Item form: Prevent combining validity_mode with gift cards

Update GitLab CI script
VAT ID validation: Fix crash with invalid Norwegian IDs (PRETIXEU-A3J)
2024-05-31 19:50:47 +02:00 · 2024-05-31 17:46:45 +02:00 · 2024-05-29 09:31:58 +02:00 · 2024-05-28 09:18:15 +02:00 · 2024-05-27 13:45:37 +02:00 · 2024-05-27 12:11:40 +02:00
14 changed files with 99 additions and 53 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,29 +1,30 @@
-before_script:
 tests:
+    image:
+        name: pretix/ci-image
    stage: test
+    before_script:
+        - pip install -U pip uv
+        - uv pip install --system -U wheel setuptools
    script:
-        - virtualenv env
-        - source env/bin/activate
-        - pip install -U pip wheel setuptools
-        - XDG_CACHE_HOME=/cache pip3 install -e ".[dev]"
+        - uv pip install --system -e ".[dev]"
        - cd src
        - python manage.py check
        - make all compress
-        - py.test --reruns 3 -n 3 tests
-    tags:
-        - python3
+        - PRETIX_CONFIG_FILE=tests/travis_sqlite.cfg py.test --reruns 3 -n 3 tests --maxfail=100
    except:
        - pypi
 pypi:
    stage: release
+    image:
+        name: pretix/ci-image
+    before_script:
+        - cat $PYPIRC > ~/.pypirc
+        - pip install -U pip uv
+        - uv pip install --system -U wheel setuptools twine build pretix-plugin-build check-manifest
    script:
-        - cp /keys/.pypirc ~/.pypirc
-        - virtualenv env
-        - source env/bin/activate
-        - pip install -U pip wheel setuptools check-manifest twine
-        - XDG_CACHE_HOME=/cache pip3 install -e ".[dev]"
+        - uv pip install --system -e ".[dev]"
        - python setup.py sdist
-        - pip install dist/pretix-*.tar.gz
+        - uv pip install --system dist/pretix-*.tar.gz
        - python -m pretix migrate
        - python -m pretix check
        - cd src
@@ -33,13 +34,12 @@ pypi:
        - python -m build
        - twine check dist/*
        - twine upload dist/*
-    tags:
-        - python3
    only:
        - pypi
    artifacts:
        paths:
            - src/dist/
+
 stages:
    - test
    - build
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -91,7 +91,7 @@ dependencies = [
  "qrcode==7.4.*",
  "redis==5.0.*",
  "reportlab==4.2.*",
-  "requests==2.32.*",
+  "requests==2.31.*",
  "sentry-sdk==1.45.*",
  "sepaxml==2.6.*",
  "slimit",
--- a/src/pretix/init.py
+++ b/src/pretix/init.py
@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2024.5.1"
+__version__ = "2024.6.0.dev0"
--- a/src/pretix/base/forms/widgets.py
+++ b/src/pretix/base/forms/widgets.py
@@ -38,7 +38,6 @@ from datetime import datetime
 from django import forms
 from django.utils.formats import get_format
 from django.utils.functional import lazy
-from django.utils.html import escape
 from django.utils.timezone import get_current_timezone, now
 from django.utils.translation import gettext_lazy as _

@@ -65,7 +64,7 @@ def format_placeholders_help_text(placeholders, event=None):
    placeholders = [(k, v.render_sample(event) if event else v) for k, v in placeholders.items()]
    placeholders.sort(key=lambda x: x[0])
    phs = [
-        '<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(_("Sample: %s") % v) if v else "", escape(k))
+        '<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (_("Sample: %s") % v if v else "", k)
        for k, v in placeholders
    ]
    return _('Available placeholders: {list}').format(
--- a/src/pretix/base/services/tax.py
+++ b/src/pretix/base/services/tax.py
@@ -62,7 +62,10 @@ class VATIDTemporaryError(VATIDError):

 def _validate_vat_id_NO(vat_id, country_code):
    # Inspired by vat_moss library
-    vat_id = vat_moss.id.normalize(vat_id)
+    try:
+        vat_id = vat_moss.id.normalize(vat_id)
+    except ValueError:
+        raise VATIDFinalError(error_messages['invalid'])

    if not vat_id or len(vat_id) < 3 or not re.match('^\\d{9}MVA$', vat_id[2:]):
        raise VATIDFinalError(error_messages['invalid'])
--- a/src/pretix/control/forms/item.py
+++ b/src/pretix/control/forms/item.py
@@ -698,6 +698,14 @@ class ItemUpdateForm(I18nModelForm):
                    'tax_rule',
                    _("Gift card products should use a tax rule with a rate of 0 percent since sales tax will be applied when the gift card is redeemed.")
                )
+            if d.get('validity_mode'):
+                self.add_error(
+                    'validity_mode',
+                    _(
+                        "Do not set a specific validity for gift card products as it will not restrict the validity "
+                        "of the gift card. A validity of gift cards can be set in your organizer settings."
+                    )
+                )
            if d.get('admission'):
                self.add_error(
                    'admission',
--- a/src/pretix/control/views/event.py
+++ b/src/pretix/control/views/event.py
@@ -62,7 +62,6 @@ from django.http import (
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.functional import cached_property
-from django.utils.html import escape
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext, gettext_lazy as _, gettext_noop
@@ -741,7 +740,7 @@ class MailSettingsPreview(EventPermissionRequiredMixin, View):
            else:
                ctx[p.identifier] = '<span class="placeholder" title="{}">{}</span>'.format(
                    _('This value will be replaced based on dynamic parameters.'),
-                    escape(s)
+                    s
                )
        return self.SafeDict(ctx)

@@ -782,7 +781,7 @@ class MailSettingsRendererPreview(MailSettingsPreview):
    def placeholders(self, item):
        ctx = {}
        for p in get_available_placeholders(self.request.event, MailSettingsForm.base_context[item]).values():
-            ctx[p.identifier] = escape(str(p.render_sample(self.request.event)))
+            ctx[p.identifier] = str(p.render_sample(self.request.event))
        return ctx

    def get(self, request, *args, **kwargs):
--- a/src/pretix/control/views/vouchers.py
+++ b/src/pretix/control/views/vouchers.py
@@ -50,7 +50,7 @@ from django.http import (
 from django.shortcuts import redirect, render
 from django.urls import resolve, reverse
 from django.utils.functional import cached_property
-from django.utils.html import format_html, escape
+from django.utils.html import format_html
 from django.utils.safestring import mark_safe
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
@@ -562,7 +562,7 @@ class VoucherBulkMailPreview(EventPermissionRequiredMixin, View):
            else:
                ctx[p.identifier] = '<span class="placeholder" title="{}">{}</span>'.format(
                    _('This value will be replaced based on dynamic parameters.'),
-                    escape(s)
+                    s
                )
        return self.SafeDict(ctx)

--- a/src/pretix/plugins/paypal2/payment.py
+++ b/src/pretix/plugins/paypal2/payment.py
@@ -30,6 +30,7 @@ from django import forms
 from django.conf import settings
 from django.contrib import messages
 from django.core.cache import cache
+from django.db import transaction
 from django.http import HttpRequest
 from django.template.loader import get_template
 from django.templatetags.static import static
@@ -54,6 +55,7 @@ from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota
 from pretix.base.payment import BasePaymentProvider, PaymentException
 from pretix.base.services.mail import SendMailException
 from pretix.base.settings import SettingsSandbox
+from pretix.helpers import OF_SELF
 from pretix.helpers.urls import build_absolute_uri as build_global_uri
 from pretix.multidomain.urlreverse import build_absolute_uri, eventreverse
 from pretix.plugins.paypal2.client.core.environment import (
@@ -585,6 +587,9 @@ class PaypalMethod(BasePaymentProvider):
                },
            })
            response = self.client.execute(paymentreq)
+
+            if payment:
+                ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=response.result.id)
        except IOError as e:
            if "RESOURCE_NOT_FOUND" in str(e):
                messages.error(request, _('Your payment has failed due to a known issue within PayPal. Please try '
@@ -617,7 +622,13 @@ class PaypalMethod(BasePaymentProvider):
        }
        return template.render(ctx)

+    @transaction.atomic
    def execute_payment(self, request: HttpRequest, payment: OrderPayment):
+        payment = OrderPayment.objects.select_for_update(of=OF_SELF).get(pk=payment.pk)
+        if payment.state == OrderPayment.PAYMENT_STATE_CONFIRMED:
+            logger.warning('payment is already confirmed; possible return-view/webhook race-condition')
+            return
+
        try:
            if request.session.get('payment_paypal_oid', '') == '':
                raise PaymentException(_('We were unable to process your payment. See below for details on how to '
--- a/src/pretix/plugins/paypal2/views.py
+++ b/src/pretix/plugins/paypal2/views.py
@@ -477,29 +477,35 @@ def webhook(request, *args, **kwargs):
                    amount=payment.amount - known_sum
                )
    elif payment.state in (OrderPayment.PAYMENT_STATE_PENDING, OrderPayment.PAYMENT_STATE_CREATED,
-                           OrderPayment.PAYMENT_STATE_CANCELED, OrderPayment.PAYMENT_STATE_FAILED) \
-            and sale['status'] == 'COMPLETED':
-        any_captures = False
-        all_captures_completed = True
-        for purchaseunit in sale['purchase_units']:
-            for capture in purchaseunit['payments']['captures']:
-                try:
-                    ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment,
-                                                                 reference=capture['id'])
-                except ReferencedPayPalObject.MultipleObjectsReturned:
-                    pass
+                           OrderPayment.PAYMENT_STATE_CANCELED, OrderPayment.PAYMENT_STATE_FAILED):
+        if sale['status'] == 'COMPLETED':
+            any_captures = False
+            all_captures_completed = True
+            for purchaseunit in sale['purchase_units']:
+                for capture in purchaseunit['payments']['captures']:
+                    try:
+                        ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment,
+                                                                     reference=capture['id'])
+                    except ReferencedPayPalObject.MultipleObjectsReturned:
+                        pass

-                if capture['status'] not in ('COMPLETED', 'REFUNDED', 'PARTIALLY_REFUNDED'):
-                    all_captures_completed = False
-                else:
-                    any_captures = True
-        if any_captures and all_captures_completed:
+                    if capture['status'] not in ('COMPLETED', 'REFUNDED', 'PARTIALLY_REFUNDED'):
+                        all_captures_completed = False
+                    else:
+                        any_captures = True
+            if any_captures and all_captures_completed:
+                try:
+                    payment.info = json.dumps(sale.dict())
+                    payment.save(update_fields=['info'])
+                    payment.confirm()
+                except Quota.QuotaExceededException:
+                    pass
+        elif sale['status'] == 'APPROVED':
+            request.session['payment_paypal_oid'] = payment.info_data['id']
            try:
-                payment.info = json.dumps(sale.dict())
-                payment.save(update_fields=['info'])
-                payment.confirm()
-            except Quota.QuotaExceededException:
-                pass
+                payment.payment_provider.execute_payment(request, payment)
+            except PaymentException as e:
+                logger.exception('PayPal2 - Could not capture/execute_payment from Webhook: {}'.format(str(e)))

    return HttpResponse(status=200)

--- a/src/pretix/plugins/sendmail/views.py
+++ b/src/pretix/plugins/sendmail/views.py
@@ -46,7 +46,6 @@ from django.shortcuts import get_object_or_404, redirect
 from django.template.loader import get_template
 from django.urls import reverse
 from django.utils.functional import cached_property
-from django.utils.html import escape
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _, ngettext
 from django.views.generic import DeleteView, FormView, ListView, TemplateView
@@ -194,7 +193,7 @@ class BaseSenderView(EventPermissionRequiredMixin, FormView):
                    for k, v in get_available_placeholders(self.request.event, self.context_parameters).items():
                        context_dict[k] = '<span class="placeholder" title="{}">{}</span>'.format(
                            _('This value will be replaced based on dynamic parameters.'),
-                            escape(v.render_sample(self.request.event))
+                            v.render_sample(self.request.event)
                        )

                    subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[])
@@ -609,7 +608,7 @@ class CreateRule(EventPermissionRequiredMixin, CreateView):
                                                                                'position_or_address']).items():
                        context_dict[k] = '<span class="placeholder" title="{}">{}</span>'.format(
                            _('This value will be replaced based on dynamic parameters.'),
-                            escape(v.render_sample(self.request.event))
+                            v.render_sample(self.request.event)
                        )

                    subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[])
@@ -685,7 +684,7 @@ class UpdateRule(EventPermissionRequiredMixin, UpdateView):
                for k, v in get_available_placeholders(self.request.event, ['event', 'order', 'position_or_address']).items():
                    placeholders[k] = '<span class="placeholder" title="{}">{}</span>'.format(
                        _('This value will be replaced based on dynamic parameters.'),
-                        escape(v.render_sample(self.request.event))
+                        v.render_sample(self.request.event)
                    )

                subject = bleach.clean(self.object.subject.localize(lang), tags=[])
--- a/src/pretix/presale/templates/pretixpresale/event/base.html
+++ b/src/pretix/presale/templates/pretixpresale/event/base.html
@@ -19,6 +19,9 @@
    {% if social_image %}
        <meta property="og:image" content="{{ social_image }}" />
    {% endif %}
+    {% if event.settings.google_site_verification %}
+        <meta name="google-site-verification" content="{{ event.settings.google_site_verification }}" />
+    {% endif %}
    {{ block.super }}
 {% endblock %}
 {% block above %}
@@ -68,15 +71,23 @@
 {% block page %}
    <div class="page-header{% if event_logo %} pager-header-with-logo{% endif %}{% if event_logo and event_logo_image_large %} logo-large{% endif %}">
        <div class="{% if not event_logo or not event_logo_image_large %}pull-left flip{% endif %}">
+            {% if event_logo and not event_logo_show_title %}
+                <h1 class="sr-only">
+                    {{ event.name }}
+                    {% if request.event.settings.show_dates_on_frontpage and not event.has_subevents %}
+                        <small>{{ event.get_date_range_display_as_html }}</small>
+                    {% endif %}
+                </h1>
+            {% endif %}
            {% if event_logo and event_logo_image_large %}
                <a href="{% eventurl event "presale:event.index" cart_namespace=cart_namespace|default_if_none:"" %}"
                   aria-label="{% trans 'Homepage' %}" title="{% trans 'Homepage' %}">
-                    <img src="{{ event_logo|thumb:'1170x5000' }}" alt="" class="event-logo" />
+                    <img src="{{ event_logo|thumb:'1170x5000' }}" alt="{{ event.name }}" class="event-logo" />
                </a>
            {% elif event_logo %}
                <a href="{% eventurl event "presale:event.index" cart_namespace=cart_namespace|default_if_none:"" %}"
                   aria-label="{% trans 'Homepage' %}" title="{% trans 'Homepage' %}">
-                    <img src="{{ event_logo|thumb:'5000x120' }}" alt="" class="event-logo" />
+                    <img src="{{ event_logo|thumb:'5000x120' }}" alt="{{ event.name }}" class="event-logo" />
                </a>
            {% else %}
                <h1>
--- a/src/pretix/presale/templates/pretixpresale/organizers/base.html
+++ b/src/pretix/presale/templates/pretixpresale/organizers/base.html
@@ -12,6 +12,10 @@
        <meta name="robots" content="noindex, nofollow">
    {% endif %}
    <meta property="og:type" content="website" />
+
+    {% if organizer.settings.google_site_verification %}
+        <meta name="google-site-verification" content="{{ organizer.settings.google_site_verification }}" />
+    {% endif %}
    {{ block.super }}
 {% endblock %}
 {% block above %}
@@ -39,6 +43,11 @@
 {% block page %}
    <div class="page-header{% if organizer_logo %} pager-header-with-logo{% endif %}{% if organizer_logo and organizer.settings.organizer_logo_image_large %} logo-large{% endif %}">
        <div class="{% if not organizer_logo or not organizer.settings.organizer_logo_image_large %}pull-left flip{% endif %}">
+            {% if organizer_logo %}
+                <h1 class="sr-only">
+                    {{ organizer.name }}
+                </h1>
+            {% endif %}
            {% if organizer_logo and organizer.settings.organizer_logo_image_large %}
                <a href="{% eventurl organizer "presale:organizer.index" %}" title="{{ organizer.name }}">
                    <img src="{{ organizer_logo|thumb:'1170x5000' }}" alt="{{ organizer.name }}"
--- a/src/setup.cfg
+++ b/src/setup.cfg
@@ -20,6 +20,7 @@ DJANGO_SETTINGS_MODULE = tests.settings
 addopts = --reruns 3 -rw
 filterwarnings =
    error
+    ignore:.*invalid escape sequence.*:
    ignore:The 'warn' method is deprecated:DeprecationWarning
    ignore::django.utils.deprecation.RemovedInDjango51Warning:django.core.files.storage
    ignore:.*index_together.*:django.utils.deprecation.RemovedInDjango51Warning:
Author	SHA1	Message	Date
Raphael Michel	a98755bd24	Item form: Prevent combining validity_mode with gift cards	2024-05-31 19:50:47 +02:00
Raphael Michel	8010d2e6bb	Update GitLab CI script	2024-05-31 17:46:45 +02:00
Raphael Michel	1566f54764	VAT ID validation: Fix crash with invalid Norwegian IDs (PRETIXEU-A3J)	2024-05-29 09:31:58 +02:00
Richard Schreiber	9d380557e1	SEO improvements - add h1.sr-only if only header-image is used * add hidden h1 with event-title if header-image only * add event-title to alt-attribute of header-image * add hidden setting for google_site_verification	2024-05-28 09:18:15 +02:00
Martin Gross	5758e0dd68	PPv2 APM: Create referenced PPObjects for APM Orders; enable webhooks to capture them (#3958 )	2024-05-27 13:45:37 +02:00
Martin Gross	b4629e24a5	Downgrade requests to 2.31.* again while waiting for 2.33.3 release	2024-05-27 12:11:40 +02:00
Raphael Michel	27f5121211	Bump version to 2024.6.0.dev0	2024-05-24 14:11:21 +02:00