Allow to transfer tickets

Remove deprecated template part
2018-09-20 21:11:12 +02:00 · 2018-09-20 20:25:23 +02:00
356 changed files with 29974 additions and 50156 deletions
--- a/.travis.sh
+++ b/.travis.sh
@@ -11,6 +11,7 @@ fi
 if [ "$PRETIX_CONFIG_FILE" == "tests/travis_postgres.cfg" ]; then
    psql -c 'create database travis_ci_test;' -U postgres
    pip3 install -Ur src/requirements/postgres.txt
 fi
 if [ "$1" == "style" ]; then
@@ -42,7 +43,7 @@ if [ "$1" == "tests" ]; then
 	cd src
 	python manage.py check
 	make all compress
-	py.test --reruns 5 -n 3 tests
+	py.test --reruns 5 -n 2 tests
 fi
 if [ "$1" == "tests-cov" ]; then
 	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,7 @@
 language: python
 sudo: false
 install:
-  - pip install -U pip wheel setuptools
+  - pip install -U pip wheel setuptools==28.6.1
 script:
  - bash .travis.sh $JOB
 cache:
@@ -18,12 +18,12 @@ matrix:
      env: JOB=tests-cov PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
    - python: 3.6
      env: JOB=style
    - python: 3.5
      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_sqlite.cfg
    - python: 3.6
      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_mysql.cfg
    - python: 3.6
      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
    - python: 3.5
      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
    - python: 3.6
      env: JOB=plugins
    - python: 3.6
@@ -32,15 +32,11 @@ matrix:
      env: JOB=translation-spelling
 addons:
  postgresql: "9.4"
  mariadb: '10.3'
  apt:
      packages:
          - enchant
          - myspell-de-de
          - aspell-en
          - sqlite3
  sources:
    - travis-ci/sqlite3
 branches:
  except:
  - /^weblate-.*/
--- a/43
+++ b/43
@@ -1,26 +1,10 @@
 FROM python:3.6
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
+    apt-get install -y git libxml2-dev libxslt1-dev python-dev python-virtualenv locales \
-            build-essential \
+      libffi-dev build-essential python3-dev zlib1g-dev libssl-dev gettext libpq-dev \
-            default-libmysqlclient-dev \
+      default-libmysqlclient-dev libmemcached-dev libjpeg-dev supervisor nginx sudo \
-            gettext \
+	  --no-install-recommends && \
            git \
            libffi-dev \
            libjpeg-dev \
            libmemcached-dev \
            libpq-dev \
            libssl-dev \
            libxml2-dev \
            libxslt1-dev \
            locales \
            nginx \
            python-dev \
            python-virtualenv \
            python3-dev \
            sudo \
            supervisor \
            zlib1g-dev && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    dpkg-reconfigure locales && \
@@ -35,22 +19,6 @@ RUN apt-get update && \
 ENV LC_ALL=C.UTF-8 \
    DJANGO_SETTINGS_MODULE=production_settings
 # To copy only the requirements files needed to install from PIP
 COPY src/requirements /pretix/src/requirements
 COPY src/requirements.txt /pretix/src
 RUN pip3 install -U \
        pip \
        setuptools \
        wheel && \
    cd /pretix/src && \
    pip3 install \
        -r requirements.txt \
        -r requirements/memcached.txt \
        -r requirements/mysql.txt \
        -r requirements/redis.txt \
        gunicorn && \
    rm -rf ~/.cache/pip
 COPY deployment/docker/pretix.bash /usr/local/bin/pretix
 COPY deployment/docker/supervisord.conf /etc/supervisord.conf
 COPY deployment/docker/nginx.conf /etc/nginx/nginx.conf
@@ -59,8 +27,11 @@ COPY src /pretix/src
 RUN chmod +x /usr/local/bin/pretix && \
    rm /etc/nginx/sites-enabled/default && \
    pip3 install -U pip wheel setuptools && \
    cd /pretix/src && \
    rm -f pretix.cfg && \
    pip3 install -r requirements.txt -r requirements/mysql.txt -r requirements/postgres.txt \
    	-r requirements/memcached.txt -r requirements/redis.txt gunicorn && \
 	mkdir -p data && \
    chown -R pretixuser:pretixuser /pretix /data data && \
 	sudo -u pretixuser make production
--- a/doc/admin/config.rst
+++ b/doc/admin/config.rst
@@ -295,13 +295,5 @@ various places like order codes, secrets in the ticket QR codes, etc. Example::
    ; Voucher code needs to be < 255 characters, default is 16
    voucher_code=16
 External tools
 --------------
 pretix can make use of some external tools if they are installed. Currently, they are all optional. Example::
    [tools]
    pdftk=/usr/bin/pdftk
 .. _Python documentation: https://docs.python.org/3/library/configparser.html?highlight=configparser#supported-ini-file-structure
 .. _Celery documentation: http://docs.celeryproject.org/en/latest/userguide/configuration.html
--- a/doc/admin/installation/dev_version.rst
+++ b/doc/admin/installation/dev_version.rst
@@ -1,37 +0,0 @@
 .. highlight:: none
 Installing a development version
 ================================
 If you want to use a feature of pretix that is not yet contained in the last monthly release, you can also
 install a development version with pretix.
 .. warning:: When in production, we strongly recommend only installing released versions. Development versions might
             be broken, incompatible to plugins, or in rare cases incompatible to upgrade later on.
 Manual installation
 -------------------
 You can use ``pip`` to update pretix directly to the development branch. Then, upgrade as usual::
    $ source /var/pretix/venv/bin/activate
    (venv)$ pip3 install -U "git+https://github.com/pretix/pretix.git#egg=pretix&subdirectory=src"
    (venv)$ python -m pretix migrate
    (venv)$ python -m pretix rebuild
    (venv)$ python -m pretix updatestyles
    # systemctl restart pretix-web pretix-worker
 Docker installation
 -------------------
 To use the latest development version with Docker, first pull it from Docker Hub::
    $ docker pull pretix/standalone:latest
 Then change your ``/etc/systemd/system/pretix.service`` file to use the ``:latest`` tag instead of ``:stable`` as well
 and upgrade as usual::
    $ systemctl restart pretix.service
    $ docker exec -it pretix.service pretix upgrade
--- a/doc/admin/installation/docker_smallscale.rst
+++ b/doc/admin/installation/docker_smallscale.rst
@@ -26,7 +26,7 @@ installation guides):
 * `Docker`_
 * A SMTP server to send out mails, e.g. `Postfix`_ on your machine or some third-party server you have credentials for
 * A HTTP reverse proxy, e.g. `nginx`_ or Apache to allow HTTPS connections
-* A `PostgreSQL`_, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
+* A `MySQL`_ or `PostgreSQL`_ database server
 * A `redis`_ server
 We also recommend that you use a firewall, although this is not a pretix-specific recommendation. If you're new to
@@ -36,9 +36,6 @@ Linux and firewalls, we recommend that you start with `ufw`_.
          SSL certificates can be obtained for free these days. We also *do not* provide support for HTTP-only
          installations except for evaluation purposes.
 .. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
             **MariaDB 10.2.7 or newer**.
 On this guide
 -------------
@@ -61,7 +58,7 @@ Next, we need a database and a database user. We can create these with any kind
 our database's shell, e.g. for MySQL::
    $ mysql -u root -p
-    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
+    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
    mysql> GRANT ALL PRIVILEGES ON pretix.* TO pretix@'localhost' IDENTIFIED BY '*********';
    mysql> FLUSH PRIVILEGES;
--- a/doc/admin/installation/enterprise.rst
+++ b/doc/admin/installation/enterprise.rst
@@ -1,84 +0,0 @@
 .. highlight:: none
 Installing pretix Enterprise plugins
 ====================================
 If you want to use a feature of pretix that is part of our commercial offering pretix Enterprise, you need to follow
 some extra steps. Installation works similar to normal pretix plugins, but involves a few extra steps.
 Buying the license
 ------------------
 To obtain a license, please get in touch at sales@pretix.eu. Please let us know how many tickets you roughly intend
 to sell per year and how many servers you want to use the plugin on. We recommend having a look at our `price list`_
 first.
 Manual installation
 -------------------
 First, generate an SSH key for the system user that you install pretix as. In our tutorial, that would be the user
 ``pretix``. Choose an empty passphrase::
    # su pretix
    $ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/var/pretix/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /var/pretix/.ssh/id_rsa.
    Your public key has been saved in /var/pretix/.ssh/id_rsa.pub.
 Next, send the content of the *public* key to your sales representative at pretix::
    $ cat /var/pretix/.ssh/id_rsa.pub
    ssh-rsa AAAAB3N...744HZawHlD pretix@foo
 After we configured your key in our system, you can install the plugin directly using ``pip`` from the URL we told
 you, for example::
    $ source /var/pretix/venv/bin/activate
    (venv)$ pip3 install -U "git+ssh://git@code.rami.io:10022/pretix/pretix-slack.git@stable#egg=pretix-slack"
    (venv)$ python -m pretix migrate
    (venv)$ python -m pretix rebuild
    # systemctl restart pretix-web pretix-worker
 Docker installation
 -------------------
 To install a plugin, you need to build your own docker image. To do so, create a new directory to work in. As a first
 step, generate a new SSH key in that directory to use for authentication with us::
    $ cd /home/me/mypretixdocker
    $ ssh-keygen -N "" -f id_pretix_enterprise
 Next, send the content of the *public* key to your sales representative at pretix::
    $ cat id_pretix_enterprise.pub
    ssh-rsa AAAAB3N...744HZawHlD pretix@foo
 After we configured your key in our system, you can add a ``Dockerfile`` in your directory that includes the newly
 generated key and installs the plugin from the URL we told you::
    FROM pretix/standalone:stable
    USER root
    COPY id_pretix_enterprise /root/.ssh/id_rsa
    COPY id_pretix_enterprise.pub /root/.ssh/id_rsa.pub
    RUN chmod -R 0600 /root/.ssh && \
        mkdir -p /etc/ssh && \
        ssh-keyscan -t rsa -p 10022 code.rami.io >> /root/.ssh/known_hosts && \
        echo StrictHostKeyChecking=no >> /root/.ssh/config && \
        pip3 install -Ue "git+ssh://git@code.rami.io:10022/pretix/pretix-slack.git@stable#egg=pretix-slack" && \
        cd /pretix/src && \
        sudo -u pretixuser make production
    USER pretixuser
 Then, build the image for docker::
    $ docker build -t mypretix
 You can now use that image ``mypretix`` instead of ``pretix/standalone:stable`` in your ``/etc/systemd/system/pretix.service``
 service file. Be sure to re-build your custom image after you pulled ``pretix/standalone`` if you want to perform an
 update to a new version of pretix.
 .. _price list: https://pretix.eu/about/en/pricing
--- a/doc/admin/installation/general.rst
+++ b/doc/admin/installation/general.rst
@@ -21,9 +21,6 @@ To use pretix, you will need the following things:
  .. warning:: Do not ever use SQLite in production. It will break.
  .. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
               **MariaDB 10.2.7 or newer**.
 * A **reverse proxy**. pretix needs to deliver some static content to your users (e.g. CSS, images, ...). While pretix
  is capable of doing this, having this handled by a proper web server like **nginx** or **Apache** will be much
  faster. Also, you need a proxying web server in front to provide SSL encryption.
--- a/doc/admin/installation/index.rst
+++ b/doc/admin/installation/index.rst
@@ -10,5 +10,3 @@ for your needs.
   general
   docker_smallscale
   manual_smallscale
   dev_version
   enterprise
--- a/doc/admin/installation/manual_smallscale.rst
+++ b/doc/admin/installation/manual_smallscale.rst
@@ -23,7 +23,7 @@ installation guides):
 * A SMTP server to send out mails, e.g. `Postfix`_ on your machine or some third-party server you have credentials for
 * A HTTP reverse proxy, e.g. `nginx`_ or Apache to allow HTTPS connections
-* A `PostgreSQL`_, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
+* A `MySQL`_ or `PostgreSQL`_ database server
 * A `redis`_ server
 We also recommend that you use a firewall, although this is not a pretix-specific recommendation. If you're new to
@@ -33,9 +33,6 @@ Linux and firewalls, we recommend that you start with `ufw`_.
          SSL certificates can be obtained for free these days. We also *do not* provide support for HTTP-only
          installations except for evaluation purposes.
 .. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
             **MariaDB 10.2.7 or newer**.
 Unix user
 ---------
@@ -53,7 +50,7 @@ Having the database server installed, we still need a database and a database us
 of database managing tool or directly on our database's shell, e.g. for MySQL::
    $ mysql -u root -p
-    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
+    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
    mysql> GRANT ALL PRIVILEGES ON pretix.* TO pretix@'localhost' IDENTIFIED BY '*********';
    mysql> FLUSH PRIVILEGES;
--- a/doc/api/auth.rst
+++ b/doc/api/auth.rst
@@ -1,9 +0,0 @@
 Authentication
 ==============
 .. toctree::
   :maxdepth: 2
   tokenauth
   oauth
   deviceauth
--- a/doc/api/deviceauth.rst
+++ b/doc/api/deviceauth.rst
@@ -1,137 +0,0 @@
 .. _`rest-deviceauth`:
 Device authentication
 =====================
 Initializing a new device
 -------------------------
 Users can create new devices in the "Device" section of their organizer settings. When creating
 a new device, users can specify a list of events the device is allowed to access. After a new
 device is created, users will be presented initialization instructions, consisting of an URL
 and an initialization token. They will also be shown as a QR code with the following contents::
   {"handshake_version": 1, "url": "https://pretix.eu", "token": "kpp4jn8g2ynzonp6"}
 Your application should be able to scan a QR code of this type, or allow to enter the URL and the
 initialization token manually. The handshake version is not used for manual initialization. When a
 QR code is scanned with a higher handshake version than you support, you should reject the request
 and prompt the user to update the client application.
 After your application received the token, you need to call the initialization endpoint to obtain
 a proper API token. At this point, you need to identify the name and version of your application,
 as well as the type of underlying hardware. Example:
 .. sourcecode:: http
   POST /api/v1/device/initialize HTTP/1.1
   Host: pretix.eu
   Content-Type: application/json
   {
       "token": "kpp4jn8g2ynzonp6",
       "hardware_brand": "Samsung",
       "hardware_model": "Galaxy S",
       "software_brand": "pretixdroid",
       "software_version": "4.0.0"
   }
 Every initialization token can only be used once. On success, you will receive a response containing
 information on your device as well as your API token:
 .. sourcecode:: http
   HTTP/1.1 200 OK
   Content-Type: application/json
   {
       "organizer": "foo",
       "device_id": 5,
       "unique_serial": "HHZ9LW9JWP390VFZ",
       "api_token": "1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd",
       "name": "Bar"
   }
 Please make sure that you store this ``api_token`` value. We also recommend storing your device ID, your assigned
 ``unique_serial``, and the ``organizer`` you have access to, but that's up to you.
 In case of an error, the response will look like this:
 .. sourcecode:: http
   HTTP/1.1 400 Bad Request
   Content-Type: application/json
   {"token":["This initialization token has already been used."]}
 Performing API requests
 -----------------------
 You need to include the API token with every request to pretix' API in the ``Authorization`` header
 like the following:
 .. sourcecode:: http
   :emphasize-lines: 3
   GET /api/v1/organizers/ HTTP/1.1
   Host: pretix.eu
   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
 Updating the software version
 -----------------------------
 If your application is updated, we ask you to tell the server about the new version in use. You can do this at the
 following endpoint:
 .. sourcecode:: http
   POST /api/v1/device/update HTTP/1.1
   Host: pretix.eu
   Content-Type: application/json
   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
   {
       "hardware_brand": "Samsung",
       "hardware_model": "Galaxy S",
       "software_brand": "pretixdroid",
       "software_version": "4.1.0"
   }
 Creating a new API key
 ----------------------
 If you think your API key might have leaked or just want to be extra cautious, the API allows you to create a new key.
 The old API key will be invalid immediately. A request for a new key looks like this:
 .. sourcecode:: http
   POST /api/v1/device/roll HTTP/1.1
   Host: pretix.eu
   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
 The response will look like the response to the initialization request.
 Removing a device
 -----------------
 If you want implement a way to to deprovision a device in your software, you can call the ``revoke`` endpoint to
 invalidate your API key. There is no way to reverse this operation.
 .. sourcecode:: http
   POST /api/v1/device/revoke HTTP/1.1
   Host: pretix.eu
   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
 This can also be done by the user through the web interface.
 Permissions
 -----------
 Device authentication is currently hardcoded to grant the following permissions:
 * View event meta data and products etc.
 * View and change orders
 Devices cannot change events or products and cannot access vouchers.
--- a/doc/api/fundamentals.rst
+++ b/doc/api/fundamentals.rst
@@ -9,20 +9,44 @@ with pretix' REST API, such as authentication, pagination and similar definition
 Authentication
 --------------
-To access the API, you need to present valid authentication credentials. pretix currently
+If you're building an application for end users, we strongly recommend that you use our
-supports the following authorization schemes:
+:ref:`OAuth-based authentication progress <rest-oauth>`. However, for simpler needs, you
 can also go with static API tokens that you can create on a per-team basis (see below).
-* :ref:`rest-tokenauth`: This is the simplest way and recommended for server-side applications
+You need to include the API token with every request to pretix' API in the ``Authorization`` header
-  that interact with pretix without user interaction.
+like the following:
-* :ref:`rest-oauth`: This is the recommended way to use if you write a third-party application
+
-  that users can connect with their pretix account. It provides the best user experience, but
+.. sourcecode:: http
-  requires user interaction and slightly more implementation effort.
+   :emphasize-lines: 3
-* :ref:`rest-deviceauth`: This is the recommended way if you build apps or hardware devices that can
+
-  connect to pretix, e.g. for processing check-ins or to sell tickets offline. It provides a way
+   GET /api/v1/organizers/ HTTP/1.1
-  to uniquely identify devices and allows for a quick configuration flow inside your software.
+   Host: pretix.eu
-* Authentication using browser sessions: This is used by the pretix web interface and it is *not*
+   Authorization: Token e1l6gq2ye72thbwkacj7jbri7a7tvxe614ojv8ybureain92ocub46t5gab5966k
-  officially supported for use by third-party applications. It might change or be removed at any
+
-  time without prior notice. If you use it, you need to comply with Django's `CSRF policies`_.
+.. note:: The API currently also supports authentication via browser sessions, i.e. the
          same way that you authenticate with pretix when using the browser interface.
          Using this type of authentication is *not* officially supported for use by
          third-party clients and might change or be removed at any time. We plan on
          adding OAuth2 support in the future for user-level authentication. If you want
          to use session authentication, be sure to comply with Django's `CSRF policies`_.
 Obtaining an API token
 ----------------------
 To authenticate your API requests, you need to obtain an API token. You can create a
 token in the pretix web interface on the level of organizer teams. Create a new team
 or choose an existing team that has the level of permissions the token should have and
 create a new token using the form below the list of team members:
 .. image:: img/token_form.png
    :class: screenshot
 You can enter a description for the token to distinguish from other tokens later on.
 Once you click "Add", you will be provided with an API token in the success message.
 Copy this token, as you won't be able to retrieve it again.
 .. image:: img/token_success.png
    :class: screenshot
 Permissions
 -----------
@@ -148,7 +172,6 @@ Field specific input errors include the name of the offending fields as keys in
   {"amount": ["A valid integer is required."], "description": ["This field may not be blank."]}
 If you see errors of type ``429 Too Many Requests``, you should read our documentation on :ref:`rest-ratelimit`.
 Data types
 ----------
@@ -181,4 +204,4 @@ as the string values ``true`` and ``false``.
 If the ``ordering`` parameter is documented for a resource, you can use it to sort the result set by one of the allowed
 fields. Prepend a ``-`` to the field name to reverse the sort order.
-.. _CSRF policies: https://docs.djangoproject.com/en/1.11/ref/csrf/#ajax
+.. _CSRF policies: https://docs.djangoproject.com/en/1.11/ref/csrf/#ajax
--- a/doc/api/index.rst
+++ b/doc/api/index.rst
@@ -14,7 +14,5 @@ in functionality over time.
   :maxdepth: 2
   fundamentals
-   auth
+   oauth
   resources/index
   ratelimit
   webhooks
--- a/doc/api/oauth.rst
+++ b/doc/api/oauth.rst
@@ -1,7 +1,7 @@
 .. _`rest-oauth`:
-OAuth authentication / "Connect with pretix"
+OAuth support / "Connect with pretix"
-============================================
+=====================================
 In addition to static tokens, pretix supports `OAuth2`_-based authentication starting with
 pretix 1.16. This allows you to put a "Connect with pretix" button into your website or tool
@@ -166,42 +166,6 @@ endpoint to revoke it.
 If you want to revoke your client secret, you can generate a new one in the list of your managed applications in the
 pretix user interface.
 Fetching the user profile
 -------------------------
 If you need the user's meta data, you can fetch it here:
 .. http:get:: /api/v1/me
   Returns the profile of the authenticated user
   **Example request**:
   .. sourcecode:: http
      GET /api/v1/me HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
      Authorization: Bearer i3ytqTSRWsKp16fqjekHXa4tdM4qNC
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 200 OK
      Vary: Accept
      Content-Type: application/json
      {
        email: "admin@localhost",
        fullname: "John Doe",
        locale: "de",
        timezone: "Europe/Berlin"
      }
   :statuscode 200: no error
   :statuscode 401: Authentication failure
 .. _OAuth2: https://en.wikipedia.org/wiki/OAuth
 .. _OAuth2 Simplified: https://aaronparecki.com/oauth-2-simplified/
-.. _HTTP Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication
+.. _HTTP Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication
--- a/doc/api/ratelimit.rst
+++ b/doc/api/ratelimit.rst
@@ -1,31 +0,0 @@
 .. _`rest-ratelimit`:
 Rate limiting
 =============
 .. note:: This page only applies to the pretix Hosted service at pretix.eu. APIs of custom pretix installations do not
          enforce any rate limiting by default.
 All authenticated requests to pretix' API are rate limited. If you exceed the limits, you will receive a response
 with HTTP status code ``429 Too Many Requests``. This response will have a ``Retry-After`` header, containing the number
 of seconds you are supposed to wait until you try again. We expect that all API clients respect this. If you continue
 to burst requests after a ``429`` status code, we might get in touch with you or, in extreme cases, disable your API
 access.
 Currently, the following rate limits apply:
 .. rst-class:: rest-resource-table
 ===================================== =================================================================================
 Authentication method                 Rate limit
 ===================================== =================================================================================
 :ref:`rest-deviceauth`                360 requests per minute per device
 :ref:`rest-tokenauth`                 360 requests per minute per organizer account
 :ref:`rest-oauth`                     360 requests per minute per combination of accessed organizer and OAuth application
 Session authentication                *Not an officially supported authentication method for external access*
 ===================================== =================================================================================
 If you require a higher rate limit, please get in touch at support@pretix.eu and tell us about your use case, we are
 sure we can work something out.
--- a/doc/api/resources/carts.rst
+++ b/doc/api/resources/carts.rst
@@ -25,7 +25,6 @@ item                                  integer                    ID of the item
 variation                             integer                    ID of the variation (or ``null``)
 price                                 money (string)             Price of this position
 attendee_name                         string                     Specified attendee name for this position (or ``null``)
 attendee_name_parts                   object of strings          Composition of attendee name (i.e. first name, last name, …)
 attendee_email                        string                     Specified attendee email address for this position (or ``null``)
 voucher                               integer                    Internal ID of the voucher used for this position (or ``null``)
 addon_to                              integer                    Internal ID of the position this position is an add-on for (or ``null``)
@@ -79,7 +78,6 @@ Cart position endpoints
            "variation": null,
            "price": "23.00",
            "attendee_name": null,
            "attendee_name_parts": {},
            "attendee_email": null,
            "voucher": null,
            "addon_to": null,
@@ -124,7 +122,6 @@ Cart position endpoints
        "variation": null,
        "price": "23.00",
        "attendee_name": null,
        "attendee_name_parts": {},
        "attendee_email": null,
        "voucher": null,
        "addon_to": null,
@@ -178,7 +175,7 @@ Cart position endpoints
   * ``item``
   * ``variation`` (optional)
   * ``price``
-   * ``attendee_name`` **or** ``attendee_name_parts`` (optional)
+   * ``attendee_name`` (optional)
   * ``attendee_email`` (optional)
   * ``subevent`` (optional)
   * ``expires`` (optional)
@@ -202,10 +199,7 @@ Cart position endpoints
        "item": 1,
        "variation": null,
        "price": "23.00",
-        "attendee_name_parts": {
+        "attendee_name": "Peter",
          "given_name": "Peter",
          "family_name": "Miller"
        },
        "attendee_email": null,
        "answers": [
          {
--- a/doc/api/resources/checkinlists.rst
+++ b/doc/api/resources/checkinlists.rst
@@ -371,9 +371,6 @@ Order position endpoints
            "variation": null,
            "price": "23.00",
            "attendee_name": "Peter",
            "attendee_name_parts": {
              "full_name": "Peter",
            },
            "attendee_email": null,
            "voucher": null,
            "tax_rate": "0.00",
@@ -469,9 +466,6 @@ Order position endpoints
        "variation": null,
        "price": "23.00",
        "attendee_name": "Peter",
        "attendee_name_parts": {
          "full_name": "Peter",
        },
        "attendee_email": null,
        "voucher": null,
        "tax_rate": "0.00",
--- a/doc/api/resources/events.rst
+++ b/doc/api/resources/events.rst
@@ -41,10 +41,6 @@ plugins                               list                       A list of packa
   The ``plugins`` field has been added.
   The operations POST, PATCH, PUT and DELETE have been added.
 .. versionchanged:: 2.1
   Filters have been added to the list of events.
 Endpoints
 ---------
@@ -100,12 +96,6 @@ Endpoints
      }
   :query page: The page number in case of a multi-page result set, default is 1
   :query is_public: If set to ``true``/``false``, only events with a matching value of ``is_public`` are returned.
   :query live: If set to ``true``/``false``, only events with a matching value of ``live`` are returned.
   :query has_subevents: If set to ``true``/``false``, only events with a matching value of ``has_subevents`` are returned.
   :query is_future: If set to ``true`` (``false``), only events that happen currently or in the future are (not) returned. Event series are never (always) returned.
   :query is_past: If set to ``true`` (``false``), only events that are over are (not) returned. Event series are never (always) returned.
   :query ends_after: If set to a date and time, only events that happen during of after the given time are returned. Event series are never returned.
   :param organizer: The ``slug`` field of a valid organizer
   :statuscode 200: no error
   :statuscode 401: Authentication failure
--- a/doc/api/resources/index.rst
+++ b/doc/api/resources/index.rst
@@ -21,4 +21,3 @@ Resources and endpoints
   checkinlists
   waitinglist
   carts
   webhooks
--- a/doc/api/resources/items.rst
+++ b/doc/api/resources/items.rst
@@ -37,8 +37,6 @@ admission                             boolean                    ``True`` for it
 position                              integer                    An integer, used for sorting
 picture                               string                     A product picture to be displayed in the shop
                                                                 (read-only).
 sales_channels                        list of strings            Sales channels this product is available on, such as
                                                                 ``"web"`` or ``"resellers"``. Defaults to ``["web"]``.
 available_from                        datetime                   The first date time at which this item can be bought
                                                                 (or ``null``).
 available_until                       datetime                   The last date time at which this item can be bought
@@ -107,10 +105,6 @@ addons                                list of objects            Definition of a
   The field ``require_approval`` has been added.
 .. versionchanged:: 2.3
   The ``sales_channels`` attribute has been added.
 Notes
 -----
 Please note that an item either always has variations or never has. Once created with variations the item can never
@@ -153,7 +147,6 @@ Endpoints
            "id": 1,
            "name": {"en": "Standard ticket"},
            "internal_name": "",
            "sales_channels": ["web"],
            "default_price": "23.00",
            "original_price": null,
            "category": null,
@@ -239,7 +232,6 @@ Endpoints
        "id": 1,
        "name": {"en": "Standard ticket"},
        "internal_name": "",
        "sales_channels": ["web"],
        "default_price": "23.00",
        "original_price": null,
        "category": null,
@@ -306,7 +298,6 @@ Endpoints
        "id": 1,
        "name": {"en": "Standard ticket"},
        "internal_name": "",
        "sales_channels": ["web"],
        "default_price": "23.00",
        "original_price": null,
        "category": null,
@@ -360,7 +351,6 @@ Endpoints
        "id": 1,
        "name": {"en": "Standard ticket"},
        "internal_name": "",
        "sales_channels": ["web"],
        "default_price": "23.00",
        "original_price": null,
        "category": null,
@@ -446,7 +436,6 @@ Endpoints
        "id": 1,
        "name": {"en": "Ticket"},
        "internal_name": "",
        "sales_channels": ["web"],
        "default_price": "25.00",
        "original_price": null,
        "category": null,
--- a/doc/api/resources/orders.rst
+++ b/doc/api/resources/orders.rst
@@ -30,8 +30,6 @@ status                                string                     Order status, o
 secret                                string                     The secret contained in the link sent to the customer
 email                                 string                     The customer email address
 locale                                string                     The locale used for communication with this customer
 sales_channel                         string                     Channel this sale was created through, such as
                                                                 ``"web"``.
 datetime                              datetime                   Time of order creation
 expires                               datetime                   The order will expire, if it is still pending by this time
 payment_date                          date                       **DEPRECATED AND INACCURATE** Date of payment receipt
@@ -48,7 +46,6 @@ invoice_address                       object                     Invoice address
                                                                 for orders created before pretix 1.7, do not rely on
                                                                 it).
 ├ name                                string                     Customer name
 ├ name_parts                          object of strings          Customer name decomposition
 ├ street                              string                     Customer street
 ├ zipcode                             string                     Customer ZIP code
 ├ city                                string                     Customer city
@@ -123,10 +120,6 @@ last_modified                         datetime                   Last modificati
   nested ``payments`` and ``refunds`` resources, but will still be served and removed in 2.2. The ``require_approval``
   attribute has been added, as have been the ``…/approve/`` and ``…/deny/`` endpoints.
 .. versionchanged:: 2.3
   The ``sales_channel`` attribute has been added.
 .. _order-position-resource:
 Order position resource
@@ -144,7 +137,6 @@ item                                  integer                    ID of the purch
 variation                             integer                    ID of the purchased variation (or ``null``)
 price                                 money (string)             Price of this position
 attendee_name                         string                     Specified attendee name for this position (or ``null``)
 attendee_name_parts                   object of strings          Decomposition of attendee name (i.e. given name, family name)
 attendee_email                        string                     Specified attendee email address for this position (or ``null``)
 voucher                               integer                    Internal ID of the voucher used for this position (or ``null``)
 tax_rate                              decimal (string)           VAT rate applied for this position
@@ -271,7 +263,6 @@ List of all orders
            "secret": "k24fiuwvu8kxz3y1",
            "email": "tester@example.org",
            "locale": "en",
            "sales_channel": "web",
            "datetime": "2017-12-01T10:00:00Z",
            "expires": "2017-12-10T10:00:00Z",
            "last_modified": "2017-12-01T10:00:00Z",
@@ -287,7 +278,6 @@ List of all orders
                "is_business": True,
                "company": "Sample company",
                "name": "John Doe",
                "name_parts": {"full_name": "John Doe"},
                "street": "Test street 12",
                "zipcode": "12345",
                "city": "Testington",
@@ -305,9 +295,6 @@ List of all orders
                "variation": null,
                "price": "23.00",
                "attendee_name": "Peter",
                "attendee_name_parts": {
                  "full_name": "Peter",
                },
                "attendee_email": null,
                "voucher": null,
                "tax_rate": "0.00",
@@ -408,7 +395,6 @@ Fetching individual orders
        "secret": "k24fiuwvu8kxz3y1",
        "email": "tester@example.org",
        "locale": "en",
        "sales_channel": "web",
        "datetime": "2017-12-01T10:00:00Z",
        "expires": "2017-12-10T10:00:00Z",
        "last_modified": "2017-12-01T10:00:00Z",
@@ -424,7 +410,6 @@ Fetching individual orders
            "company": "Sample company",
            "is_business": True,
            "name": "John Doe",
            "name_parts": {"full_name": "John Doe"},
            "street": "Test street 12",
            "zipcode": "12345",
            "city": "Testington",
@@ -442,9 +427,6 @@ Fetching individual orders
            "variation": null,
            "price": "23.00",
            "attendee_name": "Peter",
            "attendee_name_parts": {
              "full_name": "Peter",
            },
            "attendee_email": null,
            "voucher": null,
            "tax_rate": "0.00",
@@ -569,8 +551,6 @@ Creating orders
       * does not validate if products are only to be sold in a specific time frame
       * does not validate if products are only to be sold on other sales channels
       * does not validate if the event's ticket sales are already over or haven't started
       * does not validate the number of items per order or the number of times an item can be included in an order
@@ -607,7 +587,6 @@ Creating orders
     creation.
   * ``email``
   * ``locale``
   * ``sales_channel``
   * ``payment_provider`` – The identifier of the payment provider set for this order. This needs to be an existing
     payment provider. You should use ``"free"`` for free orders, and we strongly advise to use ``"manual"`` for all
     orders you create as paid.
@@ -622,7 +601,7 @@ Creating orders
      * ``company``
      * ``is_business``
-      * ``name`` **or** ``name_parts``
+      * ``name``
      * ``street``
      * ``zipcode``
      * ``city``
@@ -636,7 +615,7 @@ Creating orders
      * ``item``
      * ``variation``
      * ``price``
-      * ``attendee_name`` **or** ``attendee_name_parts``
+      * ``attendee_name``
      * ``attendee_email``
      * ``secret`` (optional)
      * ``addon_to`` (optional, see below)
@@ -672,7 +651,6 @@ Creating orders
      {
        "email": "dummy@example.org",
        "locale": "en",
        "sales_channel": "web",
        "fees": [
          {
            "fee_type": "payment",
@@ -686,7 +664,7 @@ Creating orders
        "invoice_address": {
          "is_business": False,
          "company": "Sample company",
-          "name_parts": {"full_name": "John Doe"},
+          "name": "John Doe",
          "street": "Sesam Street 12",
          "zipcode": "12345",
          "city": "Sample City",
@@ -700,9 +678,7 @@ Creating orders
            "item": 1,
            "variation": null,
            "price": "23.00",
-            "attendee_name_parts": {
+            "attendee_name": "Peter",
              "full_name": "Peter"
            },
            "attendee_email": null,
            "addon_to": null,
            "answers": [
@@ -1099,9 +1075,6 @@ List of all order positions
            "variation": null,
            "price": "23.00",
            "attendee_name": "Peter",
            "attendee_name_parts": {
              "full_name": "Peter"
            },
            "attendee_email": null,
            "voucher": null,
            "tax_rate": "0.00",
@@ -1199,9 +1172,6 @@ Fetching individual positions
        "variation": null,
        "price": "23.00",
        "attendee_name": "Peter",
        "attendee_name_parts": {
          "full_name": "Peter",
        },
        "attendee_email": null,
        "voucher": null,
        "tax_rate": "0.00",
--- a/doc/api/resources/subevents.rst
+++ b/doc/api/resources/subevents.rst
@@ -17,7 +17,6 @@ Field                                 Type                       Description
 ===================================== ========================== =======================================================
 id                                    integer                    Internal ID of the sub-event
 name                                  multi-lingual string       The sub-event's full name
 event                                 string                     The slug of the parent event
 active                                boolean                    If ``true``, the sub-event ticket shop is publicly
                                                                 available.
 date_from                             datetime                   The sub-event's start date
@@ -41,10 +40,6 @@ meta_data                             dict                       Values set for
   The ``meta_data`` field has been added.
 .. versionchanged:: 2.1
   The ``event`` field has been added, together with filters on the list of dates and an organizer-level list.
 Endpoints
 ---------
@@ -77,7 +72,6 @@ Endpoints
          {
            "id": 1,
            "name": {"en": "First Sample Conference"},
            "event": "sampleconf",
            "active": false,
            "date_from": "2017-12-27T10:00:00Z",
            "date_to": null,
@@ -98,10 +92,6 @@ Endpoints
      }
   :query page: The page number in case of a multi-page result set, default is 1
   :query active: If set to ``true``/``false``, only events with a matching value of ``active`` are returned.
   :query is_future: If set to ``true`` (``false``), only events that happen currently or in the future are (not) returned.
   :query is_past: If set to ``true`` (``false``), only events that are over are (not) returned.
   :query ends_after: If set to a date and time, only events that happen during of after the given time are returned.
   :param organizer: The ``slug`` field of a valid organizer
   :param event: The ``slug`` field of the event to fetch
   :statuscode 200: no error
@@ -131,7 +121,6 @@ Endpoints
      {
        "id": 1,
        "name": {"en": "First Sample Conference"},
        "event": "sampleconf",
        "active": false,
        "date_from": "2017-12-27T10:00:00Z",
        "date_to": null,
@@ -155,63 +144,3 @@ Endpoints
   :statuscode 200: no error
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view it.
 .. http:get:: /api/v1/organizers/(organizer)/subevents/
   Returns a list of all sub-events of any event series you have access to within an organizer account.
   **Example request**:
   .. sourcecode:: http
      GET /api/v1/organizers/bigevents/subevents/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 200 OK
      Vary: Accept
      Content-Type: application/json
      {
        "count": 1,
        "next": null,
        "previous": null,
        "results": [
          {
            "id": 1,
            "name": {"en": "First Sample Conference"},
            "event": "sampleconf",
            "active": false,
            "date_from": "2017-12-27T10:00:00Z",
            "date_to": null,
            "date_admission": null,
            "presale_start": null,
            "presale_end": null,
            "location": null,
            "item_price_overrides": [
              {
                "item": 2,
                "price": "12.00"
              }
            ],
            "variation_price_overrides": [],
            "meta_data": {}
          }
        ]
      }
   :query page: The page number in case of a multi-page result set, default is 1
   :query active: If set to ``true``/``false``, only events with a matching value of ``active`` are returned.
   :query event__live: If set to ``true``/``false``, only events with a matching value of ``live`` on the parent event are returned.
   :query is_future: If set to ``true`` (``false``), only events that happen currently or in the future are (not) returned.
   :query is_past: If set to ``true`` (``false``), only events that are over are (not) returned.
   :query ends_after: If set to a date and time, only events that happen during of after the given time are returned.
   :param organizer: The ``slug`` field of a valid organizer
   :param event: The ``slug`` field of the event to fetch
   :statuscode 200: no error
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer does not exist **or** you have no permission to view it.
--- a/doc/api/resources/vouchers.rst
+++ b/doc/api/resources/vouchers.rst
@@ -231,76 +231,6 @@ Endpoints
   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create this resource.
   :statuscode 409: The server was unable to acquire a lock and could not process your request. You can try again after a short waiting period.
 .. http:post:: /api/v1/organizers/(organizer)/events/(event)/vouchers/batch_create/
   Creates multiple new vouchers atomically.
   **Example request**:
   .. sourcecode:: http
      POST /api/v1/organizers/bigevents/events/sampleconf/vouchers/batch_create/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
      Content-Type: application/json
      Content-Length: 408
      [
        {
          "code": "43K6LKM37FBVR2YG",
          "max_usages": 1,
          "valid_until": null,
          "block_quota": false,
          "allow_ignore_quota": false,
          "price_mode": "set",
          "value": "12.00",
          "item": 1,
          "variation": null,
          "quota": null,
          "tag": "testvoucher",
          "comment": "",
          "subevent": null
        },
        {
          "code": "ASDKLJCYXCASDASD",
          "max_usages": 1,
          "valid_until": null,
          "block_quota": false,
          "allow_ignore_quota": false,
          "price_mode": "set",
          "value": "12.00",
          "item": 1,
          "variation": null,
          "quota": null,
          "tag": "testvoucher",
          "comment": "",
          "subevent": null
        },
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 201 Created
      Vary: Accept
      Content-Type: application/json
      [
        {
          "id": 1,
          "code": "43K6LKM37FBVR2YG",
          …
        }, …
      }
   :param organizer: The ``slug`` field of the organizer to create a vouchers for
   :param event: The ``slug`` field of the event to create a vouchers for
   :statuscode 201: no error
   :statuscode 400: The vouchers could not be created due to invalid submitted data.
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create this resource.
   :statuscode 409: The server was unable to acquire a lock and could not process your request. You can try again after a short waiting period.
 .. http:patch:: /api/v1/organizers/(organizer)/events/(event)/vouchers/(id)/
   Update a voucher. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of
--- a/doc/api/resources/webhooks.rst
+++ b/doc/api/resources/webhooks.rst
@@ -1,243 +0,0 @@
 .. _`rest-webhooks`:
 Webhooks
 ========
 .. note:: This page is about how to modify webhook settings themselves through the REST API. If you just want to know
          how webhooks work, go here: :ref:`webhooks`
 Resource description
 --------------------
 The webhook resource contains the following public fields:
 .. rst-class:: rest-resource-table
 ===================================== ========================== =======================================================
 Field                                 Type                       Description
 ===================================== ========================== =======================================================
 id                                    integer                    Internal ID of the webhook
 enabled                               boolean                    If ``False``, this webhook will not receive any notifications
 target_url                            string                     The URL to call
 all_events                            boolean                    If ``True``, this webhook will receive notifications
                                                                 on all events of this organizer
 limit_events                          list of strings            If ``all_events`` is ``False``, this is a list of
                                                                 event slugs this webhook is active for
 action_types                          list of strings            A list of action type filters that limit the
                                                                 notifications sent to this webhook. See below for
                                                                 valid values
 ===================================== ========================== =======================================================
 The following values for ``action_types`` are valid with pretix core:
    * ``pretix.event.order.placed``
    * ``pretix.event.order.paid``
    * ``pretix.event.order.canceled``
    * ``pretix.event.order.expired``
    * ``pretix.event.order.modified``
    * ``pretix.event.order.contact.changed``
    * ``pretix.event.order.changed.*``
    * ``pretix.event.order.refund.created.externally``
    * ``pretix.event.order.refunded``
    * ``pretix.event.order.approved``
    * ``pretix.event.order.denied``
    * ``pretix.event.checkin``
    * ``pretix.event.checkin.reverted``
 Installed plugins might register more valid values.
 Endpoints
 ---------
 .. http:get:: /api/v1/organizers/(organizer)/webhooks/
   Returns a list of all webhooks within a given organizer.
   **Example request**:
   .. sourcecode:: http
      GET /api/v1/organizers/bigevents/webhooks/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 200 OK
      Vary: Accept
      Content-Type: application/json
      {
        "count": 1,
        "next": null,
        "previous": null,
        "results": [
          {
            "id": 2,
            "enabled": true,
            "target_url": "https://httpstat.us/200",
            "all_events": false,
            "limit_events": ["democon"],
            "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
          }
        ]
      }
   :query integer page: The page number in case of a multi-page result set, default is 1
   :param organizer: The ``slug`` field of the organizer to fetch
   :statuscode 200: no error
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
 .. http:get:: /api/v1/organizers/(organizer)/webhooks/(id)/
   Returns information on one webhook, identified by its ID.
   **Example request**:
   .. sourcecode:: http
      GET /api/v1/organizers/bigevents/webhooks/1/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 200 OK
      Vary: Accept
      Content-Type: application/json
      {
        "id": 2,
        "enabled": true,
        "target_url": "https://httpstat.us/200",
        "all_events": false,
        "limit_events": ["democon"],
        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
      }
   :param organizer: The ``slug`` field of the organizer to fetch
   :param id: The ``id`` field of the webhook to fetch
   :statuscode 200: no error
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
 .. http:post:: /api/v1/organizers/(organizer)/webhooks/
   Creates a new webhook
   **Example request**:
   .. sourcecode:: http
      POST /api/v1/organizers/bigevents/webhooks/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
      Content: application/json
      {
        "enabled": true,
        "target_url": "https://httpstat.us/200",
        "all_events": false,
        "limit_events": ["democon"],
        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
      }
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 201 Created
      Vary: Accept
      Content-Type: application/json
      {
        "id": 3,
        "enabled": true,
        "target_url": "https://httpstat.us/200",
        "all_events": false,
        "limit_events": ["democon"],
        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
      }
   :param organizer: The ``slug`` field of the organizer to create a webhook for
   :statuscode 201: no error
   :statuscode 400: The webhook could not be created due to invalid submitted data.
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
 .. http:patch:: /api/v1/organizers/(organizer)/webhooks/(id)/
   Update a webhook. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of
   the resource, other fields will be reset to default. With ``PATCH``, you only need to provide the fields that you
   want to change.
   You can change all fields of the resource except the ``id`` field.
   **Example request**:
   .. sourcecode:: http
      PATCH /api/v1/organizers/bigevents/webhooks/1/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
      Content-Type: application/json
      Content-Length: 94
      {
        "enabled": false
      }
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 200 OK
      Vary: Accept
      Content-Type: application/json
      {
        "id": 1,
        "enabled": false,
        "target_url": "https://httpstat.us/200",
        "all_events": false,
        "limit_events": ["democon"],
        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
      }
   :param organizer: The ``slug`` field of the organizer to modify
   :param id: The ``id`` field of the webhook to modify
   :statuscode 200: no error
   :statuscode 400: The webhook could not be modified due to invalid submitted data
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
 .. http:delete:: /api/v1/organizers/(organizer)/webhook/(id)/
   Delete a webhook. Currently, this will not delete but just disable the webhook.
   **Example request**:
   .. sourcecode:: http
      DELETE /api/v1/organizers/bigevents/webhooks/1/ HTTP/1.1
      Host: pretix.eu
      Accept: application/json, text/javascript
   **Example response**:
   .. sourcecode:: http
      HTTP/1.1 204 No Content
      Vary: Accept
   :param organizer: The ``slug`` field of the organizer to modify
   :param id: The ``id`` field of the webhook to delete
   :statuscode 204: no error
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer does not exist **or** you have no permission to delete this resource.
--- a/doc/api/tokenauth.rst
+++ b/doc/api/tokenauth.rst
@@ -1,36 +0,0 @@
 .. _`rest-tokenauth`:
 Token-based authentication
 ==========================
 Obtaining an API token
 ----------------------
 To authenticate your API requests with Tokens, you need to obtain a team-level API token.
 You can create a token in the pretix web interface on the level of organizer teams. Create
 a new team or choose an existing team that has the level of permissions the token should
 have and create a new token using the form below the list of team members:
 .. image:: img/token_form.png
   :class: screenshot
 You can enter a description for the token to distinguish from other tokens later on.
 Once you click "Add", you will be provided with an API token in the success message.
 Copy this token, as you won't be able to retrieve it again.
 .. image:: img/token_success.png
   :class: screenshot
 Using an API token
 ------------------
 You need to include the API token with every request to pretix' API in the ``Authorization`` header
 like the following:
 .. sourcecode:: http
   :emphasize-lines: 3
   GET /api/v1/organizers/ HTTP/1.1
   Host: pretix.eu
   Authorization: Token e1l6gq2ye72thbwkacj7jbri7a7tvxe614ojv8ybureain92ocub46t5gab5966k
--- a/doc/api/webhooks.rst
+++ b/doc/api/webhooks.rst
@@ -1,108 +0,0 @@
 .. _`webhooks`:
 Webhooks
 ========
 pretix can send webhook calls to notify your application of any changes that happen inside pretix. This is especially
 useful for everything triggered by an actual user, such as a new ticket sale or the arrival of a payment.
 You can register any number of webhook URLs that pretix will notify any time one of the supported events occurs inside
 your organizer account. A great example use case of webhooks would be to add the buyer to your mailing list every time
 a new order comes in.
 Configuring webhooks
 --------------------
 You can find the list of your active webhooks in the "Webhook" section of your organizer account:
 .. thumbnail:: ../screens/organizer/webhook_list.png
   :align: center
   :class: screenshot
 Click "Create webhook" if you want to add a new URL. You will then be able to enter the URL pretix shall call for
 notifications. You need to select any number of notification types that you want to receive and you can optionally
 filter the events you want to receive notifications for.
 .. thumbnail:: ../screens/organizer/webhook_edit.png
   :align: center
   :class: screenshot
 You can also configure webhooks :ref:`through the API itself <rest-webhooks>`.
 Receiving webhooks
 ------------------
 Creating a webhook endpoint on your server is no different from creating any other page on your website. If your
 website is written in PHP, you might just create a new ``.php`` file on your server; if you use a web framework like
 Symfony or Django, you would just create a new route with the desired URL.
 We will call your URL with a HTTP ``POST`` request with a ``JSON`` body. In PHP, you can parse this like this::
    $input = @file_get_contents('php://input');
    $event_json = json_decode($input);
    // Do something with $event_json
 In Django, you would create a view like this::
    def my_webhook_view(request):
      event_json = json.loads(request.body)
      # Do something with event_json
      return HttpResponse(status=200)
 More samples for the language of your choice are easy to find online.
 The exact body of the request varies by notification type, but for the main types included with pretix core, such as
 those related to changes of an order, it will look like this::
    {
      "notification_id": 123455,
      "organizer": "acmecorp",
      "event": "democon",
      "code": "ABC23",
      "action": "pretix.event.order.placed"
    }
 Notifications regarding a check-in will contain more details like ``orderposition_id``
 and ``checkin_list``.
 .. warning:: You should not trust data supplied to your webhook, but only use it as a trigger to fetch updated data.
             Anyone could send data there if they guess the correct URL and you won't be able to tell. Therefore, we
             only include the minimum amount of data necessary for you to fetch the changed objects from our
             :ref:`rest-api` in an authenticated way.
 If you want to further prevent others from accessing your webhook URL, you can also use `Basic authentication`_ and
 supply the URL to us in the format of ``https://username:password@domain.com/path/``.
 We recommend that you use HTTPS for your webhook URL and might require it in the future. If HTTPS is used, we require
 that a valid certificate is in use.
 .. note:: If you use a web framework that makes use of automatic CSRF protection, this protection might prevent us
          from calling your webhook URL. In this case, we recommend that you turn of CSRF protection selectively
          for that route. In Django, you can do this by putting the ``@csrf_exempt`` decorator on your view. In
          Rails, you can pass an ``except`` parameter to ``protect_from_forgery``.
 Responding to a webhook
 -----------------------
 If you successfully received a webhook call, your endpoint should return a HTTP status code between ``200`` and ``299``.
 If any other status code is returned, we will assume you did not receive the call. This does mean that any redirection
 or ``304 Not Modified`` response will be treated as a failure. pretix will not follow any ``301`` or ``302`` redirect
 headers and pretix will ignore all other information in your response headers or body.
 If we do not receive a status code in the range of ``200`` and ``299``, pretix will retry to deliver for up to three
 days with an exponential back off. Therefore, we recommend that you implement your endpoint in a way where calling it
 multiple times for the same event due to a perceived error does not do any harm.
 There is only one exception: If status code ``410 Gone`` is returned, we will assume the
 endpoint does not exist any more and automatically disable the webhook.
 .. note:: If you use a self-hosted version of pretix (i.e. not our SaaS offering at pretix.eu) and you did not
          configure a background task queue, failed webhooks will not be retried.
 Debugging webhooks
 ------------------
 If you want to debug your webhooks, you can view a log of all sent notifications and the responses of your server for
 30 days right next to your configuration.
 .. _Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication
--- a/doc/development/api/general.rst
+++ b/doc/development/api/general.rst
@@ -12,7 +12,7 @@ Core
 .. automodule:: pretix.base.signals
   :members: periodic_task, event_live_issues, event_copy_data, email_filter, register_notification_types,
-      item_copy_data, register_sales_channels
+      item_copy_data
 Order events
 """"""""""""
--- a/doc/development/api/payment.rst
+++ b/doc/development/api/payment.rst
@@ -64,8 +64,6 @@ The provider class
   .. autoattribute:: settings_form_fields
   .. automethod:: settings_form_clean
   .. automethod:: settings_content_render
   .. automethod:: is_allowed
@@ -98,6 +96,8 @@ The provider class
   .. automethod:: order_change_allowed
   .. automethod:: order_can_retry
   .. automethod:: payment_prepare
   .. automethod:: payment_control_render
--- a/doc/plugins/ticketoutputpdf.rst
+++ b/doc/plugins/ticketoutputpdf.rst
@@ -20,7 +20,6 @@ default                               boolean                    ``true`` if thi
 layout                                object                     Layout specification for libpretixprint
 background                            URL                        Background PDF file
 item_assignments                      list of objects            Products this layout is assigned to
 ├ sales_channel                       string                     Sales channel (defaults to ``web``).
 └ item                                integer                    Item ID
 ===================================== ========================== =======================================================
@@ -28,10 +27,6 @@ item_assignments                      list of objects            Products this l
   This resource has been added.
 .. versionchanged:: 2.3
   The ``item_assignments.sales_channel`` field has been added.
 Endpoints
 ---------
--- a/doc/screens/organizer/webhook_edit.png
+++ b/doc/screens/organizer/webhook_edit.png
--- a/doc/screens/organizer/webhook_list.png
+++ b/doc/screens/organizer/webhook_list.png
--- a/doc/spelling_wordlist.txt
+++ b/doc/spelling_wordlist.txt
@@ -1,6 +1,5 @@
 addon
 addons
 Analytics
 anonymize
 api
 auditability
@@ -24,7 +23,6 @@ cronjob
 cryptographic
 debian
 deduplication
 deprovision
 discoverable
 django
 dockerfile
@@ -66,7 +64,6 @@ ons
 optimizations
 overpayment
 param
 passphrase
 percental
 positionid
 pre
@@ -91,7 +88,6 @@ regex
 renderer
 renderers
 reportlab
 SaaS
 screenshot
 selectable
 serializers
@@ -108,7 +104,6 @@ subevent
 subevents
 submodule
 subpath
 Symfony
 systemd
 testutils
 timestamp
--- a/doc/user/events/widget.rst
+++ b/doc/user/events/widget.rst
@@ -149,101 +149,8 @@ Just as the widget, the button supports the optional attributes ``voucher`` and
 You can style the button using the ``pretix-button`` CSS class.
-Dynamically loading the widget
+.. versionchanged:: 1.13
 ------------------------------
-If you need to control the way or timing the widget loads, for example because you want to modify user data (see
+   The pretix Button has been added in version 1.13.
 below) dynamically via JavaScript, you can register a listener that we will call before creating the widget::
    <script type="text/javascript">
    window.pretixWidgetCallback = function () {
        // Will be run before we create the widget.
    }
    </script>
 If you want, you can suppress us loading the widget and/or modify the user data passed to the widget::
    <script type="text/javascript">
    window.pretixWidgetCallback = function () {
        window.PretixWidget.build_widgets = false;
        window.PretixWidget.widget_data["email"] = "test@example.org";
    }
    </script>
 If you then later want to trigger loading the widgets, just call ``window.PretixWidget.buildWidgets()``.
 Passing user data to the widget
 -------------------------------
 If you display the widget in a restricted area of your website and you want to pre-fill fields in the checkout process
 with known user data to save your users some typing and increase conversions, you can pass additional data attributes
 with that information::
    <pretix-widget event="https://pretix.eu/demo/democon/"
        data-attendee-name-given-name="John"
        data-attendee-name-family-name="Doe"
        data-invoice-address-name-given-name="John"
        data-invoice-address-name-family-name="Doe"
        data-email="test@example.org"
        data-question-L9G8NG9M="Foobar">
    </pretix-widget>
 This works for the pretix Button as well. Currently, the following attributes are understood by pretix itself:
 * ``data-email`` will pre-fill the order email field as well as the attendee email field (if enabled).
 * ``data-question-IDENTIFIER`` will pre-fill the answer for the question with the given identifier. You can view and set
  identifiers in the *Questions* section of the backend.
 * Depending on the person name scheme configured in your event settings, you can pass one or more of
  ``data-attendee-name-full-name``, ``data-attendee-name-given-name``, ``data-attendee-name-family-name``,
  ``data-attendee-name-middle-name``, ``data-attendee-name-title``, ``data-attendee-name-calling-name``,
  ``data-attendee-name-latin-transcription``. If you don't know or don't care, you can also just pass a string as
  ``data-attendee-name``, which will pre-fill the last part of the name, whatever that is.
 * ``data-invoice-address-FIELD`` will  pre-fill the corresponding field of the invoice address. Possible values for
  ``FIELD`` are ``company``, ``street``, ``zipcode``, ``city`` and ``country``, as well as fields specified by the
  naming scheme such as ``name-title`` or ``name-given-name`` (see above). ``country`` expects a two-character
  country code.
 Any configured pretix plugins might understand more data fields. For example, if the appropriate plugins on pretix
 Hosted or pretix Enterprise are active, you can pass the following fields:
 * If you use the campaigns plugin, you can pass a campaign ID as a value to ``data-campaign``. This way, all orders
  made through this widget will be counted towards this campaign.
 * If you use the tracking plugin, you can pass a Google Analytics User ID to enable cross-domain tracking. This will
  require you to dynamically load the widget, like this::
    <script>
        (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
        m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
        })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
        ga('create', 'UA-XXXXXX-1', 'auto');
        ga('send', 'pageview');
        window.pretixWidgetCallback = function () {
            window.PretixWidget.build_widgets = false;
            window.addEventListener('load', function() { // Wait for GA to be loaded
                if(window.ga && ga.create) {
                    ga(function(tracker) {
                        window.PretixWidget.widget_data["tracking-ga-id"] = tracker.get('clientId');
                        window.PretixWidget.buildWidgets()
                    });
                } else { // Tracking is probably blocked
                       window.PretixWidget.buildWidgets()
                }
            });
        };
    </script>
 .. versionchanged:: 2.3
   Data passing options have been added in pretix 2.3. If you use a self-hosted version of pretix, they only work
   fully if you configured a redis server.
 .. _Let's Encrypt: https://letsencrypt.org/
--- a/src/.coveragerc
+++ b/src/.coveragerc
@@ -0,0 +1,12 @@
 [run]
 source = pretix
 omit = */migrations/*,*/urls.py,*/tests/*,*/testdummy/*,*/admin.py,pretix/wsgi.py,pretix/settings.py
 [report]
 exclude_lines =
 	pragma: no cover
 	def __str__
 	der __repr__
 	if settings.DEBUG
 	NOQA
 	NotImplementedError
--- a/src/pretix/init.py
+++ b/src/pretix/init.py
@@ -1 +1 @@
-__version__ = "2.3.0"
+__version__ = "2.1.0.dev0"
--- a/src/pretix/api/init.py
+++ b/src/pretix/api/init.py
@@ -5,8 +5,5 @@ class PretixApiConfig(AppConfig):
    name = 'pretix.api'
    label = 'pretixapi'
    def ready(self):
        from . import signals, webhooks  # noqa
 default_app_config = 'pretix.api.PretixApiConfig'
--- a/src/pretix/api/auth/device.py
+++ b/src/pretix/api/auth/device.py
@@ -1,25 +0,0 @@
 from django.contrib.auth.models import AnonymousUser
 from rest_framework import exceptions
 from rest_framework.authentication import TokenAuthentication
 from pretix.base.models import Device
 class DeviceTokenAuthentication(TokenAuthentication):
    model = Device
    keyword = 'Device'
    def authenticate_credentials(self, key):
        model = self.get_model()
        try:
            device = model.objects.select_related('organizer').get(api_token=key)
        except model.DoesNotExist:
            raise exceptions.AuthenticationFailed('Invalid token.')
        if not device.initialized:
            raise exceptions.AuthenticationFailed('Device has not been initialized.')
        if not device.api_token:
            raise exceptions.AuthenticationFailed('Device access has been revoked.')
        return AnonymousUser(), device
--- a/src/pretix/api/auth/permission.py
+++ b/src/pretix/api/auth/permission.py
@@ -1,7 +1,7 @@
 from rest_framework.permissions import SAFE_METHODS, BasePermission
 from pretix.api.models import OAuthAccessToken
-from pretix.base.models import Device, Event
+from pretix.base.models import Event
 from pretix.base.models.organizer import Organizer, TeamAPIToken
 from pretix.helpers.security import (
    SessionInvalid, SessionReauthRequired, assert_session_valid,
@@ -9,9 +9,10 @@ from pretix.helpers.security import (
 class EventPermission(BasePermission):
    model = TeamAPIToken
    def has_permission(self, request, view):
-        if not request.user.is_authenticated and not isinstance(request.auth, (Device, TeamAPIToken)):
+        if not request.user.is_authenticated and not isinstance(request.auth, TeamAPIToken):
            return False
        if request.method not in SAFE_METHODS and hasattr(view, 'write_permission'):
@@ -30,7 +31,7 @@ class EventPermission(BasePermission):
            except SessionReauthRequired:
                return False
-        perm_holder = (request.auth if isinstance(request.auth, (Device, TeamAPIToken))
+        perm_holder = (request.auth if isinstance(request.auth, TeamAPIToken)
                       else request.user)
        if 'event' in request.resolver_match.kwargs and 'organizer' in request.resolver_match.kwargs:
            request.event = Event.objects.filter(
@@ -75,7 +76,7 @@ class EventCRUDPermission(EventPermission):
            return False
        elif view.action == 'destroy' and 'can_change_event_settings' not in request.eventpermset:
            return False
-        elif view.action in ['update', 'partial_update'] \
+        elif view.action in ['retrieve', 'update', 'partial_update'] \
                and 'can_change_event_settings' not in request.eventpermset:
            return False
--- a/src/pretix/api/exception.py
+++ b/src/pretix/api/exception.py
@@ -10,10 +10,7 @@ def custom_exception_handler(exc, context):
    if isinstance(exc, LockTimeoutException):
        response = Response(
            {'detail': 'The server was too busy to process your request. Please try again.'},
-            status=status.HTTP_409_CONFLICT,
+            status=status.HTTP_409_CONFLICT
            headers={
                'Retry-After': 5
            }
        )
    return response
--- a/src/pretix/api/migrations/0003_webhook_webhookcall_webhookeventlistener.py
+++ b/src/pretix/api/migrations/0003_webhook_webhookcall_webhookeventlistener.py
@@ -1,79 +0,0 @@
 # Generated by Django 2.1.1 on 2018-11-07 10:46
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('pretixbase', '0102_auto_20181017_0024'),
        ('pretixapi', '0002_auto_20180604_1120'),
    ]
    operations = [
        migrations.CreateModel(
            name='WebHook',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('enabled', models.BooleanField(default=True, verbose_name='Enable webhook')),
                ('target_url', models.URLField(verbose_name='Target URL')),
                ('all_events', models.BooleanField(default=False, verbose_name='All events (including newly created ones)')),
                ('limit_events', models.ManyToManyField(blank=True, to='pretixbase.Event', verbose_name='Limit to events')),
                ('organizer', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pretixbase.Organizer')),
            ],
        ),
        migrations.CreateModel(
            name='WebHookCall',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('datetime', models.DateTimeField(auto_now_add=True)),
                ('target_url', models.URLField()),
                ('is_retry', models.BooleanField(default=False)),
                ('execution_time', models.FloatField(null=True)),
                ('return_code', models.PositiveIntegerField(default=0)),
                ('payload', models.TextField()),
                ('response_body', models.TextField()),
                ('webhook', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pretixapi.WebHook')),
            ],
        ),
        migrations.CreateModel(
            name='WebHookEventListener',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('action_type', models.CharField(max_length=255)),
                ('webhook', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pretixapi.WebHook')),
            ],
        ),
        migrations.AddField(
            model_name='webhookcall',
            name='success',
            field=models.BooleanField(default=False),
        ),
        migrations.AlterField(
            model_name='webhook',
            name='all_events',
            field=models.BooleanField(default=True, verbose_name='All events (including newly created ones)'),
        ),
        migrations.AlterField(
            model_name='webhook',
            name='organizer',
            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='webhooks', to='pretixbase.Organizer'),
        ),
        migrations.AlterField(
            model_name='webhookcall',
            name='webhook',
            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='calls', to='pretixapi.WebHook'),
        ),
        migrations.AlterField(
            model_name='webhookeventlistener',
            name='webhook',
            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='listeners', to='pretixapi.WebHook'),
        ),
        migrations.AddField(
            model_name='webhookcall',
            name='action_type',
            field=models.CharField(default='', max_length=255),
            preserve_default=False,
        ),
    ]
--- a/src/pretix/api/models.py
+++ b/src/pretix/api/models.py
@@ -68,41 +68,3 @@ class OAuthRefreshToken(AbstractRefreshToken):
        OAuthAccessToken, on_delete=models.SET_NULL, blank=True, null=True,
        related_name="refresh_token"
    )
 class WebHook(models.Model):
    organizer = models.ForeignKey('pretixbase.Organizer', on_delete=models.CASCADE, related_name='webhooks')
    enabled = models.BooleanField(default=True, verbose_name=_("Enable webhook"))
    target_url = models.URLField(verbose_name=_("Target URL"))
    all_events = models.BooleanField(default=True, verbose_name=_("All events (including newly created ones)"))
    limit_events = models.ManyToManyField('pretixbase.Event', verbose_name=_("Limit to events"), blank=True)
    @property
    def action_types(self):
        return [
            l.action_type for l in self.listeners.all()
        ]
 class WebHookEventListener(models.Model):
    webhook = models.ForeignKey('WebHook', on_delete=models.CASCADE, related_name='listeners')
    action_type = models.CharField(max_length=255)
    class Meta:
        ordering = ("action_type",)
 class WebHookCall(models.Model):
    webhook = models.ForeignKey('WebHook', on_delete=models.CASCADE, related_name='calls')
    datetime = models.DateTimeField(auto_now_add=True)
    target_url = models.URLField()
    action_type = models.CharField(max_length=255)
    is_retry = models.BooleanField(default=False)
    execution_time = models.FloatField(null=True)
    return_code = models.PositiveIntegerField(default=0)
    success = models.BooleanField(default=False)
    payload = models.TextField()
    response_body = models.TextField()
    class Meta:
        ordering = ("-datetime",)
--- a/src/pretix/api/serializers/cart.py
+++ b/src/pretix/api/serializers/cart.py
@@ -19,19 +19,18 @@ class CartPositionSerializer(I18nAwareModelSerializer):
    class Meta:
        model = CartPosition
-        fields = ('id', 'cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts',
+        fields = ('id', 'cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
-                  'attendee_email', 'voucher', 'addon_to', 'subevent', 'datetime', 'expires', 'includes_tax',
+                  'voucher', 'addon_to', 'subevent', 'datetime', 'expires', 'includes_tax',
                  'answers',)
 class CartPositionCreateSerializer(I18nAwareModelSerializer):
    answers = AnswerCreateSerializer(many=True, required=False)
    expires = serializers.DateTimeField(required=False)
    attendee_name = serializers.CharField(required=False, allow_null=True)
    class Meta:
        model = CartPosition
-        fields = ('cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts', 'attendee_email',
+        fields = ('cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
                  'subevent', 'expires', 'includes_tax', 'answers',)
    def create(self, validated_data):
@@ -66,11 +65,6 @@ class CartPositionCreateSerializer(I18nAwareModelSerializer):
                            quota.name
                        )
                    )
            attendee_name = validated_data.pop('attendee_name', '')
            if attendee_name and not validated_data.get('attendee_name_parts'):
                validated_data['attendee_name_parts'] = {
                    '_legacy': attendee_name
                }
            cp = CartPosition.objects.create(event=self.context['event'], **validated_data)
        for answ_data in answers_data:
@@ -124,8 +118,4 @@ class CartPositionCreateSerializer(I18nAwareModelSerializer):
                raise ValidationError(
                    'You cannot specify a variation for this item.'
                )
        if data.get('attendee_name') and data.get('attendee_name_parts'):
            raise ValidationError(
                {'attendee_name': ['Do not specify attendee_name if you specified attendee_name_parts.']}
            )
        return data
--- a/src/pretix/api/serializers/event.py
+++ b/src/pretix/api/serializers/event.py
@@ -4,7 +4,6 @@ from django.utils.functional import cached_property
 from django.utils.translation import ugettext as _
 from django_countries.serializers import CountryFieldMixin
 from rest_framework.fields import Field
 from rest_framework.relations import SlugRelatedField
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.base.models import Event, TaxRule
@@ -191,13 +190,12 @@ class SubEventItemVariationSerializer(I18nAwareModelSerializer):
 class SubEventSerializer(I18nAwareModelSerializer):
    item_price_overrides = SubEventItemSerializer(source='subeventitem_set', many=True)
    variation_price_overrides = SubEventItemVariationSerializer(source='subeventitemvariation_set', many=True)
    event = SlugRelatedField(slug_field='slug', read_only=True)
    meta_data = MetaDataField(source='*')
    class Meta:
        model = SubEvent
        fields = ('id', 'name', 'date_from', 'date_to', 'active', 'date_admission',
-                  'presale_start', 'presale_end', 'location', 'event',
+                  'presale_start', 'presale_end', 'location',
                  'item_price_overrides', 'variation_price_overrides', 'meta_data')
--- a/src/pretix/api/serializers/i18n.py
+++ b/src/pretix/api/serializers/i18n.py
@@ -15,20 +15,13 @@ class I18nField(Field):
        super().__init__(**kwargs)
    def to_representation(self, value):
-        if hasattr(value, 'data'):
+        if value is None or value.data is None:
            if isinstance(value.data, dict):
                return value.data
            elif value.data is None:
                return None
            else:
                return {
                    settings.LANGUAGE_CODE: str(value.data)
                }
        elif value is None:
            return None
        if isinstance(value.data, dict):
            return value.data
        else:
            return {
-                settings.LANGUAGE_CODE: str(value)
+                settings.LANGUAGE_CODE: str(value.data)
            }
    def to_internal_value(self, data):
--- a/src/pretix/api/serializers/item.py
+++ b/src/pretix/api/serializers/item.py
@@ -74,7 +74,7 @@ class ItemSerializer(I18nAwareModelSerializer):
    class Meta:
        model = Item
-        fields = ('id', 'category', 'name', 'internal_name', 'active', 'sales_channels', 'description',
+        fields = ('id', 'category', 'name', 'internal_name', 'active', 'description',
                  'default_price', 'free_price', 'tax_rate', 'tax_rule', 'admission',
                  'position', 'picture', 'available_from', 'available_until',
                  'require_voucher', 'hide_without_voucher', 'allow_cancel',
--- a/src/pretix/api/serializers/order.py
+++ b/src/pretix/api/serializers/order.py
@@ -11,7 +11,6 @@ from rest_framework.relations import SlugRelatedField
 from rest_framework.reverse import reverse
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.base.channels import get_all_sales_channels
 from pretix.base.models import (
    Checkin, Invoice, InvoiceAddress, InvoiceLine, Order, OrderPosition,
    Question, QuestionAnswer,
@@ -36,12 +35,11 @@ class CompatibleCountryField(serializers.Field):
 class InvoiceAddressSerializer(I18nAwareModelSerializer):
    country = CompatibleCountryField(source='*')
    name = serializers.CharField(required=False)
    class Meta:
        model = InvoiceAddress
-        fields = ('last_modified', 'is_business', 'company', 'name', 'name_parts', 'street', 'zipcode', 'city', 'country',
+        fields = ('last_modified', 'is_business', 'company', 'name', 'street', 'zipcode', 'city', 'country', 'vat_id',
-                  'vat_id', 'vat_id_validated', 'internal_reference')
+                  'vat_id_validated', 'internal_reference')
        read_only_fields = ('last_modified', 'vat_id_validated')
    def __init__(self, *args, **kwargs):
@@ -50,15 +48,6 @@ class InvoiceAddressSerializer(I18nAwareModelSerializer):
            v.required = False
            v.allow_blank = True
    def validate(self, data):
        if data.get('name') and data.get('name_parts'):
            raise ValidationError(
                {'name': ['Do not specify name if you specified name_parts.']}
            )
        if data.get('name_parts') and '_scheme' not in data.get('name_parts'):
            data['name_parts']['_scheme'] = self.context['request'].event.settings.name_scheme
        return data
 class AnswerQuestionIdentifierField(serializers.Field):
    def to_representation(self, instance: QuestionAnswer):
@@ -88,8 +77,7 @@ class CheckinSerializer(I18nAwareModelSerializer):
 class OrderDownloadsField(serializers.Field):
    def to_representation(self, instance: Order):
        if instance.status != Order.STATUS_PAID:
-            if instance.status != Order.STATUS_PENDING or instance.require_approval or not instance.event.settings.ticket_download_pending:
+            return []
                return []
        request = self.context['request']
        res = []
@@ -112,8 +100,7 @@ class OrderDownloadsField(serializers.Field):
 class PositionDownloadsField(serializers.Field):
    def to_representation(self, instance: OrderPosition):
        if instance.order.status != Order.STATUS_PAID:
-            if instance.order.status != Order.STATUS_PENDING or instance.order.require_approval or not instance.order.event.settings.ticket_download_pending:
+            return []
                return []
        if instance.addon_to_id and not instance.order.event.settings.ticket_download_addons:
            return []
        if not instance.item.admission and not instance.order.event.settings.ticket_download_nonadm:
@@ -142,19 +129,12 @@ class PdfDataSerializer(serializers.Field):
        res = {}
        ev = instance.subevent or instance.order.event
        # This needs to have some extra performance improvements to avoid creating hundreds of queries when
        # we serialize a list.
-        if 'vars' not in self.context:
+        pdfvars = get_variables(instance.order.event)
-            self.context['vars'] = get_variables(self.context['request'].event)
+        for k, f in pdfvars.items():
        for k, f in self.context['vars'].items():
            res[k] = f['evaluate'](instance, instance.order, ev)
-        if not hasattr(ev, '_cached_meta_data'):
+        for k, v in ev.meta_data.items():
            ev._cached_meta_data = ev.meta_data
        for k, v in ev._cached_meta_data.items():
            res['meta:' + k] = v
        return res
@@ -169,9 +149,9 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
    class Meta:
        model = OrderPosition
-        fields = ('id', 'order', 'positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts',
+        fields = ('id', 'order', 'positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
-                  'attendee_email', 'voucher', 'tax_rate', 'tax_value', 'secret', 'addon_to', 'subevent', 'checkins',
+                  'voucher', 'tax_rate', 'tax_value', 'secret', 'addon_to', 'subevent', 'checkins', 'downloads',
-                  'downloads', 'answers', 'tax_rule', 'pseudonymization_id', 'pdf_data')
+                  'answers', 'tax_rule', 'pseudonymization_id', 'pdf_data')
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
@@ -233,7 +213,7 @@ class OrderSerializer(I18nAwareModelSerializer):
        model = Order
        fields = ('code', 'status', 'secret', 'email', 'locale', 'datetime', 'expires', 'payment_date',
                  'payment_provider', 'fees', 'total', 'comment', 'invoice_address', 'positions', 'downloads',
-                  'checkin_attention', 'last_modified', 'payments', 'refunds', 'require_approval', 'sales_channel')
+                  'checkin_attention', 'last_modified', 'payments', 'refunds', 'require_approval')
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
@@ -316,11 +296,10 @@ class OrderPositionCreateSerializer(I18nAwareModelSerializer):
    answers = AnswerCreateSerializer(many=True, required=False)
    addon_to = serializers.IntegerField(required=False, allow_null=True)
    secret = serializers.CharField(required=False)
    attendee_name = serializers.CharField(required=False, allow_null=True)
    class Meta:
        model = OrderPosition
-        fields = ('positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts', 'attendee_email',
+        fields = ('positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
                  'secret', 'addon_to', 'subevent', 'answers')
    def validate_secret(self, secret):
@@ -371,12 +350,6 @@ class OrderPositionCreateSerializer(I18nAwareModelSerializer):
                raise ValidationError(
                    {'variation': ['You cannot specify a variation for this item.']}
                )
        if data.get('attendee_name') and data.get('attendee_name_parts'):
            raise ValidationError(
                {'attendee_name': ['Do not specify attendee_name if you specified attendee_name_parts.']}
            )
        if data.get('attendee_name_parts') and '_scheme' not in data.get('attendee_name_parts'):
            data['attendee_name_parts']['_scheme'] = self.context['request'].event.settings.name_scheme
        return data
@@ -413,7 +386,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
    class Meta:
        model = Order
-        fields = ('code', 'status', 'email', 'locale', 'payment_provider', 'fees', 'comment', 'sales_channel',
+        fields = ('code', 'status', 'email', 'locale', 'payment_provider', 'fees', 'comment',
                  'invoice_address', 'positions', 'checkin_attention', 'payment_info', 'consume_carts')
    def validate_payment_provider(self, pp):
@@ -421,11 +394,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
            raise ValidationError('The given payment provider is not known.')
        return pp
    def validate_sales_channel(self, channel):
        if channel not in get_all_sales_channels():
            raise ValidationError('Unknown sales channel.')
        return channel
    def validate_code(self, code):
        if code and Order.objects.filter(event__organizer=self.context['event'].organizer, code=code).exists():
            raise ValidationError(
@@ -487,13 +455,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
        payment_info = validated_data.pop('payment_info', '{}')
        if 'invoice_address' in validated_data:
-            iadata = validated_data.pop('invoice_address')
+            ia = InvoiceAddress(**validated_data.pop('invoice_address'))
            name = iadata.pop('name', '')
            if name and not iadata.get('name_parts'):
                iadata['name_parts'] = {
                    '_legacy': name
                }
            ia = InvoiceAddress(**iadata)
        else:
            ia = None
@@ -545,8 +507,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
            if any(errs):
                raise ValidationError({'positions': errs})
            if validated_data.get('locale', None) is None:
                validated_data['locale'] = self.context['event'].settings.locale
            order = Order(event=self.context['event'], **validated_data)
            order.set_expires(subevents=[p.get('subevent') for p in positions_data])
            order.total = sum([p['price'] for p in positions_data]) + sum([f['value'] for f in fees_data], Decimal('0.00'))
@@ -584,11 +544,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
            for pos_data in positions_data:
                answers_data = pos_data.pop('answers', [])
                addon_to = pos_data.pop('addon_to', None)
                attendee_name = pos_data.pop('attendee_name', '')
                if attendee_name and not pos_data.get('attendee_name_parts'):
                    pos_data['attendee_name_parts'] = {
                        '_legacy': attendee_name
                    }
                pos = OrderPosition(**pos_data)
                pos.order = order
                pos._calculate_tax()
--- a/src/pretix/api/serializers/voucher.py
+++ b/src/pretix/api/serializers/voucher.py
@@ -1,27 +1,7 @@
 from rest_framework import serializers
 from rest_framework.exceptions import ValidationError
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.base.models import Voucher
 class VoucherListSerializer(serializers.ListSerializer):
    def create(self, validated_data):
        codes = set()
        errs = []
        err = False
        for voucher_data in validated_data:
            if voucher_data['code'] in codes:
                err = True
                errs.append({'code': ['Duplicate voucher code in request.']})
            else:
                codes.add(voucher_data['code'])
                errs.append({})
        if err:
            raise ValidationError(errs)
        return super().create(validated_data)
 class VoucherSerializer(I18nAwareModelSerializer):
    class Meta:
        model = Voucher
@@ -29,7 +9,6 @@ class VoucherSerializer(I18nAwareModelSerializer):
                  'allow_ignore_quota', 'price_mode', 'value', 'item', 'variation', 'quota',
                  'tag', 'comment', 'subevent')
        read_only_fields = ('id', 'redeemed')
        list_serializer_class = VoucherListSerializer
    def validate(self, data):
        data = super().validate(data)
--- a/src/pretix/api/serializers/webhooks.py
+++ b/src/pretix/api/serializers/webhooks.py
@@ -1,71 +0,0 @@
 from django.core.exceptions import ValidationError
 from rest_framework import serializers
 from pretix.api.models import WebHook
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.api.webhooks import get_all_webhook_events
 from pretix.base.models import Event
 class EventRelatedField(serializers.SlugRelatedField):
    def get_queryset(self):
        return self.context['organizer'].events.all()
 class ActionTypesField(serializers.Field):
    def to_representation(self, instance: WebHook):
        return instance.action_types
    def to_internal_value(self, data):
        types = get_all_webhook_events()
        for d in data:
            if d not in types:
                raise ValidationError('Invalid action type "%s".' % d)
        return {'action_types': data}
 class WebHookSerializer(I18nAwareModelSerializer):
    limit_events = EventRelatedField(
        slug_field='slug',
        queryset=Event.objects.none(),
        many=True
    )
    action_types = ActionTypesField(source='*')
    class Meta:
        model = WebHook
        fields = ('id', 'enabled', 'target_url', 'all_events', 'limit_events', 'action_types')
    def validate(self, data):
        data = super().validate(data)
        full_data = self.to_internal_value(self.to_representation(self.instance)) if self.instance else {}
        full_data.update(data)
        for event in full_data.get('limit_events'):
            if self.context['organizer'] != event.organizer:
                raise ValidationError('One or more events do not belong to this organizer.')
        if full_data.get('limit_events') and full_data.get('all_events'):
            raise ValidationError('You can set either limit_events or all_events.')
        return data
    def create(self, validated_data):
        action_types = validated_data.pop('action_types')
        inst = super().create(validated_data)
        for l in action_types:
            inst.listeners.create(action_type=l)
        return inst
    def update(self, instance, validated_data):
        action_types = validated_data.pop('action_types', None)
        instance = super().update(instance, validated_data)
        if action_types is not None:
            current_listeners = set(instance.listeners.values_list('action_type', flat=True))
            new_listeners = set(action_types)
            for l in current_listeners - new_listeners:
                instance.listeners.filter(action_type=l).delete()
            for l in new_listeners - current_listeners:
                instance.listeners.create(action_type=l)
        return instance
--- a/src/pretix/api/signals.py
+++ b/src/pretix/api/signals.py
@@ -1,21 +0,0 @@
 from datetime import timedelta
 from django.dispatch import Signal, receiver
 from django.utils.timezone import now
 from pretix.api.models import WebHookCall
 from pretix.base.signals import periodic_task
 register_webhook_events = Signal(
    providing_args=[]
 )
 """
 This signal is sent out to get all known webhook events. Receivers should return an
 instance of a subclass of pretix.api.webhooks.WebhookEvent or a list of such
 instances.
 """
@receiver(periodic_task)
 def cleanup_webhook_logs(sender, **kwargs):
    WebHookCall.objects.filter(datetime__lte=now() - timedelta(days=30)).delete()
--- a/src/pretix/api/urls.py
+++ b/src/pretix/api/urls.py
@@ -7,8 +7,7 @@ from rest_framework import routers
 from pretix.api.views import cart
 from .views import (
-    checkin, device, event, item, oauth, order, organizer, user, voucher,
+    checkin, event, item, oauth, order, organizer, voucher, waitinglist,
    waitinglist, webhooks,
 )
 router = routers.DefaultRouter()
@@ -16,8 +15,6 @@ router.register(r'organizers', organizer.OrganizerViewSet)
 orga_router = routers.DefaultRouter()
 orga_router.register(r'events', event.EventViewSet)
 orga_router.register(r'subevents', event.SubEventViewSet)
 orga_router.register(r'webhooks', webhooks.WebHookViewSet)
 event_router = routers.DefaultRouter()
 event_router.register(r'subevents', event.SubEventViewSet)
@@ -68,9 +65,4 @@ urlpatterns = [
    url(r"^oauth/authorize$", oauth.AuthorizationView.as_view(), name="authorize"),
    url(r"^oauth/token$", oauth.TokenView.as_view(), name="token"),
    url(r"^oauth/revoke_token$", oauth.RevokeTokenView.as_view(), name="revoke-token"),
    url(r"^device/initialize$", device.InitializeView.as_view(), name="device.initialize"),
    url(r"^device/update$", device.UpdateView.as_view(), name="device.update"),
    url(r"^device/roll$", device.RollKeyView.as_view(), name="device.roll"),
    url(r"^device/revoke$", device.RevokeKeyView.as_view(), name="device.revoke"),
    url(r"^me$", user.MeView.as_view(), name="user.me"),
 ]
--- a/src/pretix/api/views/init.py
+++ b/src/pretix/api/views/init.py
@@ -37,9 +37,6 @@ class ConditionalListView:
        if_unmodified_since = request.META.get('HTTP_IF_UNMODIFIED_SINCE')
        if if_unmodified_since:
            if_unmodified_since = parse_http_date_safe(if_unmodified_since)
        if not hasattr(request, 'event'):
            return super().list(request, **kwargs)
        lmd = request.event.logentry_set.filter(
            content_type__model=self.queryset.model._meta.model_name,
            content_type__app_label=self.queryset.model._meta.app_label,
--- a/src/pretix/api/views/checkin.py
+++ b/src/pretix/api/views/checkin.py
@@ -154,7 +154,7 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
    serializer_class = OrderPositionSerializer
    queryset = OrderPosition.objects.none()
    filter_backends = (DjangoFilterBackend, RichOrderingFilter)
-    ordering = ('attendee_name_cached', 'positionid')
+    ordering = ('attendee_name', 'positionid')
    ordering_fields = (
        'order__code', 'order__datetime', 'positionid', 'attendee_name',
        'last_checked_in', 'order__email',
@@ -162,11 +162,11 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
    ordering_custom = {
        'attendee_name': {
            '_order': F('display_name').asc(nulls_first=True),
-            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
+            'display_name': Coalesce('attendee_name', 'addon_to__attendee_name')
        },
        '-attendee_name': {
            '_order': F('display_name').desc(nulls_last=True),
-            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
+            'display_name': Coalesce('attendee_name', 'addon_to__attendee_name')
        },
        'last_checked_in': {
            '_order': FixedOrderBy(F('last_checked_in'), nulls_first=True),
@@ -244,9 +244,7 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
                ignore_unpaid=ignore_unpaid,
                nonce=nonce,
                datetime=dt,
-                questions_supported=self.request.data.get('questions_supported', True),
+                questions_supported=self.request.data.get('questions_supported', True)
                user=self.request.user,
                auth=self.request.auth,
            )
        except RequiredQuestionsError as e:
            return Response({
--- a/src/pretix/api/views/device.py
+++ b/src/pretix/api/views/device.py
@@ -1,113 +0,0 @@
 import logging
 from django.utils.timezone import now
 from rest_framework import serializers
 from rest_framework.exceptions import ValidationError
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from pretix.api.auth.device import DeviceTokenAuthentication
 from pretix.base.models import Device
 from pretix.base.models.devices import generate_api_token
 logger = logging.getLogger(__name__)
 class InitializationRequestSerializer(serializers.Serializer):
    token = serializers.CharField(max_length=190)
    hardware_brand = serializers.CharField(max_length=190)
    hardware_model = serializers.CharField(max_length=190)
    software_brand = serializers.CharField(max_length=190)
    software_version = serializers.CharField(max_length=190)
 class UpdateRequestSerializer(serializers.Serializer):
    hardware_brand = serializers.CharField(max_length=190)
    hardware_model = serializers.CharField(max_length=190)
    software_brand = serializers.CharField(max_length=190)
    software_version = serializers.CharField(max_length=190)
 class DeviceSerializer(serializers.ModelSerializer):
    organizer = serializers.SlugRelatedField(slug_field='slug', read_only=True)
    class Meta:
        model = Device
        fields = [
            'organizer', 'device_id', 'unique_serial', 'api_token',
            'name'
        ]
 class InitializeView(APIView):
    authentication_classes = tuple()
    permission_classes = tuple()
    def post(self, request, format=None):
        serializer = InitializationRequestSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        try:
            device = Device.objects.get(initialization_token=serializer.validated_data.get('token'))
        except Device.DoesNotExist:
            raise ValidationError({'token': ['Unknown initialization token.']})
        if device.initialized:
            raise ValidationError({'token': ['This initialization token has already been used.']})
        device.initialized = now()
        device.hardware_brand = serializer.validated_data.get('hardware_brand')
        device.hardware_model = serializer.validated_data.get('hardware_model')
        device.software_brand = serializer.validated_data.get('software_brand')
        device.software_version = serializer.validated_data.get('software_version')
        device.api_token = generate_api_token()
        device.save()
        device.log_action('pretix.device.initialized', data=serializer.validated_data, auth=device)
        serializer = DeviceSerializer(device)
        return Response(serializer.data)
 class UpdateView(APIView):
    authentication_classes = (DeviceTokenAuthentication,)
    def post(self, request, format=None):
        serializer = UpdateRequestSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        device = request.auth
        device.hardware_brand = serializer.validated_data.get('hardware_brand')
        device.hardware_model = serializer.validated_data.get('hardware_model')
        device.software_brand = serializer.validated_data.get('software_brand')
        device.software_version = serializer.validated_data.get('software_version')
        device.save()
        device.log_action('pretix.device.updated', data=serializer.validated_data, auth=device)
        serializer = DeviceSerializer(device)
        return Response(serializer.data)
 class RollKeyView(APIView):
    authentication_classes = (DeviceTokenAuthentication,)
    def post(self, request, format=None):
        device = request.auth
        device.api_token = generate_api_token()
        device.save()
        device.log_action('pretix.device.keyroll', auth=device)
        serializer = DeviceSerializer(device)
        return Response(serializer.data)
 class RevokeKeyView(APIView):
    authentication_classes = (DeviceTokenAuthentication,)
    def post(self, request, format=None):
        device = request.auth
        device.api_token = None
        device.save()
        device.log_action('pretix.device.revoked', auth=device)
        serializer = DeviceSerializer(device)
        return Response(serializer.data)
--- a/src/pretix/api/views/event.py
+++ b/src/pretix/api/views/event.py
@@ -1,7 +1,5 @@
 import django_filters
 from django.db import transaction
-from django.db.models import ProtectedError, Q
+from django.db.models import ProtectedError
 from django.utils.timezone import now
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import filters, viewsets
 from rest_framework.exceptions import PermissionDenied
@@ -12,79 +10,20 @@ from pretix.api.serializers.event import (
    TaxRuleSerializer,
 )
 from pretix.api.views import ConditionalListView
-from pretix.base.models import (
+from pretix.base.models import Event, ItemCategory, TaxRule
    Device, Event, ItemCategory, TaxRule, TeamAPIToken,
 )
 from pretix.base.models.event import SubEvent
 from pretix.helpers.dicts import merge_dicts
 class EventFilter(FilterSet):
    is_past = django_filters.rest_framework.BooleanFilter(method='is_past_qs')
    is_future = django_filters.rest_framework.BooleanFilter(method='is_future_qs')
    ends_after = django_filters.rest_framework.IsoDateTimeFilter(method='ends_after_qs')
    class Meta:
        model = Event
        fields = ['is_public', 'live', 'has_subevents']
    def ends_after_qs(self, queryset, name, value):
        expr = (
            Q(has_subevents=False) &
            Q(
                Q(Q(date_to__isnull=True) & Q(date_from__gte=value))
                | Q(Q(date_to__isnull=False) & Q(date_to__gte=value))
            )
        )
        return queryset.filter(expr)
    def is_past_qs(self, queryset, name, value):
        expr = (
            Q(has_subevents=False) &
            Q(
                Q(Q(date_to__isnull=True) & Q(date_from__lt=now()))
                | Q(Q(date_to__isnull=False) & Q(date_to__lt=now()))
            )
        )
        if value:
            return queryset.filter(expr)
        else:
            return queryset.exclude(expr)
    def is_future_qs(self, queryset, name, value):
        expr = (
            Q(has_subevents=False) &
            Q(
                Q(Q(date_to__isnull=True) & Q(date_from__gte=now()))
                | Q(Q(date_to__isnull=False) & Q(date_to__gte=now()))
            )
        )
        if value:
            return queryset.filter(expr)
        else:
            return queryset.exclude(expr)
 class EventViewSet(viewsets.ModelViewSet):
    serializer_class = EventSerializer
    queryset = Event.objects.none()
    lookup_field = 'slug'
    lookup_url_kwarg = 'event'
    permission_classes = (EventCRUDPermission,)
    filter_backends = (DjangoFilterBackend, filters.OrderingFilter)
    filterset_class = EventFilter
    def get_queryset(self):
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
+        return self.request.organizer.events.prefetch_related('meta_values', 'meta_values__property')
            qs = self.request.auth.get_events_with_any_permission()
        elif self.request.user.is_authenticated:
            qs = self.request.user.get_events_with_any_permission(self.request).filter(
                organizer=self.request.organizer
            )
        return qs.prefetch_related(
            'meta_values', 'meta_values__property'
        )
    def perform_update(self, serializer):
        current_live_value = serializer.instance.live
@@ -181,40 +120,9 @@ class CloneEventViewSet(viewsets.ModelViewSet):
 class SubEventFilter(FilterSet):
    is_past = django_filters.rest_framework.BooleanFilter(method='is_past_qs')
    is_future = django_filters.rest_framework.BooleanFilter(method='is_future_qs')
    ends_after = django_filters.rest_framework.IsoDateTimeFilter(method='ends_after_qs')
    class Meta:
        model = SubEvent
-        fields = ['active', 'event__live']
+        fields = ['active']
    def ends_after_qs(self, queryset, name, value):
        expr = Q(
            Q(Q(date_to__isnull=True) & Q(date_from__gte=value))
            | Q(Q(date_to__isnull=False) & Q(date_to__gte=value))
        )
        return queryset.filter(expr)
    def is_past_qs(self, queryset, name, value):
        expr = Q(
            Q(Q(date_to__isnull=True) & Q(date_from__lt=now()))
            | Q(Q(date_to__isnull=False) & Q(date_to__lt=now()))
        )
        if value:
            return queryset.filter(expr)
        else:
            return queryset.exclude(expr)
    def is_future_qs(self, queryset, name, value):
        expr = Q(
            Q(Q(date_to__isnull=True) & Q(date_from__gte=now()))
            | Q(Q(date_to__isnull=False) & Q(date_to__gte=now()))
        )
        if value:
            return queryset.filter(expr)
        else:
            return queryset.exclude(expr)
 class SubEventViewSet(ConditionalListView, viewsets.ReadOnlyModelViewSet):
@@ -224,19 +132,7 @@ class SubEventViewSet(ConditionalListView, viewsets.ReadOnlyModelViewSet):
    filterset_class = SubEventFilter
    def get_queryset(self):
-        if getattr(self.request, 'event', None):
+        return self.request.event.subevents.prefetch_related(
            qs = self.request.event.subevents
        elif isinstance(self.request.auth, (TeamAPIToken, Device)):
            qs = SubEvent.objects.filter(
                event__organizer=self.request.organizer,
                event__in=self.request.auth.get_events_with_any_permission()
            )
        elif self.request.user.is_authenticated:
            qs = SubEvent.objects.filter(
                event__organizer=self.request.organizer,
                event__in=self.request.user.get_events_with_any_permission()
            )
        return qs.prefetch_related(
            'subeventitem_set', 'subeventitemvariation_set'
        )
--- a/src/pretix/api/views/item.py
+++ b/src/pretix/api/views/item.py
@@ -42,7 +42,7 @@ class ItemViewSet(ConditionalListView, viewsets.ModelViewSet):
    ordering_fields = ('id', 'position')
    ordering = ('position', 'id')
    filterset_class = ItemFilter
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
@@ -83,7 +83,6 @@ class ItemViewSet(ConditionalListView, viewsets.ModelViewSet):
            user=self.request.user,
            auth=self.request.auth,
        )
        self.get_object().cartposition_set.all().delete()
        super().perform_destroy(instance)
@@ -93,7 +92,7 @@ class ItemVariationViewSet(viewsets.ModelViewSet):
    filter_backends = (DjangoFilterBackend, OrderingFilter,)
    ordering_fields = ('id', 'position')
    ordering = ('id',)
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
@@ -155,7 +154,7 @@ class ItemAddOnViewSet(viewsets.ModelViewSet):
    filter_backends = (DjangoFilterBackend, OrderingFilter,)
    ordering_fields = ('id', 'position')
    ordering = ('id',)
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
@@ -211,7 +210,7 @@ class ItemCategoryViewSet(ConditionalListView, viewsets.ModelViewSet):
    filterset_class = ItemCategoryFilter
    ordering_fields = ('id', 'position')
    ordering = ('position', 'id')
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
@@ -265,8 +264,7 @@ class QuestionViewSet(ConditionalListView, viewsets.ModelViewSet):
    filterset_class = QuestionFilter
    ordering_fields = ('id', 'position')
    ordering = ('position', 'id')
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
        return self.request.event.questions.prefetch_related('options').all()
@@ -309,7 +307,7 @@ class QuestionOptionViewSet(viewsets.ModelViewSet):
    filter_backends = (DjangoFilterBackend, OrderingFilter,)
    ordering_fields = ('id', 'position')
    ordering = ('position',)
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
@@ -364,7 +362,7 @@ class QuotaViewSet(ConditionalListView, viewsets.ModelViewSet):
    filterset_class = QuotaFilter
    ordering_fields = ('id', 'size')
    ordering = ('id',)
-    permission = None
+    permission = 'can_change_items'
    write_permission = 'can_change_items'
    def get_queryset(self):
--- a/src/pretix/api/views/order.py
+++ b/src/pretix/api/views/order.py
@@ -3,8 +3,8 @@ import datetime
 import django_filters
 import pytz
 from django.db import transaction
-from django.db.models import F, Prefetch, Q
+from django.db.models import Q
-from django.db.models.functions import Coalesce, Concat
+from django.db.models.functions import Concat
 from django.http import FileResponse
 from django.shortcuts import get_object_or_404
 from django.utils.timezone import make_aware, now
@@ -25,8 +25,8 @@ from pretix.api.serializers.order import (
    OrderRefundSerializer, OrderSerializer,
 )
 from pretix.base.models import (
-    CachedCombinedTicket, CachedTicket, Device, Invoice, Order, OrderPayment,
+    Invoice, Order, OrderPayment, OrderPosition, OrderRefund, Quota,
-    OrderPosition, OrderRefund, Quota, TeamAPIToken,
+    TeamAPIToken,
 )
 from pretix.base.payment import PaymentException
 from pretix.base.services.invoices import (
@@ -38,7 +38,9 @@ from pretix.base.services.orders import (
    OrderChangeManager, OrderError, approve_order, cancel_order, deny_order,
    extend_order, mark_order_expired, mark_order_refunded,
 )
-from pretix.base.services.tickets import generate
+from pretix.base.services.tickets import (
    get_cachedticket_for_order, get_cachedticket_for_position,
 )
 from pretix.base.signals import order_placed, register_ticket_outputs
@@ -58,7 +60,7 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
    queryset = Order.objects.none()
    filter_backends = (DjangoFilterBackend, OrderingFilter)
    ordering = ('datetime',)
-    ordering_fields = ('datetime', 'code', 'status', 'last_modified')
+    ordering_fields = ('datetime', 'code', 'status')
    filterset_class = OrderFilter
    lookup_field = 'code'
    permission = 'can_view_orders'
@@ -70,34 +72,13 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
        return ctx
    def get_queryset(self):
-        qs = self.request.event.orders.prefetch_related(
+        return self.request.event.orders.prefetch_related(
-            'fees', 'payments', 'refunds', 'refunds__payment'
+            'positions', 'positions__checkins', 'positions__item', 'positions__answers', 'positions__answers__options',
            'positions__answers__question', 'fees', 'payments', 'refunds', 'refunds__payment'
        ).select_related(
            'invoice_address'
        )
        if self.request.query_params.get('pdf_data', 'false') == 'true':
            qs = qs.prefetch_related(
                Prefetch(
                    'positions',
                    OrderPosition.objects.all().prefetch_related(
                        'checkins', 'item', 'variation', 'answers', 'answers__options', 'answers__question',
                        Prefetch('addons', OrderPosition.objects.select_related('item', 'variation'))
                    )
                )
            )
        else:
            qs = qs.prefetch_related(
                Prefetch(
                    'positions',
                    OrderPosition.objects.all().prefetch_related(
                        'checkins', 'item', 'variation', 'answers', 'answers__options', 'answers__question',
                    )
                )
            )
        return qs
    def _get_output_provider(self, identifier):
        responses = register_ticket_outputs.send(self.request.event)
        for receiver, response in responses:
@@ -128,11 +109,9 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
        if order.status != Order.STATUS_PAID:
            raise PermissionDenied("Downloads are not available for unpaid orders.")
-        ct = CachedCombinedTicket.objects.filter(
+        ct = get_cachedticket_for_order(order, provider.identifier)
-            order=order, provider=provider.identifier, file__isnull=False
+
-        ).last()
+        if not ct.file:
        if not ct or not ct.file:
            generate.apply_async(args=('order', order.pk, provider.identifier))
            raise RetryException()
        else:
            resp = FileResponse(ct.file.file, content_type=ct.type)
@@ -198,7 +177,6 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
            order,
            user=request.user if request.user.is_authenticated else None,
            api_token=request.auth if isinstance(request.auth, TeamAPIToken) else None,
            device=request.auth if isinstance(request.auth, Device) else None,
            oauth_application=request.auth.application if isinstance(request.auth, OAuthAccessToken) else None,
            send_mail=send_mail
        )
@@ -213,7 +191,7 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
            approve_order(
                order,
                user=request.user if request.user.is_authenticated else None,
-                auth=request.auth if isinstance(request.auth, (Device, TeamAPIToken, OAuthAccessToken)) else None,
+                auth=request.auth if isinstance(request.auth, (TeamAPIToken, OAuthAccessToken)) else None,
                send_mail=send_mail,
            )
        except Quota.QuotaExceededException as e:
@@ -232,7 +210,7 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
            deny_order(
                order,
                user=request.user if request.user.is_authenticated else None,
-                auth=request.auth if isinstance(request.auth, (Device, TeamAPIToken, OAuthAccessToken)) else None,
+                auth=request.auth if isinstance(request.auth, (TeamAPIToken, OAuthAccessToken)) else None,
                send_mail=send_mail,
                comment=comment,
            )
@@ -251,7 +229,7 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
            )
        order.status = Order.STATUS_PENDING
-        order.save(update_fields=['status'])
+        order.save()
        order.log_action(
            'pretix.event.order.unpaid',
            user=request.user if request.user.is_authenticated else None,
@@ -289,7 +267,7 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
        mark_order_refunded(
            order,
            user=request.user if request.user.is_authenticated else None,
-            auth=(request.auth if isinstance(request.auth, (TeamAPIToken, OAuthAccessToken, Device)) else None),
+            api_token=(request.auth if isinstance(request.auth, TeamAPIToken) else None),
        )
        return self.retrieve(request, [], **kwargs)
@@ -373,17 +351,17 @@ class OrderPositionFilter(FilterSet):
    def search_qs(self, queryset, name, value):
        return queryset.filter(
            Q(secret__istartswith=value)
-            | Q(attendee_name_cached__icontains=value)
+            | Q(attendee_name__icontains=value)
-            | Q(addon_to__attendee_name_cached__icontains=value)
+            | Q(addon_to__attendee_name__icontains=value)
            | Q(order__code__istartswith=value)
-            | Q(order__invoice_address__name_cached__icontains=value)
+            | Q(order__invoice_address__name__icontains=value)
        )
    def has_checkin_qs(self, queryset, name, value):
        return queryset.filter(checkins__isnull=not value)
    def attendee_name_qs(self, queryset, name, value):
-        return queryset.filter(Q(attendee_name_cached__iexact=value) | Q(addon_to__attendee_name_cached__iexact=value))
+        return queryset.filter(Q(attendee_name__iexact=value) | Q(addon_to__attendee_name__iexact=value))
    class Meta:
        model = OrderPosition
@@ -409,16 +387,6 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, viewsets.ReadOnlyModelViewS
    filterset_class = OrderPositionFilter
    permission = 'can_view_orders'
    write_permission = 'can_change_orders'
    ordering_custom = {
        'attendee_name': {
            '_order': F('display_name').asc(nulls_first=True),
            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
        },
        '-attendee_name': {
            '_order': F('display_name').asc(nulls_last=True),
            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
        },
    }
    def get_queryset(self):
        return OrderPosition.objects.filter(order__event=self.request.event).prefetch_related(
@@ -447,11 +415,9 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, viewsets.ReadOnlyModelViewS
        if not pos.item.admission and not request.event.settings.ticket_download_nonadm:
            raise PermissionDenied("Downloads are not enabled for non-admission products.")
-        ct = CachedTicket.objects.filter(
+        ct = get_cachedticket_for_position(pos, provider.identifier)
-            order_position=pos, provider=provider.identifier, file__isnull=False
+
-        ).last()
+        if not ct.file:
        if not ct or not ct.file:
            generate.apply_async(args=('orderposition', pos.pk, provider.identifier))
            raise RetryException()
        else:
            resp = FileResponse(ct.file.file, content_type=ct.type)
@@ -568,7 +534,7 @@ class PaymentViewSet(viewsets.ReadOnlyModelViewSet):
                        payment.order.event.subevents.filter(
                            id__in=payment.order.positions.values_list('subevent_id', flat=True))
                    )
-                    payment.order.save(update_fields=['status', 'expires'])
+                    payment.order.save()
            return Response(OrderRefundSerializer(r).data, status=status.HTTP_200_OK)
    @detail_route(methods=['POST'])
@@ -634,7 +600,7 @@ class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
                refund.order.event.subevents.filter(
                    id__in=refund.order.positions.values_list('subevent_id', flat=True))
            )
-            refund.order.save(update_fields=['status', 'expires'])
+            refund.order.save()
        return self.retrieve(request, [], **kwargs)
    @detail_route(methods=['POST'])
--- a/src/pretix/api/views/organizer.py
+++ b/src/pretix/api/views/organizer.py
@@ -23,7 +23,5 @@ class OrganizerViewSet(viewsets.ReadOnlyModelViewSet):
                )
            else:
                return Organizer.objects.filter(pk__in=self.request.user.teams.values_list('organizer', flat=True))
        elif hasattr(self.request.auth, 'organizer_id'):
            return Organizer.objects.filter(pk=self.request.auth.organizer_id)
        else:
            return Organizer.objects.filter(pk=self.request.auth.team.organizer_id)
--- a/src/pretix/api/views/user.py
+++ b/src/pretix/api/views/user.py
@@ -1,16 +0,0 @@
 from oauth2_provider.contrib.rest_framework import OAuth2Authentication
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.response import Response
 from rest_framework.views import APIView
 class MeView(APIView):
    authentication_classes = (SessionAuthentication, OAuth2Authentication)
    def get(self, request, format=None):
        return Response({
            'email': request.user.email,
            'fullname': request.user.fullname,
            'locale': request.user.locale,
            'timezone': request.user.timezone
        })
--- a/src/pretix/api/views/voucher.py
+++ b/src/pretix/api/views/voucher.py
@@ -1,16 +1,11 @@
 import contextlib
 from django.db import transaction
 from django.db.models import F, Q
 from django.utils.timezone import now
 from django_filters.rest_framework import (
    BooleanFilter, DjangoFilterBackend, FilterSet,
 )
-from rest_framework import status, viewsets
+from rest_framework import viewsets
 from rest_framework.decorators import list_route
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import OrderingFilter
 from rest_framework.response import Response
 from pretix.api.serializers.voucher import VoucherSerializer
 from pretix.base.models import Voucher
@@ -46,29 +41,8 @@ class VoucherViewSet(viewsets.ModelViewSet):
    def get_queryset(self):
        return self.request.event.vouchers.all()
    def _predict_quota_check(self, data, instance):
        # This method predicts if Voucher.clean_quota_needs_checking
        # *migh* later require a quota check. It is only approximate
        # and returns True a little too often. The point is to avoid
        # locks when we know we won't need them.
        if 'allow_ignore_quota' in data and data.get('allow_ignore_quota'):
            return False
        if instance and 'allow_ignore_quota' not in data and instance.allow_ignore_quota:
            return False
        if 'block_quota' in data and not data.get('block_quota'):
            return False
        if instance and 'block_quota' not in data and not instance.block_quota:
            return False
        return True
    def create(self, request, *args, **kwargs):
-        if self._predict_quota_check(request.data, None):
+        with request.event.lock():
            lockfn = request.event.lock
        else:
            lockfn = contextlib.suppress  # noop context manager
        with lockfn():
            return super().create(request, *args, **kwargs)
    def perform_create(self, serializer):
@@ -86,11 +60,7 @@ class VoucherViewSet(viewsets.ModelViewSet):
        return ctx
    def update(self, request, *args, **kwargs):
-        if self._predict_quota_check(request.data, self.get_object()):
+        with request.event.lock():
            lockfn = request.event.lock
        else:
            lockfn = contextlib.suppress  # noop context manager
        with lockfn():
            return super().update(request, *args, **kwargs)
    def perform_update(self, serializer):
@@ -112,24 +82,3 @@ class VoucherViewSet(viewsets.ModelViewSet):
            auth=self.request.auth,
        )
        super().perform_destroy(instance)
    @list_route(methods=['POST'])
    def batch_create(self, request, *args, **kwargs):
        if any(self._predict_quota_check(d, None) for d in request.data):
            lockfn = request.event.lock
        else:
            lockfn = contextlib.suppress  # noop context manager
        with lockfn():
            serializer = self.get_serializer(data=request.data, many=True)
            serializer.is_valid(raise_exception=True)
            with transaction.atomic():
                serializer.save(event=self.request.event)
                for i in serializer.instance:
                    i.log_action(
                        'pretix.voucher.added',
                        user=self.request.user,
                        auth=self.request.auth,
                        data=self.request.data
                    )
        headers = self.get_success_headers(serializer.data)
        return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
--- a/src/pretix/api/views/webhooks.py
+++ b/src/pretix/api/views/webhooks.py
@@ -1,49 +0,0 @@
 from rest_framework import viewsets
 from pretix.api.models import WebHook
 from pretix.api.serializers.webhooks import WebHookSerializer
 from pretix.helpers.dicts import merge_dicts
 class WebHookViewSet(viewsets.ModelViewSet):
    serializer_class = WebHookSerializer
    queryset = WebHook.objects.none()
    permission = 'can_change_organizer_settings'
    write_permission = 'can_change_organizer_settings'
    def get_queryset(self):
        return self.request.organizer.webhooks.prefetch_related('listeners')
    def get_serializer_context(self):
        ctx = super().get_serializer_context()
        ctx['organizer'] = self.request.organizer
        return ctx
    def perform_create(self, serializer):
        inst = serializer.save(organizer=self.request.organizer)
        self.request.organizer.log_action(
            'pretix.webhook.created',
            user=self.request.user,
            auth=self.request.auth,
            data=merge_dicts(self.request.data, {'id': inst.pk})
        )
    def perform_update(self, serializer):
        inst = serializer.save(organizer=self.request.organizer)
        self.request.organizer.log_action(
            'pretix.webhook.changed',
            user=self.request.user,
            auth=self.request.auth,
            data=merge_dicts(self.request.data, {'id': serializer.instance.pk})
        )
        return inst
    def perform_destroy(self, instance):
        self.request.organizer.log_action(
            'pretix.webhook.changed',
            user=self.request.user,
            auth=self.request.auth,
            data={'id': instance.pk, 'enabled': False}
        )
        instance.enabled = False
        instance.save(update_fields=['enabled'])
--- a/src/pretix/api/webhooks.py
+++ b/src/pretix/api/webhooks.py
@@ -1,257 +0,0 @@
 import json
 import logging
 import time
 from collections import OrderedDict
 import requests
 from celery.exceptions import MaxRetriesExceededError
 from django.db.models import Exists, OuterRef, Q
 from django.dispatch import receiver
 from django.utils.translation import ugettext_lazy as _
 from requests import RequestException
 from pretix.api.models import WebHook, WebHookCall, WebHookEventListener
 from pretix.api.signals import register_webhook_events
 from pretix.base.models import LogEntry
 from pretix.base.services.tasks import ProfiledTask, TransactionAwareTask
 from pretix.celery_app import app
 logger = logging.getLogger(__name__)
 _ALL_EVENTS = None
 class WebhookEvent:
    def __init__(self):
        pass
    def __repr__(self):
        return '<WebhookEvent: {}>'.format(self.action_type)
    @property
    def action_type(self) -> str:
        """
        The action_type string that this notification handles, for example
        ``"pretix.event.order.paid"``. Only one notification type should be registered
        per action type.
        """
        raise NotImplementedError()  # NOQA
    @property
    def verbose_name(self) -> str:
        """
        A human-readable name of this notification type.
        """
        raise NotImplementedError()  # NOQA
    def build_payload(self, logentry: LogEntry) -> dict:
        """
        This is the main function that you should override. It is supposed to turn a log entry
        object into a dictionary that can be used as the webhook payload.
        """
        raise NotImplementedError()  # NOQA
 def get_all_webhook_events():
    global _ALL_EVENTS
    if _ALL_EVENTS:
        return _ALL_EVENTS
    types = OrderedDict()
    for recv, ret in register_webhook_events.send(None):
        if isinstance(ret, (list, tuple)):
            for r in ret:
                types[r.action_type] = r
        else:
            types[ret.action_type] = ret
    _ALL_EVENTS = types
    return types
 class ParametrizedOrderWebhookEvent(WebhookEvent):
    def __init__(self, action_type, verbose_name):
        self._action_type = action_type
        self._verbose_name = verbose_name
        super().__init__()
    @property
    def action_type(self):
        return self._action_type
    @property
    def verbose_name(self):
        return self._verbose_name
    def build_payload(self, logentry: LogEntry):
        order = logentry.content_object
        return {
            'notification_id': logentry.pk,
            'organizer': order.event.organizer.slug,
            'event': order.event.slug,
            'code': order.code,
            'action': logentry.action_type,
        }
 class ParametrizedOrderPositionWebhookEvent(ParametrizedOrderWebhookEvent):
    def build_payload(self, logentry: LogEntry):
        d = super().build_payload(logentry)
        d['orderposition_id'] = logentry.parsed_data.get('position')
        d['orderposition_positionid'] = logentry.parsed_data.get('positionid')
        d['checkin_list'] = logentry.parsed_data.get('list')
        d['first_checkin'] = logentry.parsed_data.get('first_checkin')
        return d
@receiver(register_webhook_events, dispatch_uid="base_register_default_webhook_events")
 def register_default_webhook_events(sender, **kwargs):
    return (
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.placed',
            _('New order placed'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.placed.required_approval',
            _('New order requires approval'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.paid',
            _('Order marked as paid'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.canceled',
            _('Order canceled'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.expired',
            _('Order expired'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.modified',
            _('Order information changed'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.contact.changed',
            _('Order contact address changed'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.changed.*',
            _('Order changed'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.refund.created.externally',
            _('External refund of payment'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.refunded',
            _('Order refunded'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.approved',
            _('Order approved'),
        ),
        ParametrizedOrderWebhookEvent(
            'pretix.event.order.denied',
            _('Order denied'),
        ),
        ParametrizedOrderPositionWebhookEvent(
            'pretix.event.checkin',
            _('Ticket checked in'),
        ),
        ParametrizedOrderPositionWebhookEvent(
            'pretix.event.checkin.reverted',
            _('Ticket check-in reverted'),
        ),
    )
@app.task(base=TransactionAwareTask)
 def notify_webhooks(logentry_id: int):
    logentry = LogEntry.all.get(id=logentry_id)
    if not logentry.organizer:
        return  # We need to know the organizer
    types = get_all_webhook_events()
    notification_type = None
    typepath = logentry.action_type
    while not notification_type and '.' in typepath:
        notification_type = types.get(typepath + ('.*' if typepath != logentry.action_type else ''))
        typepath = typepath.rsplit('.', 1)[0]
    if not notification_type:
        return  # Ignore, no webhooks for this event type
    # All webhooks that registered for this notification
    event_listener = WebHookEventListener.objects.filter(
        webhook=OuterRef('pk'),
        action_type=notification_type.action_type
    )
    webhooks = WebHook.objects.annotate(has_el=Exists(event_listener)).filter(
        organizer=logentry.organizer,
        has_el=True,
        enabled=True
    )
    if logentry.event_id:
        webhooks = webhooks.filter(
            Q(all_events=True) | Q(limit_events__pk=logentry.event_id)
        )
    for wh in webhooks:
        send_webhook.apply_async(args=(logentry_id, notification_type.action_type, wh.pk))
@app.task(base=ProfiledTask, bind=True, max_retries=9)
 def send_webhook(self, logentry_id: int, action_type: str, webhook_id: int):
    # 9 retries with 2**(2*x) timing is roughly 72 hours
    logentry = LogEntry.all.get(id=logentry_id)
    webhook = WebHook.objects.get(id=webhook_id)
    types = get_all_webhook_events()
    event_type = types.get(action_type)
    if not event_type or not webhook.enabled:
        return  # Ignore, e.g. plugin not installed
    payload = event_type.build_payload(logentry)
    t = time.time()
    try:
        try:
            resp = requests.post(
                webhook.target_url,
                json=payload,
                allow_redirects=False
            )
            WebHookCall.objects.create(
                webhook=webhook,
                action_type=logentry.action_type,
                target_url=webhook.target_url,
                is_retry=self.request.retries > 0,
                execution_time=time.time() - t,
                return_code=resp.status_code,
                payload=json.dumps(payload),
                response_body=resp.text[:1024 * 1024],
                success=200 <= resp.status_code <= 299
            )
            if resp.status_code == 410:
                webhook.enabled = False
                webhook.save()
            elif resp.status_code > 299:
                raise self.retry(countdown=2 ** (self.request.retries * 2))
        except RequestException as e:
            WebHookCall.objects.create(
                webhook=webhook,
                action_type=logentry.action_type,
                target_url=webhook.target_url,
                is_retry=self.request.retries > 0,
                execution_time=time.time() - t,
                return_code=0,
                payload=json.dumps(payload),
                response_body=str(e)[:1024 * 1024]
            )
            raise self.retry(countdown=2 ** (self.request.retries * 2))
    except MaxRetriesExceededError:
        pass
--- a/src/pretix/base/channels.py
+++ b/src/pretix/base/channels.py
@@ -1,66 +0,0 @@
 import logging
 from collections import OrderedDict
 from django.dispatch import receiver
 from django.utils.translation import ugettext_lazy as _
 from pretix.base.signals import register_sales_channels
 logger = logging.getLogger(__name__)
 _ALL_CHANNELS = None
 class SalesChannel:
    def __repr__(self):
        return '<SalesChannel: {}>'.format(self.identifier)
    @property
    def identifier(self) -> str:
        """
        The internal identifier of this sales channel.
        """
        raise NotImplementedError()  # NOQA
    @property
    def verbose_name(self) -> str:
        """
        A human-readable name of this sales channel.
        """
        raise NotImplementedError()  # NOQA
    @property
    def icon(self) -> str:
        """
        The name of a Font Awesome icon to represent this channel
        """
        return "circle"
 def get_all_sales_channels():
    global _ALL_CHANNELS
    if _ALL_CHANNELS:
        return _ALL_CHANNELS
    types = OrderedDict()
    for recv, ret in register_sales_channels.send(None):
        if isinstance(ret, (list, tuple)):
            for r in ret:
                types[r.identifier] = r
        else:
            types[ret.identifier] = ret
    _ALL_CHANNELS = types
    return types
 class WebshopSalesChannel(SalesChannel):
    identifier = "web"
    verbose_name = _('Online shop')
    icon = "globe"
@receiver(register_sales_channels, dispatch_uid="base_register_default_sales_channels")
 def base_sales_channels(sender, **kwargs):
    return (
        WebshopSalesChannel(),
    )
--- a/src/pretix/base/email.py
+++ b/src/pretix/base/email.py
@@ -1,5 +1,5 @@
 import logging
-from smtplib import SMTPResponseException
+from smtplib import SMTPRecipientsRefused, SMTPSenderRefused
 import bleach
 import markdown
@@ -23,14 +23,16 @@ class CustomSMTPBackend(EmailBackend):
        try:
            self.open()
            self.connection.ehlo_or_helo_if_needed()
            self.connection.rcpt("test@example.org")
            (code, resp) = self.connection.mail(from_addr, [])
            if code != 250:
                logger.warn('Error testing mail settings, code %d, resp: %s' % (code, resp))
-                raise SMTPResponseException(code, resp)
+                raise SMTPSenderRefused(code, resp, from_addr)
            senderrs = {}
            (code, resp) = self.connection.rcpt('test@example.com')
            if (code != 250) and (code != 251):
                logger.warn('Error testing mail settings, code %d, resp: %s' % (code, resp))
-                raise SMTPResponseException(code, resp)
+                raise SMTPRecipientsRefused(senderrs)
        finally:
            self.close()
@@ -95,7 +97,7 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
    @property
    def template_name(self):
-        raise NotImplementedError()
+        raise NotImplemented
    def render(self, plain_body: str, plain_signature: str, subject: str, order: Order) -> str:
        body_md = bleach.linkify(markdown_compile(plain_body))
--- a/src/pretix/base/exporter.py
+++ b/src/pretix/base/exporter.py
@@ -1,14 +1,5 @@
 import io
 import tempfile
 from collections import OrderedDict
 from typing import Tuple
 from defusedcsv import csv
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 from openpyxl import Workbook
 from openpyxl.cell.cell import KNOWN_TYPES
 class BaseExporter:
    """
@@ -64,7 +55,7 @@ class BaseExporter:
        """
        return {}
-    def render(self, form_data: dict) -> Tuple[str, str, bytes]:
+    def render(self, form_data: dict) -> Tuple[str, str, str]:
        """
        Render the exported file and return a tuple consisting of a filename, a file type
        and file content.
@@ -78,68 +69,3 @@ class BaseExporter:
        tasks.
        """
        raise NotImplementedError()  # NOQA
 class ListExporter(BaseExporter):
    @property
    def export_form_fields(self) -> dict:
        ff = OrderedDict(
            [
                ('_format',
                 forms.ChoiceField(
                     label=_('Export format'),
                     choices=(
                         ('xlsx', _('Excel (.xlsx)')),
                         ('default', _('CSV (with commas)')),
                         ('excel', _('CSV (Excel-style)')),
                         ('semicolon', _('CSV (with semicolons)')),
                     ),
                 )),
            ]
        )
        ff.update(self.additional_form_fields)
        return ff
    @property
    def additional_form_fields(self) -> dict:
        return {}
    def iterate_list(self, form_data):
        raise NotImplementedError()  # noqa
    def get_filename(self):
        return 'export.csv'
    def _render_csv(self, form_data, **kwargs):
        output = io.StringIO()
        writer = csv.writer(output, **kwargs)
        for line in self.iterate_list(form_data):
            writer.writerow(line)
        return self.get_filename() + '.csv', 'text/csv', output.getvalue().encode("utf-8")
    def _render_xlsx(self, form_data):
        wb = Workbook()
        ws = wb.get_active_sheet()
        try:
            ws.title = str(self.verbose_name)
        except:
            pass
        for i, line in enumerate(self.iterate_list(form_data)):
            for j, val in enumerate(line):
                ws.cell(row=i + 1, column=j + 1).value = str(val) if not isinstance(val, KNOWN_TYPES) else val
        with tempfile.NamedTemporaryFile(suffix='.xlsx') as f:
            wb.save(f.name)
            f.seek(0)
            return self.get_filename() + '.xlsx', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', f.read()
    def render(self, form_data: dict) -> Tuple[str, str, bytes]:
        if form_data.get('_format') == 'xlsx':
            return self._render_xlsx(form_data)
        elif form_data.get('_format') == 'default':
            return self._render_csv(form_data, quoting=csv.QUOTE_NONNUMERIC, delimiter=',')
        elif form_data.get('_format') == 'csv-excel':
            return self._render_csv(form_data, dialect='excel')
        elif form_data.get('_format') == 'semicolon':
            return self._render_csv(form_data, dialect='excel', delimiter=';')
--- a/src/pretix/base/exporters/invoices.py
+++ b/src/pretix/base/exporters/invoices.py
@@ -27,7 +27,7 @@ class InvoiceExporter(BaseExporter):
            qs = qs.annotate(
                has_payment_with_provider=Exists(
                    OrderPayment.objects.filter(
-                        Q(order=OuterRef('order_id')) & Q(provider=form_data.get('payment_provider'))
+                        Q(order=OuterRef('pk')) & Q(provider=form_data.get('payment_provider'))
                    )
                )
            )
--- a/src/pretix/base/exporters/orderlist.py
+++ b/src/pretix/base/exporters/orderlist.py
@@ -1,7 +1,9 @@
 import io
 from collections import OrderedDict
 from decimal import Decimal
 import pytz
 from defusedcsv import csv
 from django import forms
 from django.db.models import DateTimeField, Max, OuterRef, Subquery, Sum
 from django.dispatch import receiver
@@ -10,18 +12,17 @@ from django.utils.translation import ugettext as _, ugettext_lazy
 from pretix.base.models import InvoiceAddress, Order, OrderPosition
 from pretix.base.models.orders import OrderFee, OrderPayment, OrderRefund
 from pretix.base.settings import PERSON_NAME_SCHEMES
-from ..exporter import ListExporter
+from ..exporter import BaseExporter
 from ..signals import register_data_exporters
-class OrderListExporter(ListExporter):
+class OrderListExporter(BaseExporter):
-    identifier = 'orderlist'
+    identifier = 'orderlistcsv'
-    verbose_name = ugettext_lazy('List of orders')
+    verbose_name = ugettext_lazy('List of orders (CSV)')
    @property
-    def additional_form_fields(self):
+    def export_form_fields(self):
        return OrderedDict(
            [
                ('paid_only',
@@ -49,8 +50,10 @@ class OrderListExporter(ListExporter):
        tax_rates = sorted(tax_rates)
        return tax_rates
-    def iterate_list(self, form_data: dict):
+    def render(self, form_data: dict):
        output = io.StringIO()
        tz = pytz.timezone(self.event.settings.timezone)
        writer = csv.writer(output, quoting=csv.QUOTE_NONNUMERIC, delimiter=",")
        p_date = OrderPayment.objects.filter(
            order=OuterRef('pk'),
@@ -71,14 +74,7 @@ class OrderListExporter(ListExporter):
        headers = [
            _('Order code'), _('Order total'), _('Status'), _('Email'), _('Order date'),
-            _('Company'), _('Name'),
+            _('Company'), _('Name'), _('Address'), _('ZIP code'), _('City'), _('Country'), _('VAT ID'),
        ]
        name_scheme = PERSON_NAME_SCHEMES[self.event.settings.name_scheme]
        if len(name_scheme['fields']) > 1:
            for k, label, w in name_scheme['fields']:
                headers.append(label)
        headers += [
            _('Address'), _('ZIP code'), _('City'), _('Country'), _('VAT ID'),
            _('Date of last payment'), _('Fees'), _('Order locale')
        ]
@@ -91,7 +87,7 @@ class OrderListExporter(ListExporter):
        headers.append(_('Invoice numbers'))
-        yield headers
+        writer.writerow(headers)
        full_fee_sum_cache = {
            o['order__id']: o['grosssum'] for o in
@@ -122,13 +118,6 @@ class OrderListExporter(ListExporter):
                row += [
                    order.invoice_address.company,
                    order.invoice_address.name,
                ]
                if len(name_scheme['fields']) > 1:
                    for k, label, w in name_scheme['fields']:
                        row.append(
                            order.invoice_address.name_parts.get(k, '')
                        )
                row += [
                    order.invoice_address.street,
                    order.invoice_address.zipcode,
                    order.invoice_address.city,
@@ -137,7 +126,7 @@ class OrderListExporter(ListExporter):
                    order.invoice_address.vat_id,
                ]
            except InvoiceAddress.DoesNotExist:
-                row += [''] * (7 + (len(name_scheme['fields']) if len(name_scheme['fields']) > 1 else 0))
+                row += ['', '', '', '', '', '', '']
            row += [
                order.payment_date.astimezone(tz).strftime('%Y-%m-%d') if order.payment_date else '',
@@ -158,18 +147,17 @@ class OrderListExporter(ListExporter):
                ]
            row.append(', '.join([i.number for i in order.invoices.all()]))
-            yield row
+            writer.writerow(row)
-    def get_filename(self):
+        return '{}_orders.csv'.format(self.event.slug), 'text/csv', output.getvalue().encode("utf-8")
        return '{}_orders'.format(self.event.slug)
-class PaymentListExporter(ListExporter):
+class PaymentListExporter(BaseExporter):
-    identifier = 'paymentlist'
+    identifier = 'paymentlistcsv'
-    verbose_name = ugettext_lazy('List of payments and refunds')
+    verbose_name = ugettext_lazy('List of payments and refunds (CSV)')
    @property
-    def additional_form_fields(self):
+    def export_form_fields(self):
        return OrderedDict(
            [
                ('successful_only',
@@ -181,8 +169,10 @@ class PaymentListExporter(ListExporter):
            ]
        )
-    def iterate_list(self, form_data):
+    def render(self, form_data: dict):
        output = io.StringIO()
        tz = pytz.timezone(self.event.settings.timezone)
        writer = csv.writer(output, quoting=csv.QUOTE_NONNUMERIC, delimiter=",")
        provider_names = {
            k: v.verbose_name
@@ -210,7 +200,7 @@ class PaymentListExporter(ListExporter):
            _('Order'), _('Payment ID'), _('Creation date'), _('Completion date'), _('Status'),
            _('Amount'), _('Payment method')
        ]
-        yield headers
+        writer.writerow(headers)
        for obj in objs:
            if isinstance(obj, OrderPayment) and obj.payment_date:
@@ -228,22 +218,24 @@ class PaymentListExporter(ListExporter):
                localize(obj.amount * (-1 if isinstance(obj, OrderRefund) else 1)),
                provider_names.get(obj.provider, obj.provider)
            ]
-            yield row
+            writer.writerow(row)
-    def get_filename(self):
+        return '{}_payments.csv'.format(self.event.slug), 'text/csv', output.getvalue().encode("utf-8")
        return '{}_payments'.format(self.event.slug)
-class QuotaListExporter(ListExporter):
+class QuotaListExporter(BaseExporter):
-    identifier = 'quotalist'
+    identifier = 'quotalistcsv'
-    verbose_name = ugettext_lazy('Quota availabilities')
+    verbose_name = ugettext_lazy('Quota availabilities (CSV)')
    def render(self, form_data: dict):
        output = io.StringIO()
        writer = csv.writer(output, quoting=csv.QUOTE_NONNUMERIC, delimiter=",")
    def iterate_list(self, form_data):
        headers = [
            _('Quota name'), _('Total quota'), _('Paid orders'), _('Pending orders'), _('Blocking vouchers'),
            _('Current user\'s carts'), _('Waiting list'), _('Current availability')
        ]
-        yield headers
+        writer.writerow(headers)
        for quota in self.event.quotas.all():
            avail = quota.availability()
@@ -257,10 +249,9 @@ class QuotaListExporter(ListExporter):
                quota.count_waiting_list_pending(),
                _('Infinite') if avail[1] is None else avail[1]
            ]
-            yield row
+            writer.writerow(row)
-    def get_filename(self):
+        return '{}_quotas.csv'.format(self.event.slug), 'text/csv', output.getvalue().encode("utf-8")
        return '{}_quotas'.format(self.event.slug)
@receiver(register_data_exporters, dispatch_uid="exporter_orderlist")
--- a/src/pretix/base/forms/init.py
+++ b/src/pretix/base/forms/init.py
@@ -57,7 +57,7 @@ class SettingsForm(i18nfield.forms.I18nFormMixin, HierarkeyForm):
        kwargs['locales'] = self.locales
        kwargs['initial'] = self.obj.settings.freeze()
        super().__init__(*args, **kwargs)
-        for k, f in self.fields.items():
+        for f in self.fields.values():
            if isinstance(f, (RelativeDateTimeField, RelativeDateField)):
                f.set_event(self.obj)
--- a/src/pretix/base/forms/questions.py
+++ b/src/pretix/base/forms/questions.py
@@ -1,4 +1,3 @@
 import copy
 import logging
 from decimal import Decimal
@@ -9,7 +8,6 @@ import vat_moss.id
 from django import forms
 from django.contrib import messages
 from django.core.exceptions import ValidationError
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
 from pretix.base.forms.widgets import (
@@ -18,112 +16,12 @@ from pretix.base.forms.widgets import (
 )
 from pretix.base.models import InvoiceAddress, Question
 from pretix.base.models.tax import EU_COUNTRIES
 from pretix.base.settings import PERSON_NAME_SCHEMES
 from pretix.base.templatetags.rich_text import rich_text
 from pretix.control.forms import SplitDateTimeField
 from pretix.helpers.i18n import get_format_without_seconds
 from pretix.presale.signals import question_form_fields
 logger = logging.getLogger(__name__)
 class NamePartsWidget(forms.MultiWidget):
    widget = forms.TextInput
    def __init__(self, scheme: dict, field: forms.Field, attrs=None):
        widgets = []
        self.scheme = scheme
        self.field = field
        for fname, label, size in self.scheme['fields']:
            a = copy.copy(attrs) or {}
            a['data-fname'] = fname
            widgets.append(self.widget(attrs=a))
        super().__init__(widgets, attrs)
    def decompress(self, value):
        if value is None:
            return None
        data = []
        for i, field in enumerate(self.scheme['fields']):
            fname, label, size = field
            data.append(value.get(fname, ""))
        if '_legacy' in value and not data[-1]:
            data[-1] = value.get('_legacy', '')
        return data
    def render(self, name: str, value, attrs=None, renderer=None) -> str:
        if not isinstance(value, list):
            value = self.decompress(value)
        output = []
        final_attrs = self.build_attrs(attrs or dict())
        if 'required' in final_attrs:
            del final_attrs['required']
        id_ = final_attrs.get('id', None)
        for i, widget in enumerate(self.widgets):
            try:
                widget_value = value[i]
            except (IndexError, TypeError):
                widget_value = None
            if id_:
                final_attrs = dict(
                    final_attrs,
                    id='%s_%s' % (id_, i),
                    title=self.scheme['fields'][i][1],
                    placeholder=self.scheme['fields'][i][1],
                )
                final_attrs['data-size'] = self.scheme['fields'][i][2]
            output.append(widget.render(name + '_%s' % i, widget_value, final_attrs, renderer=renderer))
        return mark_safe(self.format_output(output))
    def format_output(self, rendered_widgets) -> str:
        return '<div class="nameparts-form-group">%s</div>' % ''.join(rendered_widgets)
 class NamePartsFormField(forms.MultiValueField):
    widget = NamePartsWidget
    def compress(self, data_list) -> dict:
        data = {}
        data['_scheme'] = self.scheme_name
        for i, value in enumerate(data_list):
            data[self.scheme['fields'][i][0]] = value or ''
        return data
    def __init__(self, *args, **kwargs):
        fields = []
        defaults = {
            'widget': self.widget,
            'max_length': kwargs.pop('max_length', None),
        }
        self.scheme_name = kwargs.pop('scheme')
        self.scheme = PERSON_NAME_SCHEMES.get(self.scheme_name)
        self.one_required = kwargs.get('required', True)
        require_all_fields = kwargs.pop('require_all_fields', False)
        kwargs['required'] = False
        kwargs['widget'] = (kwargs.get('widget') or self.widget)(
            scheme=self.scheme, field=self, **kwargs.pop('widget_kwargs', {})
        )
        defaults.update(**kwargs)
        for fname, label, size in self.scheme['fields']:
            defaults['label'] = label
            field = forms.CharField(**defaults)
            field.part_name = fname
            fields.append(field)
        super().__init__(
            fields=fields, require_all_fields=False, *args, **kwargs
        )
        self.require_all_fields = require_all_fields
        self.required = self.one_required
    def clean(self, value) -> dict:
        value = super().clean(value)
        if self.one_required and (not value or not any(v for v in value)):
            raise forms.ValidationError(self.error_messages['required'], code='required')
        if self.require_all_fields and not all(v for v in value):
            raise forms.ValidationError(self.error_messages['incomplete'], code='required')
        return value
 class BaseQuestionsForm(forms.Form):
    """
    This form class is responsible for asking order-related questions. This includes
@@ -148,12 +46,10 @@ class BaseQuestionsForm(forms.Form):
        super().__init__(*args, **kwargs)
        if item.admission and event.settings.attendee_names_asked:
-            self.fields['attendee_name_parts'] = NamePartsFormField(
+            self.fields['attendee_name'] = forms.CharField(
-                max_length=255,
+                max_length=255, required=event.settings.attendee_names_required,
                required=event.settings.attendee_names_required,
                scheme=event.settings.name_scheme,
                label=_('Attendee name'),
-                initial=(cartpos.attendee_name_parts if cartpos else orderpos.attendee_name_parts),
+                initial=(cartpos.attendee_name if cartpos else orderpos.attendee_name),
            )
        if item.admission and event.settings.attendee_emails_asked:
            self.fields['attendee_email'] = forms.EmailField(
@@ -170,7 +66,6 @@ class BaseQuestionsForm(forms.Form):
            else:
                initial = None
            tz = pytz.timezone(event.settings.timezone)
            help_text = rich_text(q.help_text)
            if q.type == Question.TYPE_BOOLEAN:
                if q.required:
                    # For some reason, django-bootstrap3 does not set the required attribute
@@ -186,7 +81,7 @@ class BaseQuestionsForm(forms.Form):
                field = forms.BooleanField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    initial=initialbool, widget=widget,
                )
            elif q.type == Question.TYPE_NUMBER:
@@ -199,13 +94,13 @@ class BaseQuestionsForm(forms.Form):
            elif q.type == Question.TYPE_STRING:
                field = forms.CharField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    initial=initial.answer if initial else None,
                )
            elif q.type == Question.TYPE_TEXT:
                field = forms.CharField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    widget=forms.Textarea,
                    initial=initial.answer if initial else None,
                )
@@ -213,7 +108,7 @@ class BaseQuestionsForm(forms.Form):
                field = forms.ModelChoiceField(
                    queryset=q.options,
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    widget=forms.Select,
                    empty_label='',
                    initial=initial.options.first() if initial else None,
@@ -222,35 +117,35 @@ class BaseQuestionsForm(forms.Form):
                field = forms.ModelMultipleChoiceField(
                    queryset=q.options,
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    widget=forms.CheckboxSelectMultiple,
                    initial=initial.options.all() if initial else None,
                )
            elif q.type == Question.TYPE_FILE:
                field = forms.FileField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    initial=initial.file if initial else None,
                    widget=UploadedFileWidget(position=pos, event=event, answer=initial),
                )
            elif q.type == Question.TYPE_DATE:
                field = forms.DateField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    initial=dateutil.parser.parse(initial.answer).date() if initial and initial.answer else None,
                    widget=DatePickerWidget(),
                )
            elif q.type == Question.TYPE_TIME:
                field = forms.TimeField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    initial=dateutil.parser.parse(initial.answer).time() if initial and initial.answer else None,
                    widget=TimePickerWidget(time_format=get_format_without_seconds('TIME_INPUT_FORMATS')),
                )
            elif q.type == Question.TYPE_DATETIME:
-                field = SplitDateTimeField(
+                field = forms.SplitDateTimeField(
                    label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                    initial=dateutil.parser.parse(initial.answer).astimezone(tz) if initial and initial.answer else None,
                    widget=SplitDateTimePickerWidget(time_format=get_format_without_seconds('TIME_INPUT_FORMATS')),
                )
@@ -274,12 +169,13 @@ class BaseInvoiceAddressForm(forms.ModelForm):
    class Meta:
        model = InvoiceAddress
-        fields = ('is_business', 'company', 'name_parts', 'street', 'zipcode', 'city', 'country', 'vat_id',
+        fields = ('is_business', 'company', 'name', 'street', 'zipcode', 'city', 'country', 'vat_id',
                  'internal_reference')
        widgets = {
            'is_business': BusinessBooleanRadio,
            'street': forms.Textarea(attrs={'rows': 2, 'placeholder': _('Street and Number')}),
            'company': forms.TextInput(attrs={'data-display-dependency': '#id_is_business_1'}),
            'name': forms.TextInput(attrs={}),
            'vat_id': forms.TextInput(attrs={'data-display-dependency': '#id_is_business_1'}),
            'internal_reference': forms.TextInput,
        }
@@ -294,13 +190,15 @@ class BaseInvoiceAddressForm(forms.ModelForm):
        super().__init__(*args, **kwargs)
        if not event.settings.invoice_address_vatid:
            del self.fields['vat_id']
        if not event.settings.invoice_address_required:
            for k, f in self.fields.items():
                f.required = False
                f.widget.is_required = False
                if 'required' in f.widget.attrs:
                    del f.widget.attrs['required']
            if event.settings.invoice_name_required:
                self.fields['name'].required = True
        elif event.settings.invoice_address_company_required:
            self.initial['is_business'] = True
@@ -311,34 +209,18 @@ class BaseInvoiceAddressForm(forms.ModelForm):
            del self.fields['company'].widget.attrs['data-display-dependency']
            if 'vat_id' in self.fields:
                del self.fields['vat_id'].widget.attrs['data-display-dependency']
-
+        else:
        self.fields['name_parts'] = NamePartsFormField(
            max_length=255,
            required=event.settings.invoice_name_required,
            scheme=event.settings.name_scheme,
            label=_('Name'),
            initial=(self.instance.name_parts if self.instance else self.instance.name_parts),
        )
        if event.settings.invoice_address_required and not event.settings.invoice_address_company_required:
            self.fields['name_parts'].widget.attrs['data-required-if'] = '#id_is_business_0'
            self.fields['name_parts'].widget.attrs['data-no-required-attr'] = '1'
            self.fields['company'].widget.attrs['data-required-if'] = '#id_is_business_1'
            self.fields['name'].widget.attrs['data-required-if'] = '#id_is_business_0'
    def clean(self):
        data = self.cleaned_data
-        if not data.get('is_business'):
+        if not data.get('name') and not data.get('company') and self.event.settings.invoice_address_required:
-            data['company'] = ''
+            raise ValidationError(_('You need to provide either a company name or your name.'))
        if self.event.settings.invoice_address_required:
            if data.get('is_business') and not data.get('company'):
                raise ValidationError(_('You need to provide a company name.'))
            if not data.get('is_business') and not data.get('name_parts'):
                raise ValidationError(_('You need to provide your name.'))
        if 'vat_id' in self.changed_data or not data.get('vat_id'):
            self.instance.vat_id_validated = False
        self.instance.name_parts = data.get('name_parts')
        if self.validate_vat_id and self.instance.vat_id_validated and 'vat_id' not in self.changed_data:
            pass
        elif self.validate_vat_id and data.get('is_business') and data.get('country') in EU_COUNTRIES and data.get('vat_id'):
@@ -350,7 +232,7 @@ class BaseInvoiceAddressForm(forms.ModelForm):
                    country_code, normalized_id, company_name = result
                    self.instance.vat_id_validated = True
                    self.instance.vat_id = normalized_id
-            except (vat_moss.errors.InvalidError, ValueError):
+            except vat_moss.errors.InvalidError:
                raise ValidationError(_('This VAT ID is not valid. Please re-check your input.'))
            except vat_moss.errors.WebServiceUnavailableError:
                logger.exception('VAT ID checking failed for country {}'.format(data.get('country')))
--- a/src/pretix/base/forms/widgets.py
+++ b/src/pretix/base/forms/widgets.py
@@ -2,7 +2,6 @@ import os
 from django import forms
 from django.utils.formats import get_format
 from django.utils.functional import lazy
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _
@@ -93,20 +92,14 @@ class SplitDateTimePickerWidget(forms.SplitDateTimeWidget):
        date_attrs['class'] += ' datepickerfield'
        time_attrs['class'] += ' timepickerfield'
-        def date_placeholder():
+        df = date_format or get_format('DATE_INPUT_FORMATS')[0]
-            df = date_format or get_format('DATE_INPUT_FORMATS')[0]
+        date_attrs['placeholder'] = now().replace(
-            return now().replace(
+            year=2000, month=12, day=31, hour=18, minute=0, second=0, microsecond=0
-                year=2000, month=12, day=31, hour=18, minute=0, second=0, microsecond=0
+        ).strftime(df)
-            ).strftime(df)
+        tf = time_format or get_format('TIME_INPUT_FORMATS')[0]
-
+        time_attrs['placeholder'] = now().replace(
-        def time_placeholder():
+            year=2000, month=1, day=1, hour=0, minute=0, second=0, microsecond=0
-            tf = time_format or get_format('TIME_INPUT_FORMATS')[0]
+        ).strftime(tf)
            return now().replace(
                year=2000, month=1, day=1, hour=0, minute=0, second=0, microsecond=0
            ).strftime(tf)
        date_attrs['placeholder'] = lazy(date_placeholder, str)
        time_attrs['placeholder'] = lazy(time_placeholder, str)
        widgets = (
            forms.DateInput(attrs=date_attrs, format=date_format),
--- a/src/pretix/base/invoice.py
+++ b/src/pretix/base/invoice.py
@@ -192,15 +192,8 @@ class ThumbnailingImageReader(ImageReader):
            size=(int(width * dpi / 72), int(height * dpi / 72)),
            resample=BICUBIC
        )
        self._data = None
        return width, height
    def _jpeg_fh(self):
        # Bypass a reportlab-internal optimization that falls back to the original
        # file handle if the file is a JPEG, and therefore does not respect the
        # (smaller) size of the modified image.
        return None
 class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
    identifier = 'classic'
@@ -223,7 +216,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
        p.drawOn(canvas, 25 * mm, (297 - 52) * mm - p_size[1])
    def _draw_invoice_from(self, canvas):
-        p = Paragraph(self.invoice.full_invoice_from.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
+        p = Paragraph(self.invoice.invoice_from.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
        p.wrapOn(canvas, 70 * mm, 50 * mm)
        p_size = p.wrap(70 * mm, 50 * mm)
        p.drawOn(canvas, 25 * mm, (297 - 17) * mm - p_size[1])
@@ -330,7 +323,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
            return txt
        if not self.invoice.event.has_subevents:
-            if self.invoice.event.settings.show_date_to and self.invoice.event.date_to:
+            if self.invoice.event.settings.show_date_to:
                p_str = (
                    shorten(self.invoice.event.name) + '\n' + pgettext('invoice', '{from_date}\nuntil {to_date}').format(
                        from_date=self.invoice.event.get_date_from_display(),
@@ -386,7 +379,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
        if self.invoice.internal_reference:
            story.append(Paragraph(
-                pgettext('invoice', 'Customer reference: {reference}').format(reference=self.invoice.internal_reference),
+                pgettext('invoice', 'Your reference: {reference}').format(reference=self.invoice.internal_reference),
                self.stylesheet['Normal']
            ))
--- a/src/pretix/base/migrations/0001_initial.py
+++ b/src/pretix/base/migrations/0001_initial.py
@@ -28,8 +28,7 @@ class Migration(migrations.Migration):
                ('password', models.CharField(verbose_name='password', max_length=128)),
                ('last_login', models.DateTimeField(verbose_name='last login', blank=True, null=True)),
                ('is_superuser', models.BooleanField(verbose_name='superuser status', default=False, help_text='Designates that this user has all permissions without explicitly assigning them.')),
-                ('email', models.EmailField(max_length=191, blank=True, unique=True, verbose_name='E-mail', null=True,
+                ('email', models.EmailField(max_length=254, blank=True, unique=True, verbose_name='E-mail', null=True, db_index=True)),
                                            db_index=True)),
                ('givenname', models.CharField(verbose_name='Given name', max_length=255, blank=True, null=True)),
                ('familyname', models.CharField(verbose_name='Family name', max_length=255, blank=True, null=True)),
                ('is_active', models.BooleanField(verbose_name='Is active', default=True)),
--- a/src/pretix/base/migrations/0099_auto_20180912_1035.py
+++ b/src/pretix/base/migrations/0099_auto_20180912_1035.py
@@ -1,45 +0,0 @@
 # Generated by Django 2.1 on 2018-09-12 10:35
 import django.db.models.deletion
 from django.db import migrations, models
 import pretix.base.models.devices
 class Migration(migrations.Migration):
    dependencies = [
        ('pretixbase', '0098_auto_20180731_1243_squashed_0100_item_require_approval'),
    ]
    operations = [
        migrations.CreateModel(
            name='Device',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('device_id', models.PositiveIntegerField()),
                ('unique_serial', models.CharField(default=pretix.base.models.devices.generate_serial, max_length=190, unique=True)),
                ('initialization_token', models.CharField(default=pretix.base.models.devices.generate_initialization_token, max_length=190, unique=True)),
                ('api_token', models.CharField(max_length=190, null=True, unique=True)),
                ('all_events', models.BooleanField(default=False, verbose_name='All events (including newly created ones)')),
                ('name', models.CharField(max_length=190, verbose_name='Name')),
                ('created', models.DateTimeField(auto_now_add=True, verbose_name='Setup date')),
                ('initialized', models.DateTimeField(null=True, verbose_name='Initialization date')),
                ('hardware_brand', models.CharField(blank=True, max_length=190, null=True)),
                ('hardware_model', models.CharField(blank=True, max_length=190, null=True)),
                ('software_brand', models.CharField(blank=True, max_length=190, null=True)),
                ('software_version', models.CharField(blank=True, max_length=190, null=True)),
                ('limit_events', models.ManyToManyField(blank=True, to='pretixbase.Event', verbose_name='Limit to events')),
                ('organizer', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='devices', to='pretixbase.Organizer')),
            ],
        ),
        migrations.AlterUniqueTogether(
            name='device',
            unique_together={('organizer', 'device_id')},
        ),
        migrations.AddField(
            model_name='logentry',
            name='device',
            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, to='pretixbase.Device'),
        ),
    ]
--- a/src/pretix/base/migrations/0100_auto_20181023_2300.py
+++ b/src/pretix/base/migrations/0100_auto_20181023_2300.py
@@ -1,79 +0,0 @@
 # Generated by Django 2.1 on 2018-10-23 23:00
 import django_countries.fields
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('pretixbase', '0099_auto_20180912_1035'),
    ]
    operations = [
        migrations.AddField(
            model_name='invoice',
            name='invoice_from_city',
            field=models.CharField(max_length=190, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_from_country',
            field=django_countries.fields.CountryField(max_length=2, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_from_name',
            field=models.CharField(max_length=190, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_from_tax_id',
            field=models.CharField(max_length=190, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_from_vat_id',
            field=models.CharField(max_length=190, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_from_zipcode',
            field=models.CharField(max_length=190, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_city',
            field=models.TextField(null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_company',
            field=models.TextField(null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_country',
            field=django_countries.fields.CountryField(max_length=2, null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_name',
            field=models.TextField(null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_street',
            field=models.TextField(null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_vat_id',
            field=models.TextField(null=True),
        ),
        migrations.AddField(
            model_name='invoice',
            name='invoice_to_zipcode',
            field=models.CharField(max_length=190, null=True),
        ),
    ]
--- a/src/pretix/base/migrations/0101_auto_20181025_2255.py
+++ b/src/pretix/base/migrations/0101_auto_20181025_2255.py
@@ -1,18 +0,0 @@
 # Generated by Django 2.1 on 2018-10-25 22:55
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('pretixbase', '0100_auto_20181023_2300'),
    ]
    operations = [
        migrations.AddField(
            model_name='invoice',
            name='reverse_charge',
            field=models.BooleanField(default=False),
        ),
    ]
--- a/src/pretix/base/migrations/0102_auto_20181017_0024.py
+++ b/src/pretix/base/migrations/0102_auto_20181017_0024.py
@@ -1,96 +0,0 @@
 # Generated by Django 2.1 on 2018-10-17 00:24
 import jsonfallback.fields
 from django.core.exceptions import ImproperlyConfigured
 from django.db import migrations
 from django_mysql.checks import mysql_connections
 from django_mysql.utils import connection_is_mariadb
 def set_attendee_name_parts(apps, schema_editor):
    OrderPosition = apps.get_model('pretixbase', 'OrderPosition')  # noqa
    for op in OrderPosition.objects.exclude(attendee_name_cached=None).exclude(
            attendee_name_cached__isnull=True).iterator():
        op.attendee_name_parts = {'_legacy': op.attendee_name_cached}
        op.save(update_fields=['attendee_name_parts'])
    CartPosition = apps.get_model('pretixbase', 'CartPosition')  # noqa
    for op in CartPosition.objects.exclude(attendee_name_cached=None).exclude(
            attendee_name_cached__isnull=True).iterator():
        op.attendee_name_parts = {'_legacy': op.attendee_name_cached}
        op.save(update_fields=['attendee_name_parts'])
    InvoiceAddress = apps.get_model('pretixbase', 'InvoiceAddress')  # noqa
    for ia in InvoiceAddress.objects.exclude(name_cached=None).exclude(
            name_cached__isnull=True).iterator():
        ia.name_parts = {'_legacy': ia.name_cached}
        ia.save(update_fields=['name_parts'])
 def check_mysqlversion(apps, schema_editor):
    errors = []
    any_conn_works = False
    conns = list(mysql_connections())
    found = 'Unknown version'
    for alias, conn in conns:
        if connection_is_mariadb(conn) and hasattr(conn, 'mysql_version'):
            if conn.mysql_version >= (10, 2, 7):
                any_conn_works = True
            else:
                found = 'MariaDB ' + '.'.join(str(v) for v in conn.mysql_version)
        elif hasattr(conn, 'mysql_version'):
            if conn.mysql_version >= (5, 7):
                any_conn_works = True
            else:
                found = 'MySQL ' + '.'.join(str(v) for v in conn.mysql_version)
    if conns and not any_conn_works:
        raise ImproperlyConfigured(
            'As of pretix 2.2, you need MySQL 5.7+ or MariaDB 10.2.7+ to run pretix. However, we detected a '
            'database connection to {}'.format(found)
        )
    return errors
 class Migration(migrations.Migration):
    dependencies = [
        ('pretixbase', '0101_auto_20181025_2255'),
    ]
    operations = [
        migrations.RunPython(
            check_mysqlversion, migrations.RunPython.noop
        ),
        migrations.RenameField(
            model_name='cartposition',
            old_name='attendee_name',
            new_name='attendee_name_cached',
        ),
        migrations.RenameField(
            model_name='orderposition',
            old_name='attendee_name',
            new_name='attendee_name_cached',
        ),
        migrations.RenameField(
            model_name='invoiceaddress',
            old_name='name',
            new_name='name_cached',
        ),
        migrations.AddField(
            model_name='cartposition',
            name='attendee_name_parts',
            field=jsonfallback.fields.FallbackJSONField(null=False, default=dict),
            preserve_default=False,
        ),
        migrations.AddField(
            model_name='orderposition',
            name='attendee_name_parts',
            field=jsonfallback.fields.FallbackJSONField(null=False, default=dict),
            preserve_default=False,
        ),
        migrations.AddField(
            model_name='invoiceaddress',
            name='name_parts',
            field=jsonfallback.fields.FallbackJSONField(default=dict),
            preserve_default=False,
        ),
        migrations.RunPython(set_attendee_name_parts, migrations.RunPython.noop)
    ]
--- a/src/pretix/base/migrations/0103_auto_20181121_1224.py
+++ b/src/pretix/base/migrations/0103_auto_20181121_1224.py
@@ -1,29 +0,0 @@
 # Generated by Django 2.1.1 on 2018-11-21 12:24
 import django.db.models.deletion
 import jsonfallback.fields
 from django.db import migrations, models
 import pretix.base.models.fields
 class Migration(migrations.Migration):
    dependencies = [
        ('pretixbase', '0102_auto_20181017_0024'),
    ]
    operations = [
        migrations.AddField(
            model_name='item',
            name='sales_channels',
            field=pretix.base.models.fields.MultiStringField(default=['web'], verbose_name='Sales channels'),
            preserve_default=False,
        ),
        migrations.AddField(
            model_name='order',
            name='sales_channel',
            field=models.CharField(default='web', max_length=190),
            preserve_default=False,
        ),
    ]
--- a/src/pretix/base/models/init.py
+++ b/src/pretix/base/models/init.py
@@ -2,7 +2,6 @@ from ..settings import GlobalSettingsObject_SettingsStore
 from .auth import U2FDevice, User
 from .base import CachedFile, LoggedModel, cachedfile_name
 from .checkin import Checkin, CheckinList
 from .devices import Device
 from .event import (
    Event, Event_SettingsStore, EventLock, EventMetaProperty, EventMetaValue,
    RequiredAction, SubEvent, SubEventMetaValue, generate_invite_token,
--- a/src/pretix/base/models/auth.py
+++ b/src/pretix/base/models/auth.py
@@ -75,7 +75,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
    REQUIRED_FIELDS = []
    email = models.EmailField(unique=True, db_index=True, null=True, blank=True,
-                              verbose_name=_('E-mail'), max_length=190)
+                              verbose_name=_('E-mail'))
    fullname = models.CharField(max_length=255, blank=True, null=True,
                                verbose_name=_('Full name'))
    is_active = models.BooleanField(default=True,
--- a/src/pretix/base/models/base.py
+++ b/src/pretix/base/models/base.py
@@ -3,7 +3,6 @@ import uuid
 from django.contrib.contenttypes.models import ContentType
 from django.db import models
 from django.db.models.constants import LOOKUP_SEP
 from django.db.models.signals import post_delete
 from django.dispatch import receiver
 from django.utils.crypto import get_random_string
@@ -48,12 +47,10 @@ class LoggingMixin:
        """
        from .log import LogEntry
        from .event import Event
        from .devices import Device
        from pretix.api.models import OAuthAccessToken, OAuthApplication
        from .organizer import TeamAPIToken
        from ..notifications import get_all_notification_types
        from ..services.notifications import notify
        from pretix.api.webhooks import get_all_webhook_events, notify_webhooks
        event = None
        if isinstance(self, Event):
@@ -70,8 +67,6 @@ class LoggingMixin:
            kwargs['oauth_application'] = auth
        elif isinstance(auth, TeamAPIToken):
            kwargs['api_token'] = auth
        elif isinstance(auth, Device):
            kwargs['device'] = auth
        elif isinstance(api_token, TeamAPIToken):
            kwargs['api_token'] = api_token
@@ -81,21 +76,8 @@ class LoggingMixin:
        if save:
            logentry.save()
-            no_types = get_all_notification_types()
+            if action in get_all_notification_types():
            wh_types = get_all_webhook_events()
            no_type = None
            wh_type = None
            typepath = logentry.action_type
            while (not no_type or not wh_types) and '.' in typepath:
                wh_type = wh_type or wh_types.get(typepath + ('.*' if typepath != logentry.action_type else ''))
                no_type = no_type or no_types.get(typepath + ('.*' if typepath != logentry.action_type else ''))
                typepath = typepath.rsplit('.', 1)[0]
            if no_type:
                notify.apply_async(args=(logentry.pk,))
            if wh_type:
                notify_webhooks.apply_async(args=(logentry.pk,))
        return logentry
@@ -114,50 +96,4 @@ class LoggedModel(models.Model, LoggingMixin):
        return LogEntry.objects.filter(
            content_type=ContentType.objects.get_for_model(type(self)), object_id=self.pk
-        ).select_related('user', 'event', 'oauth_application', 'api_token', 'device')
+        ).select_related('user', 'event', 'oauth_application', 'api_token')
 class LockModel:
    def refresh_for_update(self, fields=None, using=None, **kwargs):
        """
        Like refresh_from_db(), but with select_for_update().
        See also https://code.djangoproject.com/ticket/28344
        """
        if fields is not None:
            if not fields:
                return
            if any(LOOKUP_SEP in f for f in fields):
                raise ValueError(
                    'Found "%s" in fields argument. Relations and transforms '
                    'are not allowed in fields.' % LOOKUP_SEP)
        hints = {'instance': self}
        db_instance_qs = self.__class__._base_manager.db_manager(using, hints=hints).filter(pk=self.pk).select_for_update(**kwargs)
        # Use provided fields, if not set then reload all non-deferred fields.
        deferred_fields = self.get_deferred_fields()
        if fields is not None:
            fields = list(fields)
            db_instance_qs = db_instance_qs.only(*fields)
        elif deferred_fields:
            fields = [f.attname for f in self._meta.concrete_fields
                      if f.attname not in deferred_fields]
            db_instance_qs = db_instance_qs.only(*fields)
        db_instance = db_instance_qs.get()
        non_loaded_fields = db_instance.get_deferred_fields()
        for field in self._meta.concrete_fields:
            if field.attname in non_loaded_fields:
                # This field wasn't refreshed - skip ahead.
                continue
            setattr(self, field.attname, getattr(db_instance, field.attname))
            # Clear cached foreign keys.
            if field.is_relation and field.is_cached(self):
                field.delete_cached_value(self)
        # Clear cached relations.
        for field in self._meta.related_objects:
            if field.is_cached(self):
                field.delete_cached_value(self)
        self._state.db = db_instance._state.db
--- a/src/pretix/base/models/devices.py
+++ b/src/pretix/base/models/devices.py
@@ -1,155 +0,0 @@
 import string
 from django.db import models
 from django.db.models import Max
 from django.utils.crypto import get_random_string
 from django.utils.translation import ugettext_lazy as _
 from pretix.base.models import LoggedModel
 def generate_serial():
    serial = get_random_string(allowed_chars='ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', length=16)
    while Device.objects.filter(unique_serial=serial).exists():
        serial = get_random_string(allowed_chars='ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', length=16)
    return serial
 def generate_initialization_token():
    token = get_random_string(length=16, allowed_chars=string.ascii_lowercase + string.digits)
    while Device.objects.filter(initialization_token=token).exists():
        token = get_random_string(length=16, allowed_chars=string.ascii_lowercase + string.digits)
    return token
 def generate_api_token():
    token = get_random_string(length=64, allowed_chars=string.ascii_lowercase + string.digits)
    while Device.objects.filter(api_token=token).exists():
        token = get_random_string(length=64, allowed_chars=string.ascii_lowercase + string.digits)
    return token
 class Device(LoggedModel):
    organizer = models.ForeignKey(
        'pretixbase.Organizer',
        on_delete=models.PROTECT,
        related_name='devices'
    )
    device_id = models.PositiveIntegerField()
    unique_serial = models.CharField(max_length=190, default=generate_serial, unique=True)
    initialization_token = models.CharField(max_length=190, default=generate_initialization_token, unique=True)
    api_token = models.CharField(max_length=190, unique=True, null=True)
    all_events = models.BooleanField(default=False, verbose_name=_("All events (including newly created ones)"))
    limit_events = models.ManyToManyField('Event', verbose_name=_("Limit to events"), blank=True)
    name = models.CharField(
        max_length=190,
        verbose_name=_('Name')
    )
    created = models.DateTimeField(
        auto_now_add=True,
        verbose_name=_('Setup date')
    )
    initialized = models.DateTimeField(
        verbose_name=_('Initialization date'),
        null=True,
    )
    hardware_brand = models.CharField(
        max_length=190,
        null=True, blank=True
    )
    hardware_model = models.CharField(
        max_length=190,
        null=True, blank=True
    )
    software_brand = models.CharField(
        max_length=190,
        null=True, blank=True
    )
    software_version = models.CharField(
        max_length=190,
        null=True, blank=True
    )
    class Meta:
        unique_together = (('organizer', 'device_id'),)
    def __str__(self):
        return '#{}: {} ({} {})'.format(
            self.device_id, self.name, self.hardware_brand, self.hardware_model
        )
    def save(self, *args, **kwargs):
        if not self.device_id:
            self.device_id = (self.organizer.devices.aggregate(m=Max('device_id'))['m'] or 0) + 1
        super().save(*args, **kwargs)
    def permission_set(self) -> set:
        return {
            'can_view_orders',
            'can_change_orders',
        }
    def get_event_permission_set(self, organizer, event) -> set:
        """
        Gets a set of permissions (as strings) that a token holds for a particular event
        :param organizer: The organizer of the event
        :param event: The event to check
        :return: set of permissions
        """
        has_event_access = (self.all_events and organizer == self.organizer) or (
            event in self.limit_events.all()
        )
        return self.permission_set() if has_event_access else set()
    def get_organizer_permission_set(self, organizer) -> set:
        """
        Gets a set of permissions (as strings) that a token holds for a particular organizer
        :param organizer: The organizer of the event
        :return: set of permissions
        """
        return self.permission_set() if self.organizer == organizer else set()
    def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
        """
        Checks if this token is part of a team that grants access of type ``perm_name``
        to the event ``event``.
        :param organizer: The organizer of the event
        :param event: The event to check
        :param perm_name: The permission, e.g. ``can_change_teams``
        :param request: This parameter is ignored and only defined for compatibility reasons.
        :return: bool
        """
        has_event_access = (self.all_events and organizer == self.organizer) or (
            event in self.limit_events.all()
        )
        if isinstance(perm_name, (tuple, list)):
            return has_event_access and any(p in self.permission_set() for p in perm_name)
        return has_event_access and (not perm_name or perm_name in self.permission_set())
    def has_organizer_permission(self, organizer, perm_name=None, request=None):
        """
        Checks if this token is part of a team that grants access of type ``perm_name``
        to the organizer ``organizer``.
        :param organizer: The organizer to check
        :param perm_name: The permission, e.g. ``can_change_teams``
        :param request: This parameter is ignored and only defined for compatibility reasons.
        :return: bool
        """
        if isinstance(perm_name, (tuple, list)):
            return organizer == self.organizer and any(p in self.permission_set() for p in perm_name)
        return organizer == self.organizer and (not perm_name or perm_name in self.permission_set())
    def get_events_with_any_permission(self):
        """
        Returns a queryset of events the token has any permissions to.
        :return: Iterable of Events
        """
        if self.all_events:
            return self.organizer.events.all()
        else:
            return self.limit_events.all()
--- a/src/pretix/base/models/event.py
+++ b/src/pretix/base/models/event.py
@@ -227,9 +227,10 @@ class Event(EventMixin, LoggedModel):
                                   verbose_name=_("Event end time"))
    date_admission = models.DateTimeField(null=True, blank=True,
                                          verbose_name=_("Admission time"))
-    is_public = models.BooleanField(default=True,
+    is_public = models.BooleanField(default=False,
-                                    verbose_name=_("Show in lists"),
+                                    verbose_name=_("Visible in public lists"),
-                                    help_text=_("If selected, this event will show up publicly on the list of events for your organizer account."))
+                                    help_text=_("If selected, this event may show up on the ticket system's start page "
                                                "or an organization profile."))
    presale_end = models.DateTimeField(
        null=True, blank=True,
        verbose_name=_("End of presale"),
@@ -275,24 +276,12 @@ class Event(EventMixin, LoggedModel):
        else:
            return super().presale_has_ended
    def delete_all_orders(self, really=False):
        from .orders import OrderRefund, OrderPayment, OrderPosition, OrderFee
        if not really:
            raise TypeError("Pass really=True as a parameter.")
        OrderPosition.objects.filter(order__event=self).delete()
        OrderFee.objects.filter(order__event=self).delete()
        OrderPayment.objects.filter(order__event=self).delete()
        OrderRefund.objects.filter(order__event=self).delete()
        self.orders.all().delete()
    def save(self, *args, **kwargs):
        obj = super().save(*args, **kwargs)
        self.cache.clear()
        return obj
-    def get_plugins(self):
+    def get_plugins(self) -> "list[str]":
        """
        Returns the names of the plugins activated for this event as a list.
        """
@@ -300,7 +289,7 @@ class Event(EventMixin, LoggedModel):
            return []
        return self.plugins.split(",")
-    def get_cache(self):
+    def get_cache(self) -> "pretix.base.cache.ObjectRelatedCache":
        """
        Returns an :py:class:`ObjectRelatedCache` object. This behaves equivalent to
        Django's built-in cache backends, but puts you into an isolated environment for
--- a/src/pretix/base/models/fields.py
+++ b/src/pretix/base/models/fields.py
@@ -1,94 +0,0 @@
 from django.core import exceptions
 from django.db.models import TextField, lookups as builtin_lookups
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 from rest_framework.exceptions import ValidationError
 DELIMITER = "\x1F"
 class MultiStringField(TextField):
    default_error_messages = {
        'delimiter_found': _('No value can contain the delimiter character.')
    }
    def __init__(self, verbose_name=None, name=None, **kwargs):
        super().__init__(verbose_name, name, **kwargs)
    def deconstruct(self):
        name, path, args, kwargs = super().deconstruct()
        return name, path, args, kwargs
    def to_python(self, value):
        if isinstance(value, (list, tuple)):
            return value
        elif value:
            return [v for v in value.split(DELIMITER) if v]
        else:
            return []
    def get_prep_value(self, value):
        if isinstance(value, (list, tuple)):
            return DELIMITER + DELIMITER.join(value) + DELIMITER
        elif value is None:
            return ""
        raise TypeError("Invalid data type passed.")
    def get_prep_lookup(self, lookup_type, value):  # NOQA
        raise TypeError('Lookups on multi strings are currently not supported.')
    def from_db_value(self, value, expression, connection, context):
        if value:
            return [v for v in value.split(DELIMITER) if v]
        else:
            return []
    def validate(self, value, model_instance):
        super().validate(value, model_instance)
        for l in value:
            if DELIMITER in l:
                raise exceptions.ValidationError(
                    self.error_messages['delimiter_found'],
                    code='delimiter_found',
                )
    def get_lookup(self, lookup_name):
        if lookup_name == 'contains':
            return MultiStringContains
        elif lookup_name == 'icontains':
            return MultiStringIContains
        raise NotImplementedError(
            "Lookup '{}' doesn't work with MultiStringField".format(lookup_name),
        )
 class MultiStringContains(builtin_lookups.Contains):
    def process_rhs(self, qn, connection):
        sql, params = super().process_rhs(qn, connection)
        params[0] = "%" + DELIMITER + params[0][1:-1] + DELIMITER + "%"
        return sql, params
 class MultiStringIContains(builtin_lookups.IContains):
    def process_rhs(self, qn, connection):
        sql, params = super().process_rhs(qn, connection)
        params[0] = "%" + DELIMITER + params[0][1:-1] + DELIMITER + "%"
        return sql, params
 class MultiStringSerializer(serializers.Field):
    def __init__(self, **kwargs):
        self.allow_blank = kwargs.pop('allow_blank', False)
        super().__init__(**kwargs)
    def to_representation(self, value):
        return value
    def to_internal_value(self, data):
        if isinstance(data, list):
            return data
        else:
            raise ValidationError('Invalid data type.')
 serializers.ModelSerializer.serializer_field_mapping[MultiStringField] = MultiStringSerializer
--- a/src/pretix/base/models/invoices.py
+++ b/src/pretix/base/models/invoices.py
@@ -2,13 +2,9 @@ import string
 from decimal import Decimal
 from django.db import DatabaseError, models, transaction
 from django.db.models import Max
 from django.db.models.functions import Cast
 from django.utils import timezone
 from django.utils.crypto import get_random_string
 from django.utils.functional import cached_property
 from django.utils.translation import pgettext
 from django_countries.fields import CountryField
 def invoice_filename(instance, filename: str) -> str:
@@ -77,25 +73,11 @@ class Invoice(models.Model):
    is_cancellation = models.BooleanField(default=False)
    refers = models.ForeignKey('Invoice', related_name='refered', null=True, blank=True, on_delete=models.CASCADE)
    invoice_from = models.TextField()
    invoice_from_name = models.CharField(max_length=190, null=True)
    invoice_from_zipcode = models.CharField(max_length=190, null=True)
    invoice_from_city = models.CharField(max_length=190, null=True)
    invoice_from_country = CountryField(null=True)
    invoice_from_tax_id = models.CharField(max_length=190, null=True)
    invoice_from_vat_id = models.CharField(max_length=190, null=True)
    invoice_to = models.TextField()
    invoice_to_company = models.TextField(null=True)
    invoice_to_name = models.TextField(null=True)
    invoice_to_street = models.TextField(null=True)
    invoice_to_zipcode = models.CharField(max_length=190, null=True)
    invoice_to_city = models.TextField(null=True)
    invoice_to_country = CountryField(null=True)
    invoice_to_vat_id = models.TextField(null=True)
    date = models.DateField(default=today)
    locale = models.CharField(max_length=50, default='en')
    introductory_text = models.TextField(blank=True)
    additional_text = models.TextField(blank=True)
    reverse_charge = models.BooleanField(default=False)
    payment_provider_text = models.TextField(blank=True)
    footer_text = models.TextField(blank=True)
    foreign_currency_display = models.CharField(max_length=50, null=True, blank=True)
@@ -110,28 +92,12 @@ class Invoice(models.Model):
    def _to_numeric_invoice_number(number):
        return '{:05d}'.format(int(number))
    @property
    def full_invoice_from(self):
        parts = [
            self.invoice_from_name,
            self.invoice_from,
            (self.invoice_from_zipcode or "") + " " + (self.invoice_from_city or ""),
            str(self.invoice_from_country),
            pgettext("invoice", "VAT-ID: %s" % self.invoice_from_vat_id) if self.invoice_from_vat_id else "",
            pgettext("invoice", "Tax ID: %s" % self.invoice_from_tax_id) if self.invoice_from_tax_id else "",
        ]
        return '\n'.join([p.strip() for p in parts if p and p.strip()])
    def _get_numeric_invoice_number(self):
        numeric_invoices = Invoice.objects.filter(
            event__organizer=self.event.organizer,
            prefix=self.prefix,
-        ).exclude(invoice_no__contains='-').annotate(
+        ).exclude(invoice_no__contains='-')
-            numeric_number=Cast('invoice_no', models.IntegerField())
+        return self._to_numeric_invoice_number(numeric_invoices.count() + 1)
        ).aggregate(
            max=Max('numeric_number')
        )['max'] or 0
        return self._to_numeric_invoice_number(numeric_invoices + 1)
    def _get_invoice_number_from_order(self):
        return '{order}-{count}'.format(
@@ -189,7 +155,7 @@ class Invoice(models.Model):
    class Meta:
        unique_together = ('organizer', 'prefix', 'invoice_no')
-        ordering = ('date', 'invoice_no',)
+        ordering = ('invoice_no',)
 class InvoiceLine(models.Model):
--- a/src/pretix/base/models/items.py
+++ b/src/pretix/base/models/items.py
@@ -17,7 +17,6 @@ from django.utils.timezone import is_naive, make_aware, now
 from django.utils.translation import pgettext_lazy, ugettext_lazy as _
 from i18nfield.fields import I18nCharField, I18nTextField
 from pretix.base.models import fields
 from pretix.base.models.base import LoggedModel
 from pretix.base.models.tax import TaxedPrice
@@ -196,8 +195,6 @@ class Item(LoggedModel):
    :type original_price: decimal.Decimal
    :param require_approval: If set to ``True``, orders containing this product can only be processed and paid after approved by an administrator
    :type require_approval: bool
    :param sales_channels: Sales channels this item is available on.
    :type sales_channels: bool
    """
    event = models.ForeignKey(
@@ -332,10 +329,6 @@ class Item(LoggedModel):
        help_text=_('If set, this will be displayed next to the current price to show that the current price is a '
                    'discounted one. This is just a cosmetic setting and will not actually impact pricing.')
    )
    sales_channels = fields.MultiStringField(
        verbose_name=_('Sales channels'),
        default=['web']
    )
    # !!! Attention: If you add new fields here, also add them to the copying code in
    # pretix/control/forms/item.py if applicable.
@@ -364,21 +357,17 @@ class Item(LoggedModel):
                              rate=Decimal('0.00'), name='')
        return self.tax_rule.tax(price, base_price_is=base_price_is)
    def is_available_by_time(self, now_dt: datetime=None) -> bool:
        now_dt = now_dt or now()
        if self.available_from and self.available_from > now_dt:
            return False
        if self.available_until and self.available_until < now_dt:
            return False
        return True
    def is_available(self, now_dt: datetime=None) -> bool:
        """
        Returns whether this item is available according to its ``active`` flag
        and its ``available_from`` and ``available_until`` fields
        """
        now_dt = now_dt or now()
-        if not self.active or not self.is_available_by_time(now_dt):
+        if not self.active:
            return False
        if self.available_from and self.available_from > now_dt:
            return False
        if self.available_until and self.available_until < now_dt:
            return False
        return True
@@ -414,9 +403,12 @@ class Item(LoggedModel):
                   key=lambda s: (s[0], s[1] if s[1] is not None else sys.maxsize))
    def allow_delete(self):
-        from pretix.base.models.orders import OrderPosition
+        from pretix.base.models.orders import CartPosition, OrderPosition
-        return not OrderPosition.objects.filter(item=self).exists()
+        return (
            not OrderPosition.objects.filter(item=self).exists()
            and not CartPosition.objects.filter(item=self).exists()
        )
    @cached_property
    def has_variations(self):
@@ -761,7 +753,7 @@ class Question(LoggedModel):
    @staticmethod
    def _clean_identifier(event, code, instance=None):
-        qs = Question.objects.filter(event=event, identifier__iexact=code)
+        qs = Question.objects.filter(event=event, identifier=code)
        if instance:
            qs = qs.exclude(pk=instance.pk)
        if qs.exists():
--- a/src/pretix/base/models/log.py
+++ b/src/pretix/base/models/log.py
@@ -41,7 +41,6 @@ class LogEntry(models.Model):
    datetime = models.DateTimeField(auto_now_add=True, db_index=True)
    user = models.ForeignKey('User', null=True, blank=True, on_delete=models.PROTECT)
    api_token = models.ForeignKey('TeamAPIToken', null=True, blank=True, on_delete=models.PROTECT)
    device = models.ForeignKey('Device', null=True, blank=True, on_delete=models.PROTECT)
    oauth_application = models.ForeignKey('pretixapi.OAuthApplication', null=True, blank=True, on_delete=models.PROTECT)
    event = models.ForeignKey('Event', null=True, blank=True, on_delete=models.SET_NULL)
    action_type = models.CharField(max_length=255)
@@ -63,16 +62,6 @@ class LogEntry(models.Model):
                return response
        return self.action_type
    @cached_property
    def organizer(self):
        if self.event:
            return self.event.organizer
        elif hasattr(self.content_object, 'event'):
            return self.content_object.event.organizer
        elif hasattr(self.content_object, 'organizer'):
            return self.content_object.organizer
        return None
    @cached_property
    def display_object(self):
        from . import Order, Voucher, Quota, Item, ItemCategory, Question, Event, TaxRule, SubEvent
--- a/src/pretix/base/models/orders.py
+++ b/src/pretix/base/models/orders.py
@@ -10,6 +10,7 @@ from typing import Any, Dict, List, Union
 import dateutil
 import pytz
 from django.conf import settings
 from django.contrib import messages
 from django.db import models, transaction
 from django.db.models import (
    Case, Exists, F, Max, OuterRef, Q, Subquery, Sum, Value, When,
@@ -17,6 +18,7 @@ from django.db.models import (
 from django.db.models.functions import Coalesce
 from django.db.models.signals import post_delete
 from django.dispatch import receiver
 from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.crypto import get_random_string
 from django.utils.encoding import escape_uri_path
@@ -26,14 +28,12 @@ from django.utils.timezone import make_aware, now
 from django.utils.translation import pgettext_lazy, ugettext_lazy as _
 from django_countries.fields import CountryField
 from i18nfield.strings import LazyI18nString
 from jsonfallback.fields import FallbackJSONField
 from pretix.base.i18n import language
 from pretix.base.models import User
 from pretix.base.reldate import RelativeDateWrapper
 from pretix.base.settings import PERSON_NAME_SCHEMES
-from .base import LockModel, LoggedModel
+from .base import LoggedModel
 from .event import Event, SubEvent
 from .items import Item, ItemVariation, Question, QuestionOption, Quota
@@ -49,7 +49,7 @@ def generate_position_secret():
    return get_random_string(length=settings.ENTROPY['ticket_secret'], allowed_chars='abcdefghjkmnpqrstuvwxyz23456789')
-class Order(LockModel, LoggedModel):
+class Order(LoggedModel):
    """
    An order is created when a user clicks 'buy' on his cart. It holds
    several OrderPositions and is connected to a user. It has an
@@ -94,8 +94,6 @@ class Order(LockModel, LoggedModel):
    :type require_approval: bool
    :param meta_info: Additional meta information on the order, JSON-encoded.
    :type meta_info: str
    :param sales_channel: Identifier of the sales channel this order was created through.
    :type sales_channel: str
    """
    STATUS_PENDING = "n"
@@ -176,7 +174,6 @@ class Order(LockModel, LoggedModel):
    require_approval = models.BooleanField(
        default=False
    )
    sales_channel = models.CharField(max_length=190, default="web")
    class Meta:
        verbose_name = _("Order")
@@ -425,20 +422,6 @@ class Order(LockModel, LoggedModel):
                dl_date = dl_date.datetime(self.event)
        return dl_date
    @property
    def ticket_download_available(self):
        return self.event.settings.ticket_download and (
            self.event.settings.ticket_download_date is None
            or now() > self.ticket_download_date
        ) and (
            self.status == Order.STATUS_PAID
            or (
                (self.event.settings.ticket_download_pending or self.total == Decimal("0.00")) and
                self.status == Order.STATUS_PENDING and
                not self.require_approval
            )
        )
    @property
    def payment_term_last(self):
        tz = pytz.timezone(self.event.settings.timezone)
@@ -461,7 +444,7 @@ class Order(LockModel, LoggedModel):
        error_messages = {
            'late_lastdate': _("The payment can not be accepted as the last date of payments configured in the "
                               "payment settings is over."),
-            'late': _("The payment can not be accepted as the order is expired and you configured that no late "
+            'late': _("The payment can not be accepted as it the order is expired and you configured that no late "
                      "payments should be accepted in the payment settings."),
            'require_approval': _('This order is not yet approved by the event organizer.')
        }
@@ -479,6 +462,47 @@ class Order(LockModel, LoggedModel):
        return self._is_still_available(count_waitinglist=count_waitinglist)
    def regenerate_secrets(self, user=None):
        self.secret = generate_secret()
        for op in self.positions.all():
            op.secret = generate_position_secret()
            op.save(update_fields=['secret'])
        CachedTicket.objects.filter(order_position__order=self).delete()
        CachedCombinedTicket.objects.filter(order=self).delete()
        self.log_action('pretix.event.order.secret.changed', user=user)
        self.save(update_fields=['secret'])
    def resend_link(self, user=None):
        from pretix.base.services.mail import SendMailException
        from pretix.multidomain.urlreverse import build_absolute_uri
        with language(self.locale):
            try:
                try:
                    invoice_name = self.invoice_address.name
                    invoice_company = self.invoice_address.company
                except InvoiceAddress.DoesNotExist:
                    invoice_name = ""
                    invoice_company = ""
                email_template = self.event.settings.mail_text_resend_link
                email_context = {
                    'event': self.event.name,
                    'url': build_absolute_uri(self.event, 'presale:event.order', kwargs={
                        'order': self.code,
                        'secret': self.secret
                    }),
                    'invoice_name': invoice_name,
                    'invoice_company': invoice_company,
                }
                email_subject = _('Your order: %(code)s') % {'code': self.code}
                self.send_mail(
                    email_subject, email_template, email_context,
                    'pretix.event.order.email.resend', user=user
                )
            except SendMailException:
                messages.error(self.request, _('There was an error sending the mail. Please try again later.'))
                return redirect(self.get_order_url())
    def _is_still_available(self, now_dt: datetime=None, count_waitinglist=True) -> Union[bool, str]:
        error_messages = {
            'unavailable': _('The ordered product "{item}" is no longer available.'),
@@ -515,7 +539,7 @@ class Order(LockModel, LoggedModel):
    def send_mail(self, subject: str, template: Union[str, LazyI18nString],
                  context: Dict[str, Any]=None, log_entry_type: str='pretix.event.order.email.sent',
                  user: User=None, headers: dict=None, sender: str=None, invoices: list=None,
-                  auth=None, attach_tickets=False):
+                  auth=None):
        """
        Sends an email to the user that placed this order. Basically, this method does two things:
@@ -531,7 +555,6 @@ class Order(LockModel, LoggedModel):
        :param user: Administrative user who triggered this mail to be sent
        :param headers: Dictionary with additional mail headers
        :param sender: Custom email sender.
        :param attach_tickets: Attach tickets of this order, if they are existing and ready to download
        """
        from pretix.base.services.mail import SendMailException, mail, render_mail
@@ -545,7 +568,7 @@ class Order(LockModel, LoggedModel):
                mail(
                    recipient, subject, template, context,
                    self.event, self.locale, self, headers, sender,
-                    invoices=invoices, attach_tickets=attach_tickets
+                    invoices=invoices
                )
            except SendMailException:
                raise
@@ -558,8 +581,7 @@ class Order(LockModel, LoggedModel):
                        'subject': subject,
                        'message': email_content,
                        'recipient': recipient,
-                        'invoices': [i.pk for i in invoices] if invoices else [],
+                        'invoices': [i.pk for i in invoices] if invoices else []
                        'attach_tickets': attach_tickets,
                    }
                )
@@ -705,10 +727,8 @@ class AbstractPosition(models.Model):
    :type expires: datetime
    :param price: The price of this item
    :type price: decimal.Decimal
-    :param attendee_name_parts: The parts of the attendee's name, if entered.
+    :param attendee_name: The attendee's name, if entered.
-    :type attendee_name_parts: str
+    :type attendee_name: str
    :param attendee_name_cached: The concatenated version of the attendee's name, if entered.
    :type attendee_name_cached: str
    :param attendee_email: The attendee's email, if entered.
    :type attendee_email: str
    :param voucher: A voucher that has been applied to this sale
@@ -719,7 +739,7 @@ class AbstractPosition(models.Model):
    subevent = models.ForeignKey(
        SubEvent,
        null=True, blank=True,
-        on_delete=models.PROTECT,
+        on_delete=models.CASCADE,
        verbose_name=pgettext_lazy("subevent", "Date"),
    )
    item = models.ForeignKey(
@@ -737,25 +757,22 @@ class AbstractPosition(models.Model):
        decimal_places=2, max_digits=10,
        verbose_name=_("Price")
    )
-    attendee_name_cached = models.CharField(
+    attendee_name = models.CharField(
        max_length=255,
        verbose_name=_("Attendee name"),
        blank=True, null=True,
        help_text=_("Empty, if this product is not an admission ticket")
    )
    attendee_name_parts = FallbackJSONField(
        blank=True, default=dict
    )
    attendee_email = models.EmailField(
        verbose_name=_("Attendee email"),
        blank=True, null=True,
        help_text=_("Empty, if this product is not an admission ticket")
    )
    voucher = models.ForeignKey(
-        'Voucher', null=True, blank=True, on_delete=models.PROTECT
+        'Voucher', null=True, blank=True, on_delete=models.CASCADE
    )
    addon_to = models.ForeignKey(
-        'self', null=True, blank=True, on_delete=models.PROTECT, related_name='addons'
+        'self', null=True, blank=True, on_delete=models.CASCADE, related_name='addons'
    )
    meta_info = models.TextField(
        verbose_name=_("Meta information"),
@@ -808,24 +825,6 @@ class AbstractPosition(models.Model):
                if self.variation is None
                else self.variation.quotas.filter(subevent=self.subevent))
    def save(self, *args, **kwargs):
        self.attendee_name_cached = self.attendee_name
        if self.attendee_name_parts is None:
            self.attendee_name_parts = {}
        super().save(*args, **kwargs)
    @property
    def attendee_name(self):
        if not self.attendee_name_parts:
            return None
        if '_legacy' in self.attendee_name_parts:
            return self.attendee_name_parts['_legacy']
        if '_scheme' in self.attendee_name_parts:
            scheme = PERSON_NAME_SCHEMES[self.attendee_name_parts['_scheme']]
        else:
            scheme = PERSON_NAME_SCHEMES[self.event.settings.name_scheme]
        return scheme['concatenation'](self.attendee_name_parts).strip()
 class OrderPayment(models.Model):
    """
@@ -926,25 +925,6 @@ class OrderPayment(models.Model):
        """
        return self.order.event.get_payment_providers().get(self.provider)
    def _mark_paid(self, force, count_waitinglist, user, auth):
        from pretix.base.signals import order_paid
        can_be_paid = self.order._can_be_paid(count_waitinglist=count_waitinglist)
        if not force and can_be_paid is not True:
            self.order.log_action('pretix.event.order.quotaexceeded', {
                'message': can_be_paid
            }, user=user, auth=auth)
            raise Quota.QuotaExceededException(can_be_paid)
        self.order.status = Order.STATUS_PAID
        self.order.save(update_fields=['status'])
        self.order.log_action('pretix.event.order.paid', {
            'provider': self.provider,
            'info': self.info,
            'date': self.payment_date,
            'force': force
        }, user=user, auth=auth)
        order_paid.send(self.order.event, order=self.order)
    def confirm(self, count_waitinglist=True, send_mail=True, force=False, user=None, auth=None, mail_text=''):
        """
        Marks the payment as complete. If possible, this also marks the order as paid if no further
@@ -964,6 +944,7 @@ class OrderPayment(models.Model):
        :type mail_text: str
        :raises Quota.QuotaExceededException: if the quota is exceeded and ``force`` is ``False``
        """
        from pretix.base.signals import order_paid
        from pretix.base.services.invoices import generate_invoice, invoice_qualified
        from pretix.base.services.mail import SendMailException
        from pretix.multidomain.urlreverse import build_absolute_uri
@@ -990,14 +971,20 @@ class OrderPayment(models.Model):
        if payment_sum - refund_sum < self.order.total:
            return
-        if self.order.status == Order.STATUS_PENDING and self.order.expires > now() + timedelta(hours=12):
+        with self.order.event.lock():
-            # Performance optimization. In this case, there's really no reason to lock everything and an atomic
+            can_be_paid = self.order._can_be_paid(count_waitinglist=count_waitinglist)
-            # database transaction is more than enough.
+            if not force and can_be_paid is not True:
-            with transaction.atomic():
+                raise Quota.QuotaExceededException(can_be_paid)
-                self._mark_paid(force, count_waitinglist, user, auth)
+            self.order.status = Order.STATUS_PAID
-        else:
+            self.order.save()
-            with self.order.event.lock():
+
-                self._mark_paid(force, count_waitinglist, user, auth)
+            self.order.log_action('pretix.event.order.paid', {
                'provider': self.provider,
                'info': self.info,
                'date': self.payment_date,
                'force': force
            }, user=user, auth=auth)
            order_paid.send(self.order.event, order=self.order)
        invoice = None
        if invoice_qualified(self.order):
@@ -1038,8 +1025,7 @@ class OrderPayment(models.Model):
                    self.order.send_mail(
                        email_subject, email_template, email_context,
                        'pretix.event.order.email.order_paid', user,
-                        invoices=[invoice] if invoice and self.order.event.settings.invoice_email_attachment else [],
+                        invoices=[invoice] if invoice and self.order.event.settings.invoice_email_attachment else []
                        attach_tickets=True
                    )
                except SendMailException:
                    logger.exception('Order paid email could not be sent')
@@ -1453,7 +1439,6 @@ class OrderPosition(AbstractPosition):
        # Delete afterwards. Deleting in between might cause deletion of things related to add-ons
        # due to the deletion cascade.
        for cartpos in cp:
            cartpos.addons.all().delete()
            cartpos.delete()
        return ops
@@ -1512,10 +1497,6 @@ class OrderPosition(AbstractPosition):
                self.pseudonymization_id = code
                return
    @property
    def event(self):
        return self.order.event
 class CartPosition(AbstractPosition):
    """
@@ -1581,8 +1562,7 @@ class InvoiceAddress(models.Model):
    order = models.OneToOneField(Order, null=True, blank=True, related_name='invoice_address', on_delete=models.CASCADE)
    is_business = models.BooleanField(default=False, verbose_name=_('Business customer'))
    company = models.CharField(max_length=255, blank=True, verbose_name=_('Company name'))
-    name_cached = models.CharField(max_length=255, verbose_name=_('Full name'), blank=True)
+    name = models.CharField(max_length=255, verbose_name=_('Full name'), blank=True)
    name_parts = FallbackJSONField(default=dict)
    street = models.TextField(verbose_name=_('Address'), blank=False)
    zipcode = models.CharField(max_length=30, verbose_name=_('ZIP code'), blank=False)
    city = models.CharField(max_length=255, verbose_name=_('City'), blank=False)
@@ -1600,26 +1580,8 @@ class InvoiceAddress(models.Model):
    def save(self, **kwargs):
        if self.order:
            self.order.touch()
        if self.name_parts:
            self.name_cached = self.name
        else:
            self.name_cached = ""
            self.name_parts = {}
        super().save(**kwargs)
    @property
    def name(self):
        if not self.name_parts:
            return ""
        if '_legacy' in self.name_parts:
            return self.name_parts['_legacy']
        if '_scheme' in self.name_parts:
            scheme = PERSON_NAME_SCHEMES[self.name_parts['_scheme']]
        else:
            raise TypeError("Invalid name given.")
        return scheme['concatenation'](self.name_parts).strip()
 def cachedticket_name(instance, filename: str) -> str:
    secret = get_random_string(length=16, allowed_chars=string.ascii_letters + string.digits)
--- a/src/pretix/base/models/organizer.py
+++ b/src/pretix/base/models/organizer.py
@@ -58,7 +58,7 @@ class Organizer(LoggedModel):
        self.get_cache().clear()
        return obj
-    def get_cache(self):
+    def get_cache(self) -> "pretix.base.cache.ObjectRelatedCache":
        """
        Returns an :py:class:`ObjectRelatedCache` object. This behaves equivalent to
        Django's built-in cache backends, but puts you into an isolated environment for
@@ -82,20 +82,6 @@ class Organizer(LoggedModel):
        return ObjectRelatedCache(self)
    def allow_delete(self):
        from . import Order, Invoice
        return (
            not Order.objects.filter(event__organizer=self).exists() and
            not Invoice.objects.filter(event__organizer=self).exists() and
            not self.devices.exists()
        )
    def delete_sub_objects(self):
        for e in self.events.all():
            e.delete_sub_objects()
            e.delete()
        self.teams.all().delete()
 def generate_invite_token():
    return get_random_string(length=32, allowed_chars=string.ascii_lowercase + string.digits)
--- a/src/pretix/base/models/vouchers.py
+++ b/src/pretix/base/models/vouchers.py
@@ -240,8 +240,6 @@ class Voucher(LoggedModel):
    def clean_quota_needs_checking(data, old_instance, item_changed, creating):
        # We only need to check for quota on vouchers that are now blocking quota and haven't
        # before (or have blocked a different quota before)
        if data.get('allow_ignore_quota', False):
            return False
        if data.get('block_quota', False):
            is_valid = data.get('valid_until') is None or data.get('valid_until') >= now()
            if not is_valid:
--- a/src/pretix/base/notifications.py
+++ b/src/pretix/base/notifications.py
@@ -193,12 +193,6 @@ def register_default_notification_types(sender, **kwargs):
            _('New order placed'),
            _('A new order has been placed: {order.code}'),
        ),
        ParametrizedOrderNotificationType(
            sender,
            'pretix.event.order.placed.require_approval',
            _('New order requires approval'),
            _('A new order has been placed that requires approval: {order.code}'),
        ),
        ParametrizedOrderNotificationType(
            sender,
            'pretix.event.order.paid',
@@ -231,7 +225,7 @@ def register_default_notification_types(sender, **kwargs):
        ),
        ParametrizedOrderNotificationType(
            sender,
-            'pretix.event.order.changed.*',
+            'pretix.event.order.changed',
            _('Order changed'),
            _('Order {order.code} has been changed.')
        ),
--- a/src/pretix/base/payment.py
+++ b/src/pretix/base/payment.py
@@ -14,14 +14,12 @@ from django.http import HttpRequest
 from django.template.loader import get_template
 from django.utils.timezone import now
 from django.utils.translation import pgettext_lazy, ugettext_lazy as _
 from django_countries import Countries
 from i18nfield.forms import I18nFormField, I18nTextarea, I18nTextInput
 from i18nfield.strings import LazyI18nString
 from pretix.base.forms import PlaceholderValidator
 from pretix.base.models import (
-    CartPosition, Event, InvoiceAddress, Order, OrderPayment, OrderRefund,
+    CartPosition, Event, Order, OrderPayment, OrderRefund, Quota,
    Quota,
 )
 from pretix.base.reldate import RelativeDateField, RelativeDateWrapper
 from pretix.base.settings import SettingsSandbox
@@ -30,7 +28,7 @@ from pretix.base.templatetags.money import money_filter
 from pretix.base.templatetags.rich_text import rich_text
 from pretix.helpers.money import DecimalTextInput
 from pretix.presale.views import get_cart_total
-from pretix.presale.views.cart import cart_session, get_or_create_cart_id
+from pretix.presale.views.cart import get_or_create_cart_id
 logger = logging.getLogger(__name__)
@@ -181,7 +179,7 @@ class BasePaymentProvider:
                     implementation.
        """
        places = settings.CURRENCY_PLACES.get(self.event.currency, 2)
-        d = OrderedDict([
+        return OrderedDict([
            ('_enabled',
             forms.BooleanField(
                 label=_('Enable payment method'),
@@ -252,31 +250,7 @@ class BasePaymentProvider:
                             'above!').format(docs_url='https://docs.pretix.eu/en/latest/user/payments/fees.html'),
                 required=False
             )),
            ('_restricted_countries',
             forms.MultipleChoiceField(
                 label=_('Restrict to countries'),
                 choices=Countries(),
                 help_text=_('Only allow choosing this payment provider for invoice addresses in the selected '
                             'countries. If you don\'t select any country, all countries are allowed. This is only '
                             'enabled if the invoice address is required.'),
                 widget=forms.CheckboxSelectMultiple(
                     attrs={'class': 'scrolling-multiple-choice'}
                 ),
                 required=False,
                 disabled=not self.event.settings.invoice_address_required
             )),
        ])
        d['_restricted_countries']._as_type = list
        return d
    def settings_form_clean(self, cleaned_data):
        """
        Overriding this method allows you to inject custom validation into the settings form.
        :param cleaned_data: Form data as per previous validations.
        :return: Please return the modified cleaned_data
        """
        return cleaned_data
    def settings_content_render(self, request: HttpRequest) -> str:
        """
@@ -376,8 +350,7 @@ class BasePaymentProvider:
        during checkout, not on retrying.
        The default implementation checks for the _availability_date setting to be either unset or in the future
-        and for the _total_max and _total_min requirements to be met. It also checks the ``_restrict_countries``
+        and for the _total_max and _total_min requirements to be met.
        setting.
        :param total: The total value without the payment method fee, after taxes.
@@ -398,26 +371,6 @@ class BasePaymentProvider:
        if self.settings._total_min is not None:
            pricing = pricing and total >= Decimal(self.settings._total_min)
        def get_invoice_address():
            if not hasattr(request, '_checkout_flow_invoice_address'):
                cs = cart_session(request)
                iapk = cs.get('invoice_address')
                if not iapk:
                    request._checkout_flow_invoice_address = InvoiceAddress()
                else:
                    try:
                        request._checkout_flow_invoice_address = InvoiceAddress.objects.get(pk=iapk, order__isnull=True)
                    except InvoiceAddress.DoesNotExist:
                        request._checkout_flow_invoice_address = InvoiceAddress()
            return request._checkout_flow_invoice_address
        if self.event.settings.invoice_address_required:
            restricted_countries = self.settings.get('_restricted_countries', as_type=list)
            if restricted_countries:
                ia = get_invoice_address()
                if str(ia.country) not in restricted_countries:
                    return False
        return timing and pricing
    def payment_form_render(self, request: HttpRequest, total: Decimal) -> str:
@@ -550,8 +503,7 @@ class BasePaymentProvider:
        Will be called to check whether it is allowed to change the payment method of
        an order to this one.
-        The default implementation checks for the _availability_date setting to be either unset or in the future,
+        The default implementation checks for the _availability_date setting to be either unset or in the future.
        as well as for the _total_max, _total_min and _restricted_countries settings.
        :param order: The order object
        """
@@ -562,16 +514,6 @@ class BasePaymentProvider:
        if self.settings._total_min is not None and ps < Decimal(self.settings._total_min):
            return False
        restricted_countries = self.settings.get('_restricted_countries', as_type=list)
        if restricted_countries:
            try:
                ia = order.invoice_address
            except InvoiceAddress.DoesNotExist:
                return True
            else:
                if str(ia.country) not in restricted_countries:
                    return False
        return self._is_still_available(order=order)
    def payment_prepare(self, request: HttpRequest, payment: OrderPayment) -> Union[bool, str]:
--- a/src/pretix/base/pdf.py
+++ b/src/pretix/base/pdf.py
@@ -1,18 +1,12 @@
 import copy
 import logging
 import os
 import re
 import subprocess
 import tempfile
 import uuid
 from collections import OrderedDict
 from functools import partial
 from io import BytesIO
 import bleach
 from django.conf import settings
 from django.contrib.staticfiles import finders
 from django.dispatch import receiver
 from django.utils.formats import date_format
 from django.utils.translation import ugettext_lazy as _
 from PyPDF2 import PdfFileReader
@@ -31,8 +25,7 @@ from reportlab.pdfgen.canvas import Canvas
 from reportlab.platypus import Paragraph
 from pretix.base.invoice import ThumbnailingImageReader
-from pretix.base.models import Order, OrderPosition, QuestionAnswer
+from pretix.base.models import Order, OrderPosition
 from pretix.base.settings import PERSON_NAME_SCHEMES
 from pretix.base.signals import layout_text_variables
 from pretix.base.templatetags.money import money_filter
 from pretix.presale.style import get_fonts
@@ -124,14 +117,6 @@ DEFAULT_VARIABLES = OrderedDict((
            "SHORT_DATETIME_FORMAT"
        ) if ev.date_to else ""
    }),
    ("event_end_date", {
        "label": _("Event end date"),
        "editor_sample": _("2017-05-31"),
        "evaluate": lambda op, order, ev: date_format(
            ev.date_to.astimezone(timezone(ev.settings.timezone)),
            "SHORT_DATE_FORMAT"
        ) if ev.date_to else ""
    }),
    ("event_end_time", {
        "label": _("Event end time"),
        "editor_sample": _("22:00"),
@@ -162,12 +147,12 @@ DEFAULT_VARIABLES = OrderedDict((
        "evaluate": lambda op, order, ev: str(ev.location).replace("\n", "<br/>\n")
    }),
    ("invoice_name", {
-        "label": _("Invoice address name"),
+        "label": _("Invoice address: name"),
        "editor_sample": _("John Doe"),
        "evaluate": lambda op, order, ev: order.invoice_address.name if getattr(order, 'invoice_address', None) else ''
    }),
    ("invoice_company", {
-        "label": _("Invoice address company"),
+        "label": _("Invoice address: company"),
        "editor_sample": _("Sample company"),
        "evaluate": lambda op, order, ev: order.invoice_address.company if getattr(order, 'invoice_address', None) else ''
    }),
@@ -176,10 +161,7 @@ DEFAULT_VARIABLES = OrderedDict((
        "editor_sample": _("Addon 1\nAddon 2"),
        "evaluate": lambda op, order, ev: "<br/>".join([
            '{} - {}'.format(p.item, p.variation) if p.variation else str(p.item)
-            for p in (
+            for p in op.addons.select_related('item', 'variation')
                op.addons.all() if 'addons' in getattr(op, '_prefetched_objects_cache', {})
                else op.addons.select_related('item', 'variation')
            )
        ])
    }),
    ("organizer", {
@@ -195,54 +177,10 @@ DEFAULT_VARIABLES = OrderedDict((
 ))
@receiver(layout_text_variables, dispatch_uid="pretix_base_layout_text_variables_questions")
 def variables_from_questions(sender, *args, **kwargs):
    def get_answer(op, order, event, question_id):
        try:
            if 'answers' in getattr(op, '_prefetched_objects_cache', {}):
                a = [a for a in op.answers.all() if a.question_id == question_id][0]
            else:
                a = op.answers.get(question_id=question_id)
            return str(a).replace("\n", "<br/>\n")
        except QuestionAnswer.DoesNotExist:
            return ""
        except IndexError:
            return ""
    d = {}
    for q in sender.questions.all():
        d['question_{}'.format(q.pk)] = {
            'label': _('Question: {question}').format(question=q.question),
            'editor_sample': _('<Answer: {question}>').format(question=q.question),
            'evaluate': partial(get_answer, question_id=q.pk)
        }
    return d
 def get_variables(event):
    v = copy.copy(DEFAULT_VARIABLES)
    scheme = PERSON_NAME_SCHEMES[event.settings.name_scheme]
    for key, label, weight in scheme['fields']:
        v['attendee_name_%s' % key] = {
            'label': _("Attendee name: {part}").format(part=label),
            'editor_sample': scheme['sample'][key],
            'evaluate': lambda op, order, ev: op.attendee_name_parts.get(key, '')
        }
    v['invoice_name']['editor_sample'] = scheme['concatenation'](scheme['sample'])
    v['attendee_name']['editor_sample'] = scheme['concatenation'](scheme['sample'])
    for key, label, weight in scheme['fields']:
        v['invoice_name_%s' % key] = {
            'label': _("Invoice address name: {part}").format(part=label),
            'editor_sample': scheme['sample'][key],
            "evaluate": lambda op, order, ev: order.invoice_address.name_parts.get(key, '') if getattr(order, 'invoice_address', None) else ''
        }
    for recv, res in layout_text_variables.send(sender=event):
        v.update(res)
    return v
@@ -253,10 +191,8 @@ class Renderer:
        self.background_file = background_file
        self.variables = get_variables(event)
        if self.background_file:
-            self.bg_bytes = self.background_file.read()
+            self.bg_pdf = PdfFileReader(BytesIO(self.background_file.read()))
            self.bg_pdf = PdfFileReader(BytesIO(self.bg_bytes), strict=False)
        else:
            self.bg_bytes = None
            self.bg_pdf = None
    @classmethod
@@ -277,8 +213,6 @@ class Renderer:
    def _draw_poweredby(self, canvas: Canvas, op: OrderPosition, o: dict):
        content = o.get('content', 'dark')
        if content not in ('dark', 'white'):
            content = 'dark'
        img = finders.find('pretixpresale/pdf/powered_by_pretix_{}.png'.format(content))
        ir = ThumbnailingImageReader(img)
@@ -369,45 +303,24 @@ class Renderer:
                self._draw_textarea(canvas, op, order, o)
            elif o['type'] == "poweredby":
                self._draw_poweredby(canvas, op, o)
            if self.bg_pdf:
                canvas.setPageSize((self.bg_pdf.getPage(0).mediaBox[2], self.bg_pdf.getPage(0).mediaBox[3]))
        canvas.showPage()
    def render_background(self, buffer, title=_('Ticket')):
-        if settings.PDFTK:
+        from PyPDF2 import PdfFileWriter, PdfFileReader
-            buffer.seek(0)
+        buffer.seek(0)
-            with tempfile.TemporaryDirectory() as d:
+        new_pdf = PdfFileReader(buffer)
-                with open(os.path.join(d, 'back.pdf'), 'wb') as f:
+        output = PdfFileWriter()
                    f.write(self.bg_bytes)
                with open(os.path.join(d, 'front.pdf'), 'wb') as f:
                    f.write(buffer.read())
                subprocess.run([
                    settings.PDFTK,
                    os.path.join(d, 'front.pdf'),
                    'background',
                    os.path.join(d, 'back.pdf'),
                    'output',
                    os.path.join(d, 'out.pdf'),
                    'compress'
                ], check=True)
                with open(os.path.join(d, 'out.pdf'), 'rb') as f:
                    return BytesIO(f.read())
        else:
            from PyPDF2 import PdfFileWriter, PdfFileReader
            buffer.seek(0)
            new_pdf = PdfFileReader(buffer)
            output = PdfFileWriter()
-            for page in new_pdf.pages:
+        for page in new_pdf.pages:
-                bg_page = copy.copy(self.bg_pdf.getPage(0))
+            bg_page = copy.copy(self.bg_pdf.getPage(0))
-                bg_page.mergePage(page)
+            bg_page.mergePage(page)
-                output.addPage(bg_page)
+            output.addPage(bg_page)
-            output.addMetadata({
+        output.addMetadata({
-                '/Title': str(title),
+            '/Title': str(title),
-                '/Creator': 'pretix',
+            '/Creator': 'pretix',
-            })
+        })
-            outbuffer = BytesIO()
+        outbuffer = BytesIO()
-            output.write(outbuffer)
+        output.write(outbuffer)
-            outbuffer.seek(0)
+        outbuffer.seek(0)
-            return outbuffer
+        return outbuffer
--- a/src/pretix/base/services/cart.py
+++ b/src/pretix/base/services/cart.py
@@ -4,7 +4,6 @@ from decimal import Decimal
 from typing import List, Optional
 from celery.exceptions import MaxRetriesExceededError
 from django.core.exceptions import ValidationError
 from django.db import transaction
 from django.db.models import Q
 from django.dispatch import receiver
@@ -18,11 +17,9 @@ from pretix.base.models import (
 from pretix.base.models.event import SubEvent
 from pretix.base.models.orders import OrderFee
 from pretix.base.models.tax import TAXED_ZERO, TaxedPrice, TaxRule
 from pretix.base.services.checkin import _save_answers
 from pretix.base.services.locking import LockTimeoutException
 from pretix.base.services.pricing import get_price
 from pretix.base.services.tasks import ProfiledTask
 from pretix.base.settings import PERSON_NAME_SCHEMES
 from pretix.base.templatetags.rich_text import rich_text
 from pretix.celery_app import app
 from pretix.presale.signals import (
@@ -102,8 +99,7 @@ class CartManager:
        AddOperation: 30
    }
-    def __init__(self, event: Event, cart_id: str, invoice_address: InvoiceAddress=None, widget_data=None,
+    def __init__(self, event: Event, cart_id: str, invoice_address: InvoiceAddress=None):
                 sales_channel='web'):
        self.event = event
        self.cart_id = cart_id
        self.now_dt = now()
@@ -115,8 +111,6 @@ class CartManager:
        self._variations_cache = {}
        self._expiry = None
        self.invoice_address = invoice_address
        self._widget_data = widget_data or {}
        self._sales_channel = sales_channel
    @property
    def positions(self):
@@ -194,9 +188,6 @@ class CartManager:
            if not op.item.is_available() or (op.variation and not op.variation.active):
                raise CartError(error_messages['unavailable'])
            if self._sales_channel not in op.item.sales_channels:
                raise CartError(error_messages['unavailable'])
            if op.voucher and not op.voucher.applies_to(op.item, op.variation):
                raise CartError(error_messages['voucher_invalid_item'])
@@ -579,7 +570,6 @@ class CartManager:
                if op.position.expires > self.now_dt:
                    for q in op.position.quotas:
                        quotas_ok[q] += 1
                op.position.addons.all().delete()
                op.position.delete()
            elif isinstance(op, self.AddOperation) or isinstance(op, self.ExtendOperation):
@@ -614,37 +604,12 @@ class CartManager:
                if isinstance(op, self.AddOperation):
                    for k in range(available_count):
-                        cp = CartPosition(
+                        new_cart_positions.append(CartPosition(
                            event=self.event, item=op.item, variation=op.variation,
                            price=op.price.gross, expires=self._expiry, cart_id=self.cart_id,
                            voucher=op.voucher, addon_to=op.addon_to if op.addon_to else None,
                            subevent=op.subevent, includes_tax=op.includes_tax
-                        )
+                        ))
                        if self.event.settings.attendee_names_asked:
                            scheme = PERSON_NAME_SCHEMES.get(self.event.settings.name_scheme)
                            if 'attendee-name' in self._widget_data:
                                cp.attendee_name_parts = {'_legacy': self._widget_data['attendee-name']}
                            if any('attendee-name-{}'.format(k.replace('_', '-')) in self._widget_data for k, l, w
                                   in scheme['fields']):
                                cp.attendee_name_parts = {
                                    k: self._widget_data.get('attendee-name-{}'.format(k.replace('_', '-')), '')
                                    for k, l, w in scheme['fields']
                                }
                        if self.event.settings.attendee_emails_asked and 'email' in self._widget_data:
                            cp.attendee_email = self._widget_data.get('email')
                        cp._answers = {}
                        for k, v in self._widget_data.items():
                            if not k.startswith('question-'):
                                continue
                            q = cp.item.questions.filter(ask_during_checkin=False, identifier__iexact=k[9:]).first()
                            if q:
                                try:
                                    cp._answers[q] = q.clean_answer(v)
                                except ValidationError:
                                    pass
                        new_cart_positions.append(cp)
                elif isinstance(op, self.ExtendOperation):
                    if available_count == 1:
                        op.position.expires = self._expiry
@@ -655,11 +620,7 @@ class CartManager:
                    else:
                        raise AssertionError("ExtendOperation cannot affect more than one item")
-        for p in new_cart_positions:
+        CartPosition.objects.bulk_create(new_cart_positions)
            if p._answers:
                p.save()
                _save_answers(p, {}, p._answers)
        CartPosition.objects.bulk_create([p for p in new_cart_positions if not p._answers])
        return err
    def commit(self):
@@ -740,7 +701,7 @@ def get_fees(event, request, total, invoice_address, provider):
@app.task(base=ProfiledTask, bind=True, max_retries=5, default_retry_delay=1, throws=(CartError,))
 def add_items_to_cart(self, event: int, items: List[dict], cart_id: str=None, locale='en',
-                      invoice_address: int=None, widget_data=None, sales_channel='web') -> None:
+                      invoice_address: int=None) -> None:
    """
    Adds a list of items to a user's cart.
    :param event: The event ID in question
@@ -760,8 +721,7 @@ def add_items_to_cart(self, event: int, items: List[dict], cart_id: str=None, lo
        try:
            try:
-                cm = CartManager(event=event, cart_id=cart_id, invoice_address=ia, widget_data=widget_data,
+                cm = CartManager(event=event, cart_id=cart_id, invoice_address=ia)
                                 sales_channel=sales_channel)
                cm.add_new_items(items)
                cm.commit()
            except LockTimeoutException:
@@ -813,7 +773,7 @@ def clear_cart(self, event: int, cart_id: str=None, locale='en') -> None:
@app.task(base=ProfiledTask, bind=True, max_retries=5, default_retry_delay=1, throws=(CartError,))
 def set_cart_addons(self, event: int, addons: List[dict], cart_id: str=None, locale='en',
-                    invoice_address: int=None, sales_channel='web') -> None:
+                    invoice_address: int=None) -> None:
    """
    Removes a list of items from a user's cart.
    :param event: The event ID in question
@@ -831,7 +791,7 @@ def set_cart_addons(self, event: int, addons: List[dict], cart_id: str=None, loc
                pass
        try:
            try:
-                cm = CartManager(event=event, cart_id=cart_id, invoice_address=ia, sales_channel=sales_channel)
+                cm = CartManager(event=event, cart_id=cart_id, invoice_address=ia)
                cm.set_addons(addons)
                cm.commit()
            except LockTimeoutException:
--- a/src/pretix/base/services/checkin.py
+++ b/src/pretix/base/services/checkin.py
@@ -59,8 +59,7 @@ def _save_answers(op, answers, given_answers):
@transaction.atomic
 def perform_checkin(op: OrderPosition, clist: CheckinList, given_answers: dict, force=False,
-                    ignore_unpaid=False, nonce=None, datetime=None, questions_supported=True,
+                    ignore_unpaid=False, nonce=None, datetime=None, questions_supported=True):
                    user=None, auth=None):
    """
    Create a checkin for this particular order position and check-in list. Fails with CheckInError if the check in is
    not valid at this time.
@@ -134,7 +133,7 @@ def perform_checkin(op: OrderPosition, clist: CheckinList, given_answers: dict,
                'forced': op.order.status != Order.STATUS_PAID,
                'datetime': dt,
                'list': clist.pk
-            }, user=user, auth=auth)
+            })
    else:
        if not force:
            raise CheckInError(
@@ -148,4 +147,4 @@ def perform_checkin(op: OrderPosition, clist: CheckinList, given_answers: dict,
            'forced': force,
            'datetime': dt,
            'list': clist.pk
-        }, user=user, auth=auth)
+        })
--- a/src/pretix/base/services/cleanup.py
+++ b/src/pretix/base/services/cleanup.py
@@ -3,17 +3,13 @@ from datetime import timedelta
 from django.dispatch import receiver
 from django.utils.timezone import now
 from pretix.base.models import CachedCombinedTicket, CachedTicket
 from ..models import CachedFile, CartPosition, InvoiceAddress
 from ..signals import periodic_task
@receiver(signal=periodic_task)
 def clean_cart_positions(sender, **kwargs):
-    for cp in CartPosition.objects.filter(expires__lt=now() - timedelta(days=14), addon_to__isnull=False):
+    for cp in CartPosition.objects.filter(expires__lt=now() - timedelta(days=14)):
        cp.delete()
    for cp in CartPosition.objects.filter(expires__lt=now() - timedelta(days=14), addon_to__isnull=True):
        cp.delete()
    for ia in InvoiceAddress.objects.filter(order__isnull=True, last_modified__lt=now() - timedelta(days=14)):
        ia.delete()
@@ -23,15 +19,3 @@ def clean_cart_positions(sender, **kwargs):
 def clean_cached_files(sender, **kwargs):
    for cf in CachedFile.objects.filter(expires__isnull=False, expires__lt=now()):
        cf.delete()
@receiver(signal=periodic_task)
 def clean_cached_tickets(sender, **kwargs):
    for cf in CachedTicket.objects.filter(created__lte=now() - timedelta(days=30)):
        cf.delete()
    for cf in CachedCombinedTicket.objects.filter(created__lte=now() - timedelta(days=30)):
        cf.delete()
    for cf in CachedTicket.objects.filter(created__lte=now() - timedelta(minutes=30), file__isnull=True):
        cf.delete()
    for cf in CachedCombinedTicket.objects.filter(created__lte=now() - timedelta(minutes=30), file__isnull=True):
        cf.delete()
--- a/src/pretix/base/services/invoices.py
+++ b/src/pretix/base/services/invoices.py
@@ -14,7 +14,6 @@ from django.dispatch import receiver
 from django.utils import timezone
 from django.utils.timezone import now
 from django.utils.translation import pgettext, ugettext as _
 from django_countries.fields import Country
 from i18nfield.strings import LazyI18nString
 from pretix.base.i18n import language
@@ -41,20 +40,12 @@ def build_invoice(invoice: Invoice) -> Invoice:
    with language(invoice.locale):
        invoice.invoice_from = invoice.event.settings.get('invoice_address_from')
        invoice.invoice_from_name = invoice.event.settings.get('invoice_address_from_name')
        invoice.invoice_from_zipcode = invoice.event.settings.get('invoice_address_from_zipcode')
        invoice.invoice_from_city = invoice.event.settings.get('invoice_address_from_city')
        invoice.invoice_from_country = invoice.event.settings.get('invoice_address_from_country')
        invoice.invoice_from_tax_id = invoice.event.settings.get('invoice_address_from_tax_id')
        invoice.invoice_from_vat_id = invoice.event.settings.get('invoice_address_from_vat_id')
        introductory = invoice.event.settings.get('invoice_introductory_text', as_type=LazyI18nString)
        additional = invoice.event.settings.get('invoice_additional_text', as_type=LazyI18nString)
        footer = invoice.event.settings.get('invoice_footer_text', as_type=LazyI18nString)
        if open_payment and open_payment.payment_provider:
            payment = open_payment.payment_provider.render_invoice_text(invoice.order)
        elif invoice.order.status == Order.STATUS_PAID:
            payment = pgettext('invoice', 'The payment for this invoice has already been received.')
        else:
            payment = ""
@@ -75,16 +66,8 @@ def build_invoice(invoice: Invoice) -> Invoice:
                country=ia.country.name if ia.country else ia.country_old
            ).strip()
            invoice.internal_reference = ia.internal_reference
            invoice.invoice_to_company = ia.company
            invoice.invoice_to_name = ia.name
            invoice.invoice_to_street = ia.street
            invoice.invoice_to_zipcode = ia.zipcode
            invoice.invoice_to_city = ia.city
            invoice.invoice_to_country = ia.country
            if ia.vat_id:
                invoice.invoice_to += "\n" + pgettext("invoice", "VAT-ID: %s") % ia.vat_id
                invoice.invoice_to_vat_id = ia.vat_id
            cc = str(ia.country)
@@ -155,7 +138,6 @@ def build_invoice(invoice: Invoice) -> Invoice:
                "Reverse Charge: According to Article 194, 196 of Council Directive 2006/112/EEC, VAT liability "
                "rests with the service recipient."
            )
            invoice.reverse_charge = True
            invoice.save()
        offset = len(positions)
@@ -218,10 +200,10 @@ def regenerate_invoice(invoice: Invoice):
 def generate_invoice(order: Order, trigger_pdf=True):
-    locale = order.event.settings.get('invoice_language', order.event.settings.locale)
+    locale = order.event.settings.get('invoice_language')
    if locale:
        if locale == '__user__':
-            locale = order.locale or order.event.settings.locale
+            locale = order.locale
    invoice = Invoice(
        order=order,
@@ -285,12 +267,6 @@ def build_preview_invoice_pdf(event):
            date=timezone.now().date(), locale=locale, organizer=event.organizer
        )
        invoice.invoice_from = event.settings.get('invoice_address_from')
        invoice.invoice_from_name = invoice.event.settings.get('invoice_address_from_name')
        invoice.invoice_from_zipcode = invoice.event.settings.get('invoice_address_from_zipcode')
        invoice.invoice_from_city = invoice.event.settings.get('invoice_address_from_city')
        invoice.invoice_from_country = invoice.event.settings.get('invoice_address_from_country')
        invoice.invoice_from_tax_id = invoice.event.settings.get('invoice_address_from_tax_id')
        invoice.invoice_from_vat_id = invoice.event.settings.get('invoice_address_from_vat_id')
        introductory = event.settings.get('invoice_introductory_text', as_type=LazyI18nString)
        additional = event.settings.get('invoice_additional_text', as_type=LazyI18nString)
@@ -301,15 +277,7 @@ def build_preview_invoice_pdf(event):
        invoice.additional_text = str(additional).replace('\n', '<br />')
        invoice.footer_text = str(footer)
        invoice.payment_provider_text = str(payment).replace('\n', '<br />')
-        invoice.invoice_to_name = _("John Doe")
+        invoice.invoice_to = _("John Doe\n214th Example Street\n012345 Somecity")
        invoice.invoice_to_street = _("214th Example Street")
        invoice.invoice_to_zipcode = _("012345")
        invoice.invoice_to_city = _('Sample city')
        invoice.invoice_to_country = Country('DE')
        invoice.invoice_to = '{}\n{}\n{} {}'.format(
            invoice.invoice_to_name, invoice.invoice_to_street,
            invoice.invoice_to_zipcode, invoice.invoice_to_city
        )
        invoice.file = None
        invoice.save()
        invoice.lines.all().delete()
--- a/src/pretix/base/services/mail.py
+++ b/src/pretix/base/services/mail.py
@@ -14,7 +14,6 @@ from pretix.base.email import ClassicMailRenderer
 from pretix.base.i18n import language
 from pretix.base.models import Event, Invoice, InvoiceAddress, Order
 from pretix.base.services.invoices import invoice_pdf_task
 from pretix.base.services.tickets import get_tickets_for_order
 from pretix.base.signals import email_filter
 from pretix.celery_app import app
 from pretix.multidomain.urlreverse import build_absolute_uri
@@ -36,8 +35,7 @@ class SendMailException(Exception):
 def mail(email: str, subject: str, template: Union[str, LazyI18nString],
         context: Dict[str, Any]=None, event: Event=None, locale: str=None,
-         order: Order=None, headers: dict=None, sender: str=None, invoices: list=None,
+         order: Order=None, headers: dict=None, sender: str=None, invoices: list=None):
         attach_tickets=False):
    """
    Sends out an email to a user. The mail will be sent synchronously or asynchronously depending on the installation.
@@ -67,8 +65,6 @@ def mail(email: str, subject: str, template: Union[str, LazyI18nString],
    :param invoices: A list of invoices to attach to this email.
    :param attach_tickets: Whether to attach tickets to this email, if they are available to download.
    :raises MailOrderException: on obvious, immediate failures. Not raising an exception does not necessarily mean
        that the email has been sent, just that it has been queued by the email backend.
    """
@@ -157,8 +153,7 @@ def mail(email: str, subject: str, template: Union[str, LazyI18nString],
            event=event.id if event else None,
            headers=headers,
            invoices=[i.pk for i in invoices] if invoices else [],
-            order=order.pk if order else None,
+            order=order.pk if order else None
            attach_tickets=attach_tickets
        )
        if invoices:
@@ -173,7 +168,7 @@ def mail(email: str, subject: str, template: Union[str, LazyI18nString],
@app.task
 def mail_send_task(*args, to: List[str], subject: str, body: str, html: str, sender: str,
                   event: int=None, headers: dict=None, bcc: List[str]=None, invoices: List[int]=None,
-                   order: int=None, attach_tickets=False) -> bool:
+                   order: int=None) -> bool:
    email = EmailMultiAlternatives(subject, body, sender, to=to, bcc=bcc, headers=headers)
    if html is not None:
        email.attach_alternative(html, "text/html")
@@ -190,7 +185,6 @@ def mail_send_task(*args, to: List[str], subject: str, body: str, html: str, sen
                except:
                    logger.exception('Could not attach invoice to email')
                    pass
    if event:
        event = Event.objects.get(id=event)
        backend = event.get_mail_backend()
@@ -203,18 +197,6 @@ def mail_send_task(*args, to: List[str], subject: str, body: str, html: str, sen
                order = event.orders.get(pk=order)
            except Order.DoesNotExist:
                order = None
            else:
                if attach_tickets:
                    for name, ct in get_tickets_for_order(order):
                        try:
                            email.attach(
                                name,
                                ct.file.read(),
                                ct.type
                            )
                        except:
                            pass
        email = email_filter.send_chained(event, 'message', message=email, order=order)
    try:
--- a/src/pretix/base/services/notifications.py
+++ b/src/pretix/base/services/notifications.py
@@ -17,15 +17,9 @@ def notify(logentry_id: int):
    if not logentry.event:
        return  # Ignore, we only have event-related notifications right now
    types = get_all_notification_types(logentry.event)
-
+    notification_type = types.get(logentry.action_type)
    notification_type = None
    typepath = logentry.action_type
    while not notification_type and '.' in typepath:
        notification_type = types.get(typepath + ('.*' if typepath != logentry.action_type else ''))
        typepath = typepath.rsplit('.', 1)[0]
    if not notification_type:
-        return  # No suitable plugin
+        return  # Ignore, e.g. plugin not active for this event
    # All users that have the permission to get the notification
    users = logentry.event.get_users_with_permission(
@@ -39,7 +33,7 @@ def notify(logentry_id: int):
        (ns.user, ns.method): ns.enabled
        for ns in NotificationSetting.objects.filter(
            event=logentry.event,
-            action_type=notification_type.action_type,
+            action_type=logentry.action_type,
            user__pk__in=users.values_list('pk', flat=True)
        )
    }
@@ -47,7 +41,7 @@ def notify(logentry_id: int):
        (ns.user, ns.method): ns.enabled
        for ns in NotificationSetting.objects.filter(
            event__isnull=True,
-            action_type=notification_type.action_type,
+            action_type=logentry.action_type,
            user__pk__in=users.values_list('pk', flat=True)
        )
    }
@@ -55,20 +49,20 @@ def notify(logentry_id: int):
    for um, enabled in notify_specific.items():
        user, method = um
        if enabled:
-            send_notification.apply_async(args=(logentry_id, notification_type.action_type, user.pk, method))
+            send_notification.apply_async(args=(logentry_id, user.pk, method))
    for um, enabled in notify_global.items():
        user, method = um
        if enabled and um not in notify_specific:
-            send_notification.apply_async(args=(logentry_id, notification_type.action_type, user.pk, method))
+            send_notification.apply_async(args=(logentry_id, user.pk, method))
@app.task(base=ProfiledTask)
-def send_notification(logentry_id: int, action_type: str, user_id: int, method: str):
+def send_notification(logentry_id: int, user_id: int, method: str):
    logentry = LogEntry.all.get(id=logentry_id)
    user = User.objects.get(id=user_id)
    types = get_all_notification_types(logentry.event)
-    notification_type = types.get(action_type)
+    notification_type = types.get(logentry.action_type)
    if not notification_type:
        return  # Ignore, e.g. plugin not active for this event
--- a/src/pretix/base/services/orders.py
+++ b/src/pretix/base/services/orders.py
@@ -21,7 +21,7 @@ from pretix.base.i18n import (
    LazyCurrencyNumber, LazyDate, LazyLocaleException, LazyNumber, language,
 )
 from pretix.base.models import (
-    CartPosition, Device, Event, Item, ItemVariation, Order, OrderPayment,
+    CartPosition, Event, Item, ItemVariation, Order, OrderPayment,
    OrderPosition, Quota, User, Voucher,
 )
 from pretix.base.models.event import SubEvent
@@ -91,33 +91,34 @@ def extend_order(order: Order, new_date: datetime, force: bool=False, user: User
    """
    if new_date < now():
        raise OrderError(_('The new expiry date needs to be in the future.'))
-
+    if order.status == Order.STATUS_PENDING:
    def change(was_expired=True):
        order.expires = new_date
-        if was_expired:
+        order.save()
            order.status = Order.STATUS_PENDING
        order.save(update_fields=['expires'] + (['status'] if was_expired else []))
        order.log_action(
            'pretix.event.order.expirychanged',
            user=user,
            auth=auth,
            data={
                'expires': order.expires,
-                'state_change': was_expired
+                'state_change': False
            }
        )
        if was_expired:
            num_invoices = order.invoices.filter(is_cancellation=False).count()
            if num_invoices > 0 and order.invoices.filter(is_cancellation=True).count() >= num_invoices:
                generate_invoice(order)
    if order.status == Order.STATUS_PENDING:
        change(was_expired=False)
    else:
        with order.event.lock() as now_dt:
            is_available = order._is_still_available(now_dt, count_waitinglist=False)
            if is_available is True or force is True:
-                change(was_expired=True)
+                order.expires = new_date
                order.status = Order.STATUS_PENDING
                order.save()
                order.log_action(
                    'pretix.event.order.expirychanged',
                    user=user,
                    auth=auth,
                    data={
                        'expires': order.expires,
                        'state_change': True
                    }
                )
            else:
                raise OrderError(is_available)
@@ -135,7 +136,7 @@ def mark_order_refunded(order, user=None, auth=None, api_token=None):
        user = User.objects.get(pk=user)
    with order.event.lock():
        order.status = Order.STATUS_REFUNDED
-        order.save(update_fields=['status'])
+        order.save()
    order.log_action('pretix.event.order.refunded', user=user, auth=auth or api_token)
    i = order.invoices.filter(is_cancellation=False).last()
@@ -158,7 +159,7 @@ def mark_order_expired(order, user=None, auth=None):
        user = User.objects.get(pk=user)
    with order.event.lock():
        order.status = Order.STATUS_EXPIRED
-        order.save(update_fields=['status'])
+        order.save()
    order.log_action('pretix.event.order.expired', user=user, auth=auth)
    i = order.invoices.filter(is_cancellation=False).last()
@@ -180,7 +181,7 @@ def approve_order(order, user=None, send_mail: bool=True, auth=None):
    order.require_approval = False
    order.set_expires(now(), order.event.subevents.filter(id__in=[p.subevent_id for p in order.positions.all()]))
-    order.save(update_fields=['require_approval', 'expires'])
+    order.save()
    order.log_action('pretix.event.order.approved', user=user, auth=auth)
    if order.total == Decimal('0.00'):
@@ -257,7 +258,7 @@ def deny_order(order, comment='', user=None, send_mail: bool=True, auth=None):
    with order.event.lock():
        order.status = Order.STATUS_CANCELED
-        order.save(update_fields=['status'])
+        order.save()
    order.log_action('pretix.event.order.denied', user=user, auth=auth, data={
        'comment': comment
@@ -306,7 +307,7 @@ def deny_order(order, comment='', user=None, send_mail: bool=True, auth=None):
@transaction.atomic
-def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device=None, oauth_application=None):
+def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, oauth_application=None):
    """
    Mark this order as canceled
    :param order: The order to change
@@ -318,17 +319,15 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
        user = User.objects.get(pk=user)
    if isinstance(api_token, int):
        api_token = TeamAPIToken.objects.get(pk=api_token)
    if isinstance(device, int):
        device = Device.objects.get(pk=device)
    if isinstance(oauth_application, int):
        oauth_application = OAuthApplication.objects.get(pk=oauth_application)
    with order.event.lock():
        if not order.cancel_allowed():
            raise OrderError(_('You cannot cancel this order.'))
        order.status = Order.STATUS_CANCELED
-        order.save(update_fields=['status'])
+        order.save()
-    order.log_action('pretix.event.order.canceled', user=user, auth=api_token or oauth_application or device)
+    order.log_action('pretix.event.order.canceled', user=user, auth=api_token or oauth_application)
    i = order.invoices.filter(is_cancellation=False).last()
    if i:
        generate_cancellation(i)
@@ -378,7 +377,7 @@ def _check_positions(event: Event, now_dt: datetime, positions: List[CartPositio
    products_seen = Counter()
    for i, cp in enumerate(positions):
-        if not cp.item.is_available() or (cp.variation and not cp.variation.active):
+        if not cp.item.active or (cp.variation and not cp.variation.active):
            err = err or error_messages['unavailable']
            cp.delete()
            continue
@@ -498,7 +497,7 @@ def _get_fees(positions: List[CartPosition], payment_provider: BasePaymentProvid
 def _create_order(event: Event, email: str, positions: List[CartPosition], now_dt: datetime,
                  payment_provider: BasePaymentProvider, locale: str=None, address: InvoiceAddress=None,
-                  meta_info: dict=None, sales_channel: str='web'):
+                  meta_info: dict=None):
    fees, pf = _get_fees(positions, payment_provider, address, meta_info, event)
    total = sum([c.price for c in positions]) + sum([c.value for c in fees])
@@ -511,8 +510,7 @@ def _create_order(event: Event, email: str, positions: List[CartPosition], now_d
            locale=locale,
            total=total,
            meta_info=json.dumps(meta_info or {}),
-            require_approval=any(p.item.require_approval for p in positions),
+            require_approval=any(p.item.require_approval for p in positions)
            sales_channel=sales_channel
        )
        order.set_expires(now_dt, event.subevents.filter(id__in=[p.subevent_id for p in positions]))
        order.save()
@@ -542,8 +540,6 @@ def _create_order(event: Event, email: str, positions: List[CartPosition], now_d
        OrderPosition.transform_cart_positions(positions, order)
        order.log_action('pretix.event.order.placed')
        if order.require_approval:
            order.log_action('pretix.event.order.placed.require_approval')
        if meta_info:
            for msg in meta_info.get('confirm_messages', []):
                order.log_action('pretix.event.order.consent', data={'msg': msg})
@@ -553,7 +549,7 @@ def _create_order(event: Event, email: str, positions: List[CartPosition], now_d
 def _perform_order(event: str, payment_provider: str, position_ids: List[str],
-                   email: str, locale: str, address: int, meta_info: dict=None, sales_channel: str='web'):
+                   email: str, locale: str, address: int, meta_info: dict=None):
    event = Event.objects.get(id=event)
    if payment_provider:
@@ -582,7 +578,7 @@ def _perform_order(event: str, payment_provider: str, position_ids: List[str],
            raise OrderError(error_messages['internal'])
        _check_positions(event, now_dt, positions, address=addr)
        order = _create_order(event, email, positions, now_dt, pprov,
-                              locale=locale, address=addr, meta_info=meta_info, sales_channel=sales_channel)
+                              locale=locale, address=addr, meta_info=meta_info)
    invoice = order.invoices.last()  # Might be generated by plugin already
    if event.settings.get('invoice_generate') == 'True' and invoice_qualified(order):
@@ -635,8 +631,7 @@ def _perform_order(event: str, payment_provider: str, position_ids: List[str],
            order.send_mail(
                email_subject, email_template, email_context,
                log_entry,
-                invoices=[invoice] if invoice and event.settings.invoice_email_attachment else [],
+                invoices=[invoice] if invoice and event.settings.invoice_email_attachment else []
                attach_tickets=True
            )
        except SendMailException:
            logger.exception('Order received email could not be sent')
@@ -663,54 +658,47 @@ def send_expiry_warnings(sender, **kwargs):
    eventcache = {}
    today = now().replace(hour=0, minute=0, second=0)
-    for o in Order.objects.filter(
+    for o in Order.objects.filter(expires__gte=today, expiry_reminder_sent=False, status=Order.STATUS_PENDING).select_related('event'):
-        expires__gte=today, expiry_reminder_sent=False, status=Order.STATUS_PENDING, datetime__lte=now() - timedelta(hours=2)
+        eventsettings = eventcache.get(o.event.pk, None)
-    ).only('pk'):
+        if eventsettings is None:
-        with transaction.atomic():
+            eventsettings = o.event.settings
-            o = Order.objects.select_related('event').select_for_update().get(pk=o.pk)
+            eventcache[o.event.pk] = eventsettings
            if o.status != Order.STATUS_PENDING or o.expiry_reminder_sent:
                # Race condition
                continue
            eventsettings = eventcache.get(o.event.pk, None)
            if eventsettings is None:
                eventsettings = o.event.settings
                eventcache[o.event.pk] = eventsettings
-            days = eventsettings.get('mail_days_order_expire_warning', as_type=int)
+        days = eventsettings.get('mail_days_order_expire_warning', as_type=int)
-            tz = pytz.timezone(eventsettings.get('timezone', settings.TIME_ZONE))
+        tz = pytz.timezone(eventsettings.get('timezone', settings.TIME_ZONE))
-            if days and (o.expires - today).days <= days:
+        if days and (o.expires - today).days <= days:
-                with language(o.locale):
+            with language(o.locale):
-                    o.expiry_reminder_sent = True
+                o.expiry_reminder_sent = True
-                    o.save(update_fields=['expiry_reminder_sent'])
+                o.save()
-                    try:
+                try:
-                        invoice_name = o.invoice_address.name
+                    invoice_name = o.invoice_address.name
-                        invoice_company = o.invoice_address.company
+                    invoice_company = o.invoice_address.company
-                    except InvoiceAddress.DoesNotExist:
+                except InvoiceAddress.DoesNotExist:
-                        invoice_name = ""
+                    invoice_name = ""
-                        invoice_company = ""
+                    invoice_company = ""
-                    email_template = eventsettings.mail_text_order_expire_warning
+                email_template = eventsettings.mail_text_order_expire_warning
-                    email_context = {
+                email_context = {
-                        'event': o.event.name,
+                    'event': o.event.name,
-                        'url': build_absolute_uri(o.event, 'presale:event.order', kwargs={
+                    'url': build_absolute_uri(o.event, 'presale:event.order', kwargs={
-                            'order': o.code,
+                        'order': o.code,
-                            'secret': o.secret
+                        'secret': o.secret
-                        }),
+                    }),
-                        'expire_date': date_format(o.expires.astimezone(tz), 'SHORT_DATE_FORMAT'),
+                    'expire_date': date_format(o.expires.astimezone(tz), 'SHORT_DATE_FORMAT'),
-                        'invoice_name': invoice_name,
+                    'invoice_name': invoice_name,
-                        'invoice_company': invoice_company,
+                    'invoice_company': invoice_company,
-                    }
+                }
-                    if eventsettings.payment_term_expire_automatically:
+                if eventsettings.payment_term_expire_automatically:
-                        email_subject = _('Your order is about to expire: %(code)s') % {'code': o.code}
+                    email_subject = _('Your order is about to expire: %(code)s') % {'code': o.code}
-                    else:
+                else:
-                        email_subject = _('Your order is pending payment: %(code)s') % {'code': o.code}
+                    email_subject = _('Your order is pending payment: %(code)s') % {'code': o.code}
-                    try:
+                try:
-                        o.send_mail(
+                    o.send_mail(
-                            email_subject, email_template, email_context,
+                        email_subject, email_template, email_context,
-                            'pretix.event.order.email.expire_warning_sent'
+                        'pretix.event.order.email.expire_warning_sent'
-                        )
+                    )
-                    except SendMailException:
+                except SendMailException:
-                        logger.exception('Reminder email could not be sent')
+                    logger.exception('Reminder email could not be sent')
@receiver(signal=periodic_task)
@@ -718,7 +706,6 @@ def send_download_reminders(sender, **kwargs):
    today = now().replace(hour=0, minute=0, second=0, microsecond=0)
    for e in Event.objects.filter(date_from__gte=today):
        days = e.settings.get('mail_days_download_reminder', as_type=int)
        if days is None:
            continue
@@ -727,35 +714,29 @@ def send_download_reminders(sender, **kwargs):
        if now() < reminder_date:
            continue
-        for o in e.orders.filter(status=Order.STATUS_PAID, download_reminder_sent=False, datetime__lte=now() - timedelta(hours=2)).only('pk'):
+        for o in e.orders.filter(status=Order.STATUS_PAID, download_reminder_sent=False):
-            with transaction.atomic():
+            if not all([r for rr, r in allow_ticket_download.send(e, order=o)]):
-                o = Order.objects.select_related('event').select_for_update().get(pk=o.pk)
+                continue
                if o.download_reminder_sent:
                    # Race condition
                    continue
                if not all([r for rr, r in allow_ticket_download.send(e, order=o)]):
                    continue
-                with language(o.locale):
+            with language(o.locale):
-                    o.download_reminder_sent = True
+                o.download_reminder_sent = True
-                    o.save(update_fields=['download_reminder_sent'])
+                o.save()
-                    email_template = e.settings.mail_text_download_reminder
+                email_template = e.settings.mail_text_download_reminder
-                    email_context = {
+                email_context = {
-                        'event': o.event.name,
+                    'event': o.event.name,
-                        'url': build_absolute_uri(o.event, 'presale:event.order', kwargs={
+                    'url': build_absolute_uri(o.event, 'presale:event.order', kwargs={
-                            'order': o.code,
+                        'order': o.code,
-                            'secret': o.secret
+                        'secret': o.secret
-                        }),
+                    }),
-                    }
+                }
-                    email_subject = _('Your ticket is ready for download: %(code)s') % {'code': o.code}
+                email_subject = _('Your ticket is ready for download: %(code)s') % {'code': o.code}
-                    try:
+                try:
-                        o.send_mail(
+                    o.send_mail(
-                            email_subject, email_template, email_context,
+                        email_subject, email_template, email_context,
-                            'pretix.event.order.email.download_reminder_sent',
+                        'pretix.event.order.email.download_reminder_sent'
-                            attach_tickets=True
+                    )
-                        )
+                except SendMailException:
-                    except SendMailException:
+                    logger.exception('Reminder email could not be sent')
                        logger.exception('Reminder email could not be sent')
 class OrderChangeManager:
@@ -926,32 +907,16 @@ class OrderChangeManager:
    def _check_paid_price_change(self):
        if self.order.status == Order.STATUS_PAID and self._totaldiff > 0:
-            if self.order.pending_sum > Decimal('0.00'):
+            self.order.status = Order.STATUS_PENDING
-                self.order.status = Order.STATUS_PENDING
+            self.order.set_expires(
-                self.order.set_expires(
+                now(),
-                    now(),
+                self.order.event.subevents.filter(id__in=self.order.positions.values_list('subevent_id', flat=True))
-                    self.order.event.subevents.filter(id__in=self.order.positions.values_list('subevent_id', flat=True))
+            )
-                )
+            self.order.save()
                self.order.save()
        elif self.order.status in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) and self._totaldiff < 0:
            if self.order.pending_sum <= Decimal('0.00'):
                self.order.status = Order.STATUS_PAID
                self.order.save()
            elif self.open_payment:
                self.open_payment.state = OrderPayment.PAYMENT_STATE_CANCELED
                self.open_payment.save()
                self.order.log_action('pretix.event.order.payment.canceled', {
                    'local_id': self.open_payment.local_id,
                    'provider': self.open_payment.provider,
                }, user=self.user, auth=self.auth)
        elif self.order.status in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) and self._totaldiff > 0:
            if self.open_payment:
                self.open_payment.state = OrderPayment.PAYMENT_STATE_CANCELED
                self.open_payment.save()
                self.order.log_action('pretix.event.order.payment.canceled', {
                    'local_id': self.open_payment.local_id,
                    'provider': self.open_payment.provider,
                }, user=self.user, auth=self.auth)
    def _check_paid_to_free(self):
        if self.order.total == 0 and (self._totaldiff < 0 or (self.split_order and self.split_order.total > 0)):
@@ -1043,7 +1008,6 @@ class OrderChangeManager:
                        'addon_to': opa.addon_to_id,
                        'old_price': opa.price,
                    })
                    opa.delete()
                self.order.log_action('pretix.event.order.changed.cancel', user=self.user, auth=self.auth, data={
                    'position': op.position.pk,
                    'positionid': op.position.positionid,
@@ -1202,7 +1166,7 @@ class OrderChangeManager:
                fee.save()
                if not self.open_payment.fee:
                    self.open_payment.fee = fee
-                    self.open_payment.save(update_fields=['fee'])
+                    self.open_payment.save()
            elif fee:
                fee.delete()
@@ -1323,13 +1287,11 @@ class OrderChangeManager:
@app.task(base=ProfiledTask, bind=True, max_retries=5, default_retry_delay=1, throws=(OrderError,))
 def perform_order(self, event: str, payment_provider: str, positions: List[str],
-                  email: str=None, locale: str=None, address: int=None, meta_info: dict=None,
+                  email: str=None, locale: str=None, address: int=None, meta_info: dict=None):
                  sales_channel: str='web'):
    with language(locale):
        try:
            try:
-                return _perform_order(event, payment_provider, positions, email, locale, address, meta_info,
+                return _perform_order(event, payment_provider, positions, email, locale, address, meta_info)
                                      sales_channel)
            except LockTimeoutException:
                self.retry()
        except (MaxRetriesExceededError, LockTimeoutException):
@@ -1337,11 +1299,10 @@ def perform_order(self, event: str, payment_provider: str, positions: List[str],
@app.task(base=ProfiledTask, bind=True, max_retries=5, default_retry_delay=1, throws=(OrderError,))
-def cancel_order(self, order: int, user: int=None, send_mail: bool=True, api_token=None, oauth_application=None,
+def cancel_order(self, order: int, user: int=None, send_mail: bool=True, api_token=None, oauth_application=None):
                 device=None):
    try:
        try:
-            return _cancel_order(order, user, send_mail, api_token, device, oauth_application)
+            return _cancel_order(order, user, send_mail, api_token, oauth_application)
        except LockTimeoutException:
            self.retry()
    except (MaxRetriesExceededError, LockTimeoutException):
--- a/src/pretix/base/services/tickets.py
+++ b/src/pretix/base/services/tickets.py
@@ -1,5 +1,5 @@
 import logging
 import os
 from datetime import timedelta
 from django.core.files.base import ContentFile
 from django.utils.timezone import now
@@ -11,56 +11,59 @@ from pretix.base.models import (
    OrderPosition,
 )
 from pretix.base.services.tasks import ProfiledTask
-from pretix.base.settings import PERSON_NAME_SCHEMES
+from pretix.base.signals import register_ticket_outputs
 from pretix.base.signals import allow_ticket_download, register_ticket_outputs
 from pretix.celery_app import app
 from pretix.helpers.database import rolledback_transaction
 logger = logging.getLogger(__name__)
-
+@app.task(base=ProfiledTask)
-def generate_orderposition(order_position: int, provider: str):
+def generate(order_position: str, provider: str):
    order_position = OrderPosition.objects.select_related('order', 'order__event').get(id=order_position)
    try:
        ct = CachedTicket.objects.get(order_position=order_position, provider=provider)
    except CachedTicket.MultipleObjectsReturned:
        CachedTicket.objects.filter(order_position=order_position, provider=provider).delete()
        ct = CachedTicket.objects.create(order_position=order_position, provider=provider, extension='',
                                         type='', file=None)
    except CachedTicket.DoesNotExist:
        ct = CachedTicket.objects.create(order_position=order_position, provider=provider, extension='',
                                         type='', file=None)
    with language(order_position.order.locale):
        responses = register_ticket_outputs.send(order_position.order.event)
        for receiver, response in responses:
            prov = response(order_position.order.event)
            if prov.identifier == provider:
-                filename, ttype, data = prov.generate(order_position)
+                filename, ct.type, data = prov.generate(order_position)
                path, ext = os.path.splitext(filename)
-                for ct in CachedTicket.objects.filter(order_position=order_position, provider=provider):
+                ct.extension = ext
-                    ct.delete()
+                ct.save()
                ct = CachedTicket.objects.create(order_position=order_position, provider=provider,
                                                 extension=ext, type=ttype, file=None)
                ct.file.save(filename, ContentFile(data))
                return ct.pk
@app.task(base=ProfiledTask)
 def generate_order(order: int, provider: str):
    order = Order.objects.select_related('event').get(id=order)
    try:
        ct = CachedCombinedTicket.objects.get(order=order, provider=provider)
    except CachedCombinedTicket.MultipleObjectsReturned:
        CachedCombinedTicket.objects.filter(order=order, provider=provider).delete()
        ct = CachedCombinedTicket.objects.create(order=order, provider=provider, extension='',
                                                 type='', file=None)
    except CachedCombinedTicket.DoesNotExist:
        ct = CachedCombinedTicket.objects.create(order=order, provider=provider, extension='',
                                                 type='', file=None)
    with language(order.locale):
        responses = register_ticket_outputs.send(order.event)
        for receiver, response in responses:
            prov = response(order.event)
            if prov.identifier == provider:
-                filename, ttype, data = prov.generate_order(order)
+                filename, ct.type, data = prov.generate_order(order)
                path, ext = os.path.splitext(filename)
-                for ct in CachedCombinedTicket.objects.filter(order=order, provider=provider):
+                ct.extension = ext
-                    ct.delete()
+                ct.save()
                ct = CachedCombinedTicket.objects.create(order=order, provider=provider, extension=ext,
                                                         type=ttype, file=None)
                ct.file.save(filename, ContentFile(data))
                return ct.pk
@app.task(base=ProfiledTask)
 def generate(model: str, pk: int, provider: str):
    if model == 'order':
        return generate_order(pk, provider)
    elif model == 'orderposition':
        return generate_orderposition(pk, provider)
 class DummyRollbackException(Exception):
@@ -81,13 +84,11 @@ def preview(event: int, provider: str):
                                    locale=event.settings.locale,
                                    expires=now(), code="PREVIEW1234", total=119)
-        scheme = PERSON_NAME_SCHEMES[event.settings.name_scheme]
+        p = order.positions.create(item=item, attendee_name=_("John Doe"), price=item.default_price)
-        sample = {k: str(v) for k, v in scheme['sample'].items()}
+        order.positions.create(item=item2, attendee_name=_("John Doe"), price=item.default_price, addon_to=p)
-        p = order.positions.create(item=item, attendee_name_parts=sample, price=item.default_price)
+        order.positions.create(item=item2, attendee_name=_("John Doe"), price=item.default_price, addon_to=p)
        order.positions.create(item=item2, attendee_name_parts=sample, price=item.default_price, addon_to=p)
        order.positions.create(item=item2, attendee_name_parts=sample, price=item.default_price, addon_to=p)
-        InvoiceAddress.objects.create(order=order, name_parts=sample, company=_("Sample company"))
+        InvoiceAddress.objects.create(order=order, name=_("John Doe"), company=_("Sample company"))
        responses = register_ticket_outputs.send(event)
        for receiver, response in responses:
@@ -96,61 +97,41 @@ def preview(event: int, provider: str):
                return prov.generate(p)
-def get_tickets_for_order(order):
+def get_cachedticket_for_position(pos, identifier):
-    can_download = all([r for rr, r in allow_ticket_download.send(order.event, order=order)])
+    try:
-    if not can_download:
+        ct = CachedTicket.objects.filter(
-        return []
+            order_position=pos, provider=identifier
-    if not order.ticket_download_available:
+        ).last()
-        return []
+    except CachedTicket.DoesNotExist:
        ct = None
-    providers = [
+    if not ct:
-        response(order.event)
+        ct = CachedTicket.objects.create(
-        for receiver, response
+            order_position=pos, provider=identifier,
-        in register_ticket_outputs.send(order.event)
+            extension='', type='', file=None)
-    ]
+        generate.apply_async(args=(pos.id, identifier))
-    tickets = []
+    if not ct.file:
        if now() - ct.created > timedelta(minutes=5):
            generate.apply_async(args=(pos.id, identifier))
    return ct
    for p in providers:
        if not p.is_enabled:
            continue
-        if p.multi_download_enabled:
+def get_cachedticket_for_order(order, identifier):
-            try:
+    try:
-                ct = CachedCombinedTicket.objects.filter(
+        ct = CachedCombinedTicket.objects.filter(
-                    order=order, provider=p.identifier, file__isnull=False
+            order=order, provider=identifier
-                ).last()
+        ).last()
-                if not ct or not ct.file:
+    except CachedCombinedTicket.DoesNotExist:
-                    retval = generate.apply(args=('order', order.pk, p.identifier))
+        ct = None
                    ct = CachedCombinedTicket.objects.get(pk=retval.get())
                tickets.append((
                    "{}-{}-{}{}".format(
                        order.event.slug.upper(), order.code, ct.provider, ct.extension,
                    ),
                    ct
                ))
            except:
                logger.exception('Failed to generate ticket.')
        else:
            for pos in order.positions.all():
                if pos.addon_to and not order.event.settings.ticket_download_addons:
                    continue
                if not pos.item.admission and not order.event.settings.ticket_download_nonadm:
                    continue
                try:
                    ct = CachedTicket.objects.filter(
                        order_position=pos, provider=p.identifier, file__isnull=False
                    ).last()
                    if not ct or not ct.file:
                        retval = generate.apply(args=('orderposition', pos.pk, p.identifier))
                        ct = CachedTicket.objects.get(pk=retval.get())
                    tickets.append((
                        "{}-{}-{}-{}{}".format(
                            order.event.slug.upper(), order.code, pos.positionid, ct.provider, ct.extension,
                        ),
                        ct
                    ))
                except:
                    logger.exception('Failed to generate ticket.')
-    return tickets
+    if not ct:
        ct = CachedCombinedTicket.objects.create(
            order=order, provider=identifier,
            extension='', type='', file=None)
        generate_order.apply_async(args=(order.id, identifier))
    if not ct.file:
        if now() - ct.created > timedelta(minutes=5):
            generate_order.apply_async(args=(order.id, identifier))
    return ct
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Raphael Michel	83c297c0a8	Allow to transfer tickets	2018-09-20 21:11:12 +02:00
Raphael Michel	60d1f02d26	Remove deprecated template part	2018-09-20 20:25:23 +02:00
`@@ -1 +1 @@`
	`__version__ = "2.3.0"`	`__version__ = "2.1.0.dev0"`