CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Upgrade to Django 3.0 and other dependencies (#1568)

Browse Source 
* Upgrade Django to 3.0 and other dependencies to recent versions

* Fix otp version contsraint

* Remove six dependency

* Resolve some warnings

* Fix failing tests

* Update django-countries

* Resolve all RemovedInDjango31Warnings in test suite

* Run isort

* Fix import

* Update PostgreSQL version on travis
This commit is contained in:
Raphael Michel
2020-03-23 15:02:20 +01:00
committed by GitHub
parent 7e9c9beace
commit af23d6e4bf
174 changed files with 380 additions and 380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/pretix/control/views/user.py
View File

@@ -15,9 +15,9 @@ from django.shortcuts import get_object_or_404, redirect
from django.urls import reverse
from django.utils.crypto import get_random_string
from django.utils.functional import cached_property
from django.utils.http import is_safe_url
from django.utils.http import url_has_allowed_host_and_scheme
from django.utils.timezone import now
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import gettext_lazy as _
from django.views import View
from django.views.generic import FormView, ListView, TemplateView, UpdateView
from django_otp.plugins.otp_static.models import StaticDevice
@@ -102,7 +102,7 @@ class ReauthView(TemplateView):
request.session['pretix_auth_login_time'] = t
request.session['pretix_auth_last_used'] = t
next_url = get_auth_backends()[request.user.auth_backend].get_next_url(request)
if next_url and is_safe_url(next_url, allowed_hosts=None):
if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
return redirect(next_url)
return redirect(reverse('control:index'))
else:
@@ -114,7 +114,7 @@ class ReauthView(TemplateView):
u = backend.request_authenticate(request)
if u and u == request.user:
next_url = backend.get_next_url(request)
if next_url and is_safe_url(next_url, allowed_hosts=None):
if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
return redirect(next_url)
return redirect(reverse('control:index'))
return super().get(request, *args, **kwargs)
@@ -700,7 +700,7 @@ class StartStaffSession(StaffMemberRequiredMixin, RecentAuthenticationRequiredMi
session_key=request.session.session_key
)
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
if "next" in request.GET and url_has_allowed_host_and_scheme(request.GET.get("next"), allowed_hosts=None):
return redirect(request.GET.get("next"))
else:
return redirect(reverse("control:index"))