From 3a0aaa3f9270b26322f82ec501be627f37a81f34 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Wed, 30 Oct 2019 17:21:42 +0100
Subject: [PATCH] Stripe: Relax same-session requirement for iDEAL payments

This security mechanism caused problems with banking apps who open the
return view in a separate browser session inside the banking app.
---
 src/pretix/plugins/stripe/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pretix/plugins/stripe/views.py b/src/pretix/plugins/stripe/views.py
index ee4a0043f9..0e1c29f744 100644
--- a/src/pretix/plugins/stripe/views.py
+++ b/src/pretix/plugins/stripe/views.py
@@ -454,7 +454,7 @@ class StripeOrderView:
         return self.request.event.get_payment_providers()[self.payment.provider]
 
     def _redirect_to_order(self):
-        if self.request.session.get('payment_stripe_order_secret') != self.order.secret:
+        if self.request.session.get('payment_stripe_order_secret') != self.order.secret and self.payment.provider != 'stripe_ideal':
             messages.error(self.request, _('Sorry, there was an error in the payment process. Please check the link '
                                            'in your emails to continue.'))
             return redirect(eventreverse(self.request.event, 'presale:event.index'))