From e0e2b2d7f789c0917d1e52269330a566d10da09d Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Fri, 3 Nov 2023 13:42:34 +0100 Subject: [PATCH] Allow hidden payment methods on payment method change (#3682) * Allow hidden payment methods on payment method change * Save hashes to meta data --- src/pretix/base/payment.py | 9 +++++++-- src/pretix/presale/checkoutflow.py | 3 +++ src/pretix/presale/views/order.py | 24 ++++++++++++++++++++---- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/src/pretix/base/payment.py b/src/pretix/base/payment.py index c12910815..1e134d28f 100644 --- a/src/pretix/base/payment.py +++ b/src/pretix/base/payment.py @@ -817,7 +817,7 @@ class BasePaymentProvider: """ return "" - def order_change_allowed(self, order: Order) -> bool: + def order_change_allowed(self, order: Order, request: HttpRequest=None) -> bool: """ Will be called to check whether it is allowed to change the payment method of an order to this one. @@ -835,7 +835,12 @@ class BasePaymentProvider: return False if self.settings.get('_hidden', as_type=bool): - return False + if request: + hashes = set(request.session.get('pretix_unlock_hashes', [])) | set(order.meta_info_data.get('unlock_hashes', [])) + if hashlib.sha256((self.settings._hidden_seed + self.event.slug).encode()).hexdigest() not in hashes: + return False + else: + return False restricted_countries = self.settings.get('_restricted_countries', as_type=list) if restricted_countries: diff --git a/src/pretix/presale/checkoutflow.py b/src/pretix/presale/checkoutflow.py index 8165bbd23..8872574c3 100644 --- a/src/pretix/presale/checkoutflow.py +++ b/src/pretix/presale/checkoutflow.py @@ -1515,6 +1515,9 @@ class ConfirmStep(CartMixin, AsyncAction, TemplateFlowStep): str(m) for m in self.confirm_messages.values() ] } + unlock_hashes = request.session.get('pretix_unlock_hashes', []) + if unlock_hashes: + meta_info['unlock_hashes'] = unlock_hashes for receiver, response in order_meta_from_request.send(sender=request.event, request=request): meta_info.update(response) diff --git a/src/pretix/presale/views/order.py b/src/pretix/presale/views/order.py index 8edb06fec..7edaa6ce4 100644 --- a/src/pretix/presale/views/order.py +++ b/src/pretix/presale/views/order.py @@ -289,9 +289,17 @@ class OrderDetails(EventViewMixin, OrderDetailMixin, CartMixin, TicketPageMixin, ctx['can_pay'] = False for provider in self.request.event.get_payment_providers().values(): - if provider.is_enabled and provider.order_change_allowed(self.order): - ctx['can_pay'] = True - break + if provider.is_enabled: + + if 'request' in inspect.signature(provider.order_change_allowed).parameters: + if provider.is_enabled and provider.order_change_allowed(self.order, request=self.request): + ctx['can_pay'] = True + break + + else: + if provider.is_enabled and provider.order_change_allowed(self.order): + ctx['can_pay'] = True + break if lp and lp.state not in (OrderPayment.PAYMENT_STATE_CONFIRMED, OrderPayment.PAYMENT_STATE_REFUNDED, OrderPayment.PAYMENT_STATE_CANCELED): @@ -665,8 +673,16 @@ class OrderPayChangeMethod(EventViewMixin, OrderDetailMixin, TemplateView): providers = [] pending_sum = self.order.pending_sum for provider in self.request.event.get_payment_providers().values(): - if not provider.is_enabled or not provider.order_change_allowed(self.order): + if not provider.is_enabled: continue + + if 'request' in inspect.signature(provider.order_change_allowed).parameters: + if not provider.order_change_allowed(self.order, request=self.request): + continue + else: + if not provider.order_change_allowed(self.order): + continue + current_fee = sum(f.value for f in self.open_fees) or Decimal('0.00') fee = provider.calculate_fee(pending_sum - current_fee) if 'order' in inspect.signature(provider.payment_form_render).parameters: