* Pass widget_data to new tab even if 3rd-party cookies are disabled (Z#23176995)
* Perform cookie check earlier
* Deduplicate redirect code
* Don't forget the subevent id
* We still need to pass thru the widget_data parameter
because for an empty cart, take_cart_id will do nothing.
* pass through "consent" as GET-param as well
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Allow to use custom domains for some but not all events
* Update src/pretix/multidomain/urlreverse.py
* Apply suggestions from code review
Co-authored-by: Mira <weller@rami.io>
* Logging for domain config changes
---------
Co-authored-by: Mira <weller@rami.io>
Product categories can now be marked as "cross-selling categories", causing them to
appear in the add-on checkout step as additional recommendations, depending on
their cross-selling visibility (always, only if certain products are already in the cart, or
only if they qualify for a discount according to discount rules).
---------
Co-authored-by: Raphael Michel <michel@rami.io>
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Waiting list: Redirect to shop if no products can be awaited (Z#23168172)
* Update src/pretix/presale/views/waiting.py
Co-authored-by: Mira <weller@rami.io>
---------
Co-authored-by: Mira <weller@rami.io>
* Assign names to compressed scripts
* Make PCI-relevant pages detectable
* Make payment summary markup more consistant to easy work in tracking plugin
* Add docs note
- use hmac.compare_digest for all secret comparisons
- use salted_hmac with sha256 instead of plain sha1 for hashed secrets
- move secret handling into helper functions
Allows organizers to test their shop as if it were a different date and time.
Implemented using a time_machine_now() function which is used instead of regular now(), which can overlay the real date time with a value from a ContextVar, assigned from a session value in EventMiddleware.
For more information, see doc/development/implementation/timemachine.rst
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
Co-authored-by: Raphael Michel <michel@rami.io>
* Allow attendees to modify their data
* Allow attendees to change ticket information
* Update src/pretix/control/templates/pretixcontrol/event/settings.html
Co-authored-by: Mira <weller@rami.io>
* Update src/pretix/presale/views/order.py
Co-authored-by: Mira <weller@rami.io>
* Update src/pretix/base/services/placeholders.py
Co-authored-by: Mira <weller@rami.io>
* Tests fix
* Fix test
---------
Co-authored-by: Mira <weller@rami.io>
* Introduce locking to prevent duplicate invoices
This is not a perfect solution as it does not handle all code paths to
create invoices, but it handles all that seem likely to be triggered
concurrently
* Review note
