CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #3360 -- Allow to revoke devices before initialized

Browse Source
This commit is contained in:
Raphael Michel
2023-06-04 18:06:00 +02:00
parent 0d93f7f52f
commit 35350a13d6
5 changed files with 39 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/pretix/api/views/device.py
View File

@@ -93,6 +93,9 @@ class InitializeView(APIView):
if device.initialized:
raise ValidationError({'token': ['This initialization token has already been used.']})
if device.revoked:
raise ValidationError({'token': ['This initialization token has been revoked.']})
device.initialized = now()
device.hardware_brand = serializer.validated_data.get('hardware_brand')
device.hardware_model = serializer.validated_data.get('hardware_model')

15
src/pretix/control/templates/pretixcontrol/organizers/devices.html
View File

@@ -162,16 +162,19 @@
<a href="{% url "control:organizer.device.connect" organizer=request.organizer.slug device=d.id %}"
class="btn btn-primary btn-sm"><i class="fa fa-link"></i>
{% trans "Connect" %}</a>
{% elif d.api_token %}
{% endif %}
{% if not d.initialized or d.api_token %}
<a href="{% url "control:organizer.device.revoke" organizer=request.organizer.slug device=d.id %}"
class="btn btn-default btn-sm">
{% trans "Revoke access" %}</a>
{% endif %}
<a href="{% url "control:organizer.device.logs" organizer=request.organizer.slug device=d.id %}"
class="btn btn-default btn-sm">
<span class="fa fa-list-alt"></span>
{% trans "Logs" %}
</a>
{% if d.initialized %}
<a href="{% url "control:organizer.device.logs" organizer=request.organizer.slug device=d.id %}"
class="btn btn-default btn-sm">
<span class="fa fa-list-alt"></span>
{% trans "Logs" %}
</a>
{% endif %}
<a href="{% url "control:organizer.device.edit" organizer=request.organizer.slug device=d.id %}"
class="btn btn-default btn-sm"><i class="fa fa-edit"></i></a>
</td>

2
src/pretix/control/views/organizer.py
View File

@@ -1184,7 +1184,7 @@ class DeviceRevokeView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixi
def get(self, request, *args, **kwargs):
self.object = self.get_object()
if not self.object.api_token:
if self.object.revoked:
messages.success(request, _('This device currently does not have access.'))
return redirect(reverse('control:organizer.devices', kwargs={
'organizer': self.request.organizer.slug,

15
src/tests/api/test_deviceauth.py
View File

@@ -72,6 +72,21 @@ def test_initialize_used_token(client, device: Device):
assert resp.data == {'token': ['This initialization token has already been used.']}
@pytest.mark.django_db
def test_initialize_revoked_token(client, new_device: Device):
new_device.revoked = True
new_device.save()
resp = client.post('/api/v1/device/initialize', {
'token': new_device.initialization_token,
'hardware_brand': 'Samsung',
'hardware_model': 'Galaxy S',
'software_brand': 'pretixdroid',
'software_version': '4.0.0'
})
assert resp.status_code == 400
assert resp.data == {'token': ['This initialization token has been revoked.']}
@pytest.mark.django_db
def test_initialize_valid_token(client, new_device: Device):
resp = client.post('/api/v1/device/initialize', {

11
src/tests/control/test_devices.py
View File

@@ -110,6 +110,17 @@ def test_revoke_device(event, admin_user, admin_team, device, client):
assert device.revoked
@pytest.mark.django_db
def test_revoke_device_before_initialization(event, admin_user, admin_team, device, client):
client.login(email='dummy@dummy.dummy', password='dummy')
device.save()
client.get('/control/organizer/dummy/device/{}/revoke'.format(device.pk))
client.post('/control/organizer/dummy/device/{}/revoke'.format(device.pk), {}, follow=True)
device.refresh_from_db()
assert device.revoked
@pytest.mark.django_db
def test_bulk_update_device(event, admin_user, admin_team, device, client):
client.login(email='dummy@dummy.dummy', password='dummy')