Bump Django to 4.1.* (#2989)

src/pretix/multidomain/event_domain_urlconf.py

@@ -22,8 +22,7 @@
 import importlib.util
 
 from django.apps import apps
-from django.conf.urls import re_path
-from django.urls import include
+from django.urls import include, re_path
 
 from pretix.multidomain.plugin_handler import plugin_event_urls
 from pretix.presale.urls import event_patterns, locale_patterns

src/pretix/multidomain/maindomain_urlconf.py

@@ -35,8 +35,7 @@
 import importlib.util
 
 from django.apps import apps
-from django.conf.urls import re_path
-from django.urls import include
+from django.urls import include, re_path
 from django.views.generic import TemplateView
 
 from pretix.multidomain.plugin_handler import plugin_event_urls

src/pretix/multidomain/middlewares.py

@@ -42,7 +42,9 @@ from django.contrib.sessions.middleware import (
 from django.core.cache import cache
 from django.core.exceptions import DisallowedHost
 from django.http.request import split_domain_port
-from django.middleware.csrf import CsrfViewMiddleware as BaseCsrfMiddleware
+from django.middleware.csrf import (
+    CSRF_SESSION_KEY, CsrfViewMiddleware as BaseCsrfMiddleware,
+)
 from django.shortcuts import render
 from django.urls import set_urlconf
 from django.utils.cache import patch_vary_headers
@@ -189,35 +191,25 @@ class CsrfViewMiddleware(BaseCsrfMiddleware):
     a custom domain.
     """
 
-    def process_response(self, request, response):
-        if getattr(response, 'csrf_processing_done', False):
-            return response
-
-        # If CSRF_COOKIE is unset, then CsrfViewMiddleware.process_view was
-        # never called, probably because a request middleware returned a response
-        # (for example, contrib.auth redirecting to a login page).
-        if request.META.get("CSRF_COOKIE") is None:
-            return response
-
-        if not request.META.get("CSRF_COOKIE_USED", False):
-            return response
-
-        # Set the CSRF cookie even if it's already set, so we renew
-        # the expiry timer.
-        set_cookie_without_samesite(
-            request, response,
-            settings.CSRF_COOKIE_NAME,
-            request.META["CSRF_COOKIE"],
-            max_age=settings.CSRF_COOKIE_AGE,
-            domain=get_cookie_domain(request),
-            path=settings.CSRF_COOKIE_PATH,
-            secure=request.scheme == 'https',
-            httponly=settings.CSRF_COOKIE_HTTPONLY
-        )
-        # Content varies with the CSRF cookie, so set the Vary header.
-        patch_vary_headers(response, ('Cookie',))
-        response.csrf_processing_done = True
-        return response
+    def _set_csrf_cookie(self, request, response):
+        if settings.CSRF_USE_SESSIONS:
+            if request.session.get(CSRF_SESSION_KEY) != request.META["CSRF_COOKIE"]:
+                request.session[CSRF_SESSION_KEY] = request.META["CSRF_COOKIE"]
+        else:
+            # Set the CSRF cookie even if it's already set, so we renew
+            # the expiry timer.
+            set_cookie_without_samesite(
+                request, response,
+                settings.CSRF_COOKIE_NAME,
+                request.META["CSRF_COOKIE"],
+                max_age=settings.CSRF_COOKIE_AGE,
+                domain=get_cookie_domain(request),
+                path=settings.CSRF_COOKIE_PATH,
+                secure=request.scheme == 'https',
+                httponly=settings.CSRF_COOKIE_HTTPONLY
+            )
+            # Content varies with the CSRF cookie, so set the Vary header.
+            patch_vary_headers(response, ('Cookie',))
 
 
 def get_cookie_domain(request):

src/pretix/multidomain/organizer_domain_urlconf.py

@@ -22,8 +22,7 @@
 import importlib.util
 
 from django.apps import apps
-from django.conf.urls import re_path
-from django.urls import include
+from django.urls import include, re_path
 
 from pretix.multidomain.plugin_handler import plugin_event_urls
 from pretix.presale.urls import (

src/pretix/multidomain/urlreverse.py

@@ -45,6 +45,9 @@ from .models import KnownDomain
 
 def get_event_domain(event, fallback=False, return_info=False):
     assert isinstance(event, Event)
+    if not event.pk:
+        # Can happen on the "event deleted" response
+        return (None, None) if return_info else None
     suffix = ('_fallback' if fallback else '') + ('_info' if return_info else '')
     domain = getattr(event, '_cached_domain' + suffix, None) or event.cache.get('domain' + suffix)
     if domain is None: