License header; isort

src/pretix/base/views/applepay.py

@@ -0,0 +1,53 @@
+#
+# This file is part of pretix (Community Edition).
+#
+# Copyright (C) 2014-2020 Raphael Michel and contributors
+# Copyright (C) 2020-2021 rami.io GmbH and contributors
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
+# Public License as published by the Free Software Foundation in version 3 of the License.
+#
+# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
+# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
+# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
+# this file, see <https://pretix.eu/about/en/license>.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
+# <https://www.gnu.org/licenses/>.
+#
+from django.http import Http404, HttpResponse
+
+from pretix.base.settings import GlobalSettingsObject
+
+
+def association(request, *args, **kwargs):
+    # This is a crutch to enable event- or organizer-level overrides for the default
+    # ApplePay MerchantID domain validation/association file.
+    # We do not provide any FormFields for this on purpose!
+    #
+    # Please refer to https://github.com/pretix/pretix/pull/3611 to get updates on
+    # the upcoming and official way to temporarily override the association-file,
+    # which will make sure that there are no conflicting requests at the same time.
+    #
+    # Should you opt to manually inject a different association-file into an organizer
+    # or event settings store, we do recommend to remove the setting once you're
+    # done and the domain has been validated.
+    #
+    # If you do not need Stripe's default domain association credential and would
+    # rather serve a different default credential, you can do so through the
+    # Global Settings editor.
+    if hasattr(request, 'event'):
+        settings = request.event.settings
+    elif hasattr(request, 'organizer'):
+        settings = request.organizer.settings
+    else:
+        settings = GlobalSettingsObject().settings
+
+    if not settings.get('apple_domain_association', None):
+        raise Http404('')
+    else:
+        return HttpResponse(settings.get('apple_domain_association'))

src/pretix/control/forms/global_settings.py

@@ -38,6 +38,7 @@ from django import forms
 from django.utils.translation import gettext_lazy as _
 from i18nfield.forms import I18nFormField, I18nTextarea, I18nTextInput
 
+from pretix import settings
 from pretix.base.forms import SecretKeySettingsField, SettingsForm
 from pretix.base.settings import GlobalSettingsObject
 from pretix.base.signals import register_global_settings
@@ -95,6 +96,13 @@ class GlobalSettingsForm(SettingsForm):
                     sample='© <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a> contributors'
                 )
             )),
+            ('apple_domain_association', forms.CharField(
+                required=False,
+                label=_("ApplePay MerchantID Domain Association"),
+                help_text=_("Will be served at {domain}/.well-known/apple-developer-merchantid-domain-association").format(
+                    domain=settings.SITE_URL
+                )
+            ))
         ])
         responses = register_global_settings.send(self)
         for r, response in sorted(responses, key=lambda r: str(r[0])):

src/pretix/plugins/stripe/urls.py

@@ -25,8 +25,7 @@ from pretix.multidomain import event_url
 
 from .views import (
     OrganizerSettingsFormView, ReturnView, ScaReturnView, ScaView,
-    applepay_association, oauth_disconnect, oauth_return, redirect_view,
+    oauth_disconnect, oauth_return, redirect_view, webhook,
-    webhook,
 )
 
 event_patterns = [
@@ -38,13 +37,6 @@ event_patterns = [
         re_path(r'^sca/(?P<order>[^/]+)/(?P<hash>[^/]+)/(?P<payment>[0-9]+)/return/$',
                 ScaReturnView.as_view(), name='sca.return'),
     ])),
-    re_path(r'^.well-known/apple-developer-merchantid-domain-association$',
-            applepay_association, name='applepay.association'),
-]
-
-organizer_patterns = [
-    re_path(r'^.well-known/apple-developer-merchantid-domain-association$',
-            applepay_association, name='applepay.association'),
 ]
 
 urlpatterns = [
@@ -54,6 +46,4 @@ urlpatterns = [
             OrganizerSettingsFormView.as_view(), name='settings.connect'),
     re_path(r'^_stripe/webhook/$', webhook, name='webhook'),
     re_path(r'^_stripe/oauth_return/$', oauth_return, name='oauth.return'),
-    re_path(r'^.well-known/apple-developer-merchantid-domain-association$',
-            applepay_association, name='applepay.association'),
 ]

src/pretix/plugins/stripe/views.py

@@ -476,13 +476,6 @@ def oauth_disconnect(request, **kwargs):
     }))
 
 
-@xframe_options_exempt
-def applepay_association(request, *args, **kwargs):
-    r = render(request, 'pretixplugins/stripe/apple-developer-merchantid-domain-association')
-    r._csp_ignore = True
-    return r
-
-
 class StripeOrderView:
     def dispatch(self, request, *args, **kwargs):
         try:

src/pretix/urls.py

@@ -38,7 +38,7 @@ from django.views.generic import RedirectView
 
 import pretix.control.urls
 import pretix.presale.urls
-from pretix.base.views import js_helpers
+from pretix.base.views import applepay, js_helpers
 
 from .base.views import (
     cachedfiles, csp, health, js_catalog, metrics, redirect, source,
@@ -57,7 +57,9 @@ base_patterns = [
     re_path(r'^agpl_source$', source.get_source, name='source'),
     re_path(r'^js_helpers/states/$', js_helpers.states, name='js_helpers.states'),
     re_path(r'^api/v1/', include(('pretix.api.urls', 'pretixapi'), namespace='api-v1')),
-    re_path(r'^api/$', RedirectView.as_view(url='/api/v1/'), name='redirect-api-version')
+    re_path(r'^api/$', RedirectView.as_view(url='/api/v1/'), name='redirect-api-version'),
+    re_path(r'^.well-known/apple-developer-merchantid-domain-association$',
+            applepay.association, name='applepay.association'),
 ]
 
 control_patterns = [