CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-08 15:44:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve cookie detection and handling

Browse Source
This commit is contained in:
Raphael Michel
2018-09-02 15:25:33 +02:00
parent e18375ca6d
commit 6a4a8af731
8 changed files with 112 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/pretix/presale/templates/pretixpresale/event/cookies.html Normal file
View File

@@ -0,0 +1,38 @@
{% extends "error.html" %}
{% load i18n %}
{% load eventurl %}
{% block content %}
{% if cart_namespace %}
<h1>{% trans "Please continue in a new tab" %}</h1>
<p class="larger">
{% blocktrans trimmed %}
Your browser is configured to block cookies from third-party website elements. Unfortunately, this
means we cannot show you this ticket shop embedded into the website. Please try to open the ticket
shop in a new tab or change your browser settings.
{% endblocktrans %}
</p>
<p class="larger">
{% blocktrans trimmed %}
We apologize for the inconvenience!
{% endblocktrans %}
</p>
<div class="text-center">
<a href="{{ url }}"
class="btn btn-primary btn-lg" target="_blank">
{% trans "Continue in new tab" %}
</a>
<script>
window.open('{{ url|escapejs }}');
</script>
</div>
{% else %}
<h1>{% trans "Cookies not supported" %}</h1>
<div class="alert alert-error">
{% blocktrans trimmed %}
Your browser does not accept cookies from us. However, we need to set a cookie to remember who
you are and what is in your cart. Please change your browser settings accordingly.
{% endblocktrans %}
</div>
{% endif %}
{% endblock %}

23
src/pretix/presale/templates/pretixpresale/event/index.html
View File

@@ -106,29 +106,6 @@
</div> </div>
{% endif %} {% endif %}
{% if cookie_warning %}
<div class="alert alert-danger">
{% if cart_namespace %}
{% blocktrans trimmed %}
Your browser does not accept cookies from us. However, we need to set a cookie to remember who
you are and what is in your cart. Please try to open the ticket shop in a new tab or change your
browser settings.
{% endblocktrans %}
<br>
<a href="{% eventurl event "presale:event.index" cart_namespace=cart_namespace %}{% if "cart_id" in request.GET %}?src=widget&take_cart_id={{ request.GET.cart_id }}{% endif %}"
class="btn btn-primary" target="_blank">
{% trans "Open ticket shop in new tab" %}
</a>
<div class="clearfix"></div>
{% else %}
{% blocktrans trimmed %}
Your browser does not accept cookies from us. However, we need to set a cookie to remember who
you are and what is in your cart. Please change your browser settings accordingly.
{% endblocktrans %}
{% endif %}
</div>
{% endif %}
{% if subevent or not event.has_subevents %} {% if subevent or not event.has_subevents %}
{% if not ev.presale_is_running %} {% if not ev.presale_is_running %}
<div class="alert alert-info"> <div class="alert alert-info">

5
src/pretix/presale/templates/pretixpresale/event/voucher.html
View File

@@ -19,8 +19,9 @@
{% endblocktrans %} {% endblocktrans %}
</p> </p>
{% if event.presale_is_running or event.settings.show_items_outside_presale_period %} {% if event.presale_is_running or event.settings.show_items_outside_presale_period %}
<form method="post" data-asynctask <form method="post"
action="{% eventurl request.event "presale:event.cart.add" cart_namespace=cart_namespace %}?next={% eventurl request.event "presale:event.index" cart_namespace=cart_namespace %}{% if "iframe" in request.GET %}&iframe={{ request.GET.iframe }}{% endif %}"> action="{% eventurl request.event "presale:event.cart.add" cart_namespace=cart_namespace %}?next={% eventurl request.event "presale:event.index" cart_namespace=cart_namespace %}{% if "iframe" in request.GET and not new_tab %}&iframe={{ request.GET.iframe }}{% endif %}{% if "take_cart_id" in request.GET and new_tab %}&take_cart_id={{ request.GET.take_cart_id }}{% endif %}"
{% if new_tab %}target="_blank"{% else %}data-asynctask{% endif %}>
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="subevent" value="{{ subevent.id|default_if_none:"" }}" /> <input type="hidden" name="subevent" value="{{ subevent.id|default_if_none:"" }}" />
<input type="hidden" name="_voucher_code" value="{{ voucher.code }}"> <input type="hidden" name="_voucher_code" value="{{ voucher.code }}">

14
src/pretix/presale/views/cart.py
View File

@@ -1,6 +1,7 @@
import mimetypes import mimetypes
import os import os
from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.db.models import Q from django.db.models import Q
from django.http import FileResponse, Http404, JsonResponse from django.http import FileResponse, Http404, JsonResponse
@@ -47,7 +48,7 @@ class CartActionMixin:
u += '&require_cookie=true' u += '&require_cookie=true'
else: else:
u += '?require_cookie=true' u += '?require_cookie=true'
if 'iframe' in self.request.GET: if 'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES:
cart_id = get_or_create_cart_id(self.request) cart_id = get_or_create_cart_id(self.request)
u += '&cart_id={}'.format(cart_id) u += '&cart_id={}'.format(cart_id)
return u return u
@@ -383,6 +384,12 @@ class RedeemView(NoSearchIndexViewMixin, EventViewMixin, TemplateView):
context['subevent'] = self.subevent context['subevent'] = self.subevent
context['new_tab'] = (
'require_cookie' in self.request.GET and
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
# Cookies are not supported! Lets just make the form open in a new tab
)
return context return context
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
@@ -436,6 +443,11 @@ class RedeemView(NoSearchIndexViewMixin, EventViewMixin, TemplateView):
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
if 'iframe' in request.GET and 'require_cookie' not in request.GET:
return redirect(request.get_full_path() + '&require_cookie=1')
return super().get(request, *args, **kwargs)
@method_decorator(xframe_options_exempt, 'dispatch') @method_decorator(xframe_options_exempt, 'dispatch')
class AnswerDownload(EventViewMixin, View): class AnswerDownload(EventViewMixin, View):

30
src/pretix/presale/views/event.py
View File

@@ -9,8 +9,7 @@ from django.conf import settings
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.db.models import Count, Prefetch, Q from django.db.models import Count, Prefetch, Q
from django.http import Http404, HttpResponse from django.http import Http404, HttpResponse
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import pgettext_lazy, ugettext_lazy as _ from django.utils.translation import pgettext_lazy, ugettext_lazy as _
@@ -181,8 +180,28 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
self.subevent = None self.subevent = None
if request.GET.get('src', '') == 'widget' and 'take_cart_id' in request.GET: if request.GET.get('src', '') == 'widget' and 'take_cart_id' in request.GET:
# User has clicked "Open in a new tab" link in widget
get_or_create_cart_id(request) get_or_create_cart_id(request)
return redirect(reverse('presale:event.index', kwargs=kwargs)) return redirect(eventreverse(request.event, 'presale:event.index', kwargs=kwargs))
elif request.GET.get('iframe', '') == '1' and 'take_cart_id' in request.GET:
# Widget just opened, a cart already exists. Let's to a stupid redirect to check if cookies are disabled
get_or_create_cart_id(request)
return redirect(eventreverse(request.event, 'presale:event.index', kwargs=kwargs) + '?require_cookie=true&cart_id={}'.format(
request.GET.get('take_cart_id')
))
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported
r = render(request, 'pretixpresale/event/cookies.html', {
'url': eventreverse(
request.event, "presale:event.index", kwargs={'cart_namespace': kwargs.get('cart_namespace')}
) + (
"?src=widget&take_cart_id={}".format(request.GET.get('cart_id'))
if "cart_id" in request.GET else ""
)
})
r._csp_ignore = True
return r
if request.event.has_subevents: if request.event.has_subevents:
if 'subevent' in kwargs: if 'subevent' in kwargs:
self.subevent = request.event.subevents.filter(pk=kwargs['subevent'], active=True).first() self.subevent = request.event.subevents.filter(pk=kwargs['subevent'], active=True).first()
@@ -286,11 +305,6 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
) )
) )
context['cookie_warning'] = (
'require_cookie' in self.request.GET and
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
)
return context return context

22
src/pretix/presale/views/waiting.py
View File

@@ -1,5 +1,6 @@
from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect, render
from django.utils import translation from django.utils import translation
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.utils.functional import cached_property from django.utils.functional import cached_property
@@ -7,6 +8,8 @@ from django.utils.translation import pgettext_lazy, ugettext_lazy as _
from django.views.generic import FormView from django.views.generic import FormView
from pretix.base.models.event import SubEvent from pretix.base.models.event import SubEvent
from pretix.base.templatetags.urlreplace import url_replace
from pretix.multidomain.urlreverse import eventreverse
from pretix.presale.views import EventViewMixin from pretix.presale.views import EventViewMixin
from . import allow_frame_if_namespaced from . import allow_frame_if_namespaced
@@ -36,6 +39,23 @@ class WaitingView(EventViewMixin, FormView):
ctx['item'], ctx['variation'] = self.item_and_variation ctx['item'], ctx['variation'] = self.item_and_variation
return ctx return ctx
def get(self, request, *args, **kwargs):
if request.GET.get('iframe', '') == '1' and 'require_cookie' not in request.GET:
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
return redirect(request.get_full_path() + '&require_cookie=true')
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
# cookies.
r = render(request, 'pretixpresale/event/cookies.html', {
'url': eventreverse(
request.event, "presale:event.waitinglist", kwargs={'cart_namespace': kwargs.get('cart_namespace')}
) + '?' + url_replace(request, 'require_cookie', '', 'iframe', '')
})
r._csp_ignore = True
return r
return super().get(request, *args, **kwargs)
@cached_property @cached_property
def item_and_variation(self): def item_and_variation(self):
try: try:

4
src/pretix/static/pretixbase/scss/error.scss
View File

@@ -14,3 +14,7 @@ body {
font-size: 200px; font-size: 200px;
color: $brand-primary; color: $brand-primary;
} }
.larger {
font-size: 16px;
}

14
src/pretix/static/pretixpresale/js/widget/widget.js
View File

@@ -166,7 +166,7 @@ Vue.component('availbox', {
return 'item_' + this.item.id; return 'item_' + this.item.id;
} }
}, },
order_max: function () { order_max: function () {
return this.item.has_variations ? this.variation.order_max : this.item.order_max; return this.item.has_variations ? this.variation.order_max : this.item.order_max;
}, },
avail: function () { avail: function () {
@@ -462,7 +462,10 @@ var shared_methods = {
iframe.src = redirect_url; iframe.src = redirect_url;
}, },
resume: function () { resume: function () {
var redirect_url = this.$root.event_url + 'w/' + widget_id + '/?iframe=1&locale=' + lang + '&take_cart_id=' + this.$root.cart_id; var redirect_url = this.$root.event_url + 'w/' + widget_id + '/?iframe=1&locale=' + lang;
if (this.$root.cart_id) {
redirect_url += '&take_cart_id=' + this.$root.cart_id;
}
if (this.$root.useIframe) { if (this.$root.useIframe) {
var iframe = this.$root.overlay.$children[0].$refs['frame-container'].children[0]; var iframe = this.$root.overlay.$children[0].$refs['frame-container'].children[0];
this.$root.overlay.frame_loading = true; this.$root.overlay.frame_loading = true;
@@ -634,6 +637,11 @@ var shared_root_methods = {
if (this.$root.useIframe) { if (this.$root.useIframe) {
event.preventDefault(); event.preventDefault();
var url = event.target.attributes.href.value; var url = event.target.attributes.href.value;
if (url.indexOf('?')) {
url += '&iframe=1';
} else {
url += '?iframe=1';
}
this.$root.overlay.$children[0].$refs['frame-container'].children[0].src = url; this.$root.overlay.$children[0].$refs['frame-container'].children[0].src = url;
this.$root.overlay.frame_loading = true; this.$root.overlay.frame_loading = true;
} else { } else {
@@ -704,7 +712,7 @@ var shared_root_computed = {
if (getCookie(this.cookieName)) { if (getCookie(this.cookieName)) {
form_target += "&take_cart_id=" + getCookie(this.cookieName); form_target += "&take_cart_id=" + getCookie(this.cookieName);
} }
return form_target; return form_target
}, },
useIframe: function () { useIframe: function () {
return Math.min(screen.width, window.innerWidth) >= 800 && (this.skip_ssl || site_is_secure()); return Math.min(screen.width, window.innerWidth) >= 800 && (this.skip_ssl || site_is_secure());