db()
assert customer.check_password('aYLBRNg4')
@pytest.mark.django_db
def test_login_per_org(env, client):
with scopes_disabled():
o2 = Organizer.objects.create(name='Demo', slug='demo')
o2.settings.customer_accounts = True
customer = env[0].customers.create(email='john@example.org', is_verified=True)
customer.set_password('foo')
customer.save()
client.post('/bigevents/account/login', {
'email': 'john@example.org',
'password': 'foo',
})
assert client.get('/bigevents/account/').status_code == 200
assert client.get('/demo/account/').status_code == 302