diff --git a/src/pretix/base/ticketoutput.py b/src/pretix/base/ticketoutput.py index f12001d6fd..d6ea505663 100644 --- a/src/pretix/base/ticketoutput.py +++ b/src/pretix/base/ticketoutput.py @@ -3,7 +3,6 @@ from django import forms from django.http import HttpRequest, HttpResponse from django.utils.translation import ugettext_lazy as _ -from pretix.base.forms import SettingsForm from pretix.base.models import Order from pretix.base.settings import SettingsSandbox diff --git a/src/pretix/presale/views/order.py b/src/pretix/presale/views/order.py index de89baef2e..94f64ab9e9 100644 --- a/src/pretix/presale/views/order.py +++ b/src/pretix/presale/views/order.py @@ -101,7 +101,9 @@ class OrderPay(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, Templa self.request = request if not self.order: return HttpResponseNotFound(_('Unknown order code or order does belong to another user.')) - if not self.payment_provider.order_can_retry(self.order) or not self.payment_provider.is_enabled: + if (self.order.status not in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) + or not self.payment_provider.order_can_retry(self.order) + or not self.payment_provider.is_enabled): messages.error(request, _('The payment for this order cannot be continued.')) return redirect(self.get_order_url()) return super().dispatch(request, *args, **kwargs) @@ -145,9 +147,9 @@ class OrderPayDo(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, Temp if not self.payment_provider.order_can_retry(self.order) or not self.payment_provider.is_enabled: messages.error(request, _('The payment for this order cannot be continued.')) return redirect(self.get_order_url()) - if not self.payment_provider.payment_is_valid_session(request) or \ - not self.payment_provider.is_enabled or \ - not self.payment_provider.is_allowed(request): + if (not self.payment_provider.payment_is_valid_session(request) + or not self.payment_provider.is_enabled + or not self.payment_provider.is_allowed(request)): messages.error(request, _('The payment information you entered was incomplete.')) return redirect(self.get_payment_url()) return super().dispatch(request, *args, **kwargs) @@ -195,11 +197,8 @@ class OrderModify(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, if failed: messages.error(self.request, _("We had difficulties processing your input. Please review the errors below.")) - return self.get(*args, **kwargs) - return redirect('presale:event.order', - event=self.request.event.slug, - organizer=self.request.event.organizer.slug, - order=self.order.code) + return self.get(request, *args, **kwargs) + return redirect(self.get_order_url()) def get(self, request, *args, **kwargs): return super().get(request, *args, **kwargs) @@ -224,26 +223,22 @@ class OrderCancel(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, TemplateView): template_name = "pretixpresale/event/order_cancel.html" - def post(self, request, *args, **kwargs): + def dispatch(self, request, *args, **kwargs): + self.request = request self.kwargs = kwargs if not self.order: return HttpResponseNotFound(_('Unknown order code or order does belong to another user.')) if self.order.status not in (Order.STATUS_PENDING, Order.STATUS_EXPIRED): return HttpResponseForbidden(_('You cannot cancel this order')) + return super().dispatch(request, *args, **kwargs) + + def post(self, request, *args, **kwargs): order = self.order.clone() order.status = Order.STATUS_CANCELLED order.save() - return redirect('presale:event.order', - event=self.request.event.slug, - organizer=self.request.event.organizer.slug, - order=order.code) + return redirect(self.get_order_url()) def get(self, request, *args, **kwargs): - self.kwargs = kwargs - if not self.order: - return HttpResponseNotFound(_('Unknown order code or order does belong to another user.')) - if self.order.status not in (Order.STATUS_PENDING, Order.STATUS_EXPIRED): - return HttpResponseForbidden(_('You cannot cancel this order')) return super().get(request, *args, **kwargs) def get_context_data(self, **kwargs): @@ -254,12 +249,6 @@ class OrderCancel(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, class OrderDownload(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, View): - def get_order_url(self): - return reverse('presale:event.order', kwargs={ - 'event': self.request.event.slug, - 'organizer': self.request.event.organizer.slug, - 'order': self.order.code, - }) @cached_property def output(self): @@ -273,6 +262,8 @@ class OrderDownload(EventViewMixin, EventLoginRequiredMixin, OrderDetailMixin, if not self.output or not self.output.is_enabled: messages.error(request, _('You requested an invalid ticket output type.')) return redirect(self.get_order_url()) + if not self.order: + return HttpResponseNotFound(_('Unknown order code or order does belong to another user.')) if self.order.status != Order.STATUS_PAID: messages.error(request, _('Order is not paid.')) return redirect(self.get_order_url()) diff --git a/src/tests/base/test_models.py b/src/tests/base/test_models.py index 8c985344cd..beca551ce6 100644 --- a/src/tests/base/test_models.py +++ b/src/tests/base/test_models.py @@ -5,7 +5,7 @@ from django.utils.timezone import now from pretix.base.models import ( Event, Organizer, Item, ItemVariation, Property, PropertyValue, User, Quota, - Order, OrderPosition, CartPosition) + Order, OrderPosition, CartPosition, Question) from pretix.base.services.orders import mark_order_paid from pretix.base.types import VariationDict @@ -189,7 +189,8 @@ class BaseQuotaTestCase(TestCase): def setUp(self): self.quota = Quota.objects.create(name="Test", size=2, event=self.event) - self.item1 = Item.objects.create(event=self.event, name="Ticket", default_price=23) + self.item1 = Item.objects.create(event=self.event, name="Ticket", default_price=23, + admission=True) self.item2 = Item.objects.create(event=self.event, name="T-Shirt") p = Property.objects.create(event=self.event, name='Size') pv1 = PropertyValue.objects.create(prop=p, value='S') @@ -360,3 +361,18 @@ class OrderTestCase(BaseQuotaTestCase): mark_order_paid(self.order, force=True) self.order = Order.objects.current.get(identity=self.order.identity) self.assertEqual(self.order.status, Order.STATUS_PAID) + + def test_can_modify_answers(self): + self.event.settings.set('attendee_names_asked', True) + assert self.order.can_modify_answers + self.event.settings.set('attendee_names_asked', False) + assert not self.order.can_modify_answers + q = Question.objects.create(question='Foo', type=Question.TYPE_BOOLEAN, event=self.event) + self.item1.questions.add(q) + assert self.order.can_modify_answers + self.order.status = Order.STATUS_REFUNDED + assert not self.order.can_modify_answers + self.order.status = Order.STATUS_PAID + assert self.order.can_modify_answers + self.event.settings.set('last_order_modification_date', now() - timedelta(days=1)) + assert not self.order.can_modify_answers diff --git a/src/tests/presale/test_checkout.py b/src/tests/presale/test_checkout.py index 05ab641551..0cf879ec64 100644 --- a/src/tests/presale/test_checkout.py +++ b/src/tests/presale/test_checkout.py @@ -139,7 +139,7 @@ class CheckoutTestCase(TestCase): doc = BeautifulSoup(response.rendered_content) self.assertEqual(len(doc.select('input[name=%s-attendee_name]' % cr1.identity)), 1) - # Not all required fields filled out, expect failure + # Not all fields filled out, expect success response = self.client.post('/%s/%s/checkout' % (self.orga.slug, self.event.slug), { '%s-attendee_name' % cr1.identity: '', }, follow=True) diff --git a/src/tests/presale/test_orders.py b/src/tests/presale/test_orders.py index 5cefe831ed..d02281bb56 100644 --- a/src/tests/presale/test_orders.py +++ b/src/tests/presale/test_orders.py @@ -5,7 +5,7 @@ from django.test import TestCase from django.utils.timezone import now from pretix.base.models import Organizer, Event, Order, User, ItemCategory, Quota, Item, Property, PropertyValue, \ - ItemVariation, OrderPosition + ItemVariation, OrderPosition, Question class OrdersTest(TestCase): @@ -16,8 +16,12 @@ class OrdersTest(TestCase): self.event = Event.objects.create( organizer=self.orga, name='30C3', slug='30c3', date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc), + plugins='pretix.plugins.stripe,pretix.plugins.banktransfer,tests.testdummy' ) + self.event.settings.set('payment_banktransfer__enabled', True) + self.event.settings.set('ticketoutput_testdummy__enabled', True) self.user = User.objects.create_local_user(self.event, 'demo', 'foo') + self.user2 = User.objects.create_local_user(self.event, 'bar', 'foo') self.assertTrue(self.client.login(username='demo@%s.event.pretix' % self.event.identity, password='foo')) self.category = ItemCategory.objects.create(event=self.event, name="Everything", position=0) @@ -36,8 +40,13 @@ class OrdersTest(TestCase): self.quota_shirts.variations.add(var2) self.quota_tickets = Quota.objects.create(event=self.event, name='Tickets', size=5) self.ticket = Item.objects.create(event=self.event, name='Early-bird ticket', - category=self.category, default_price=23) + category=self.category, default_price=23, + admission=True) self.quota_tickets.items.add(self.ticket) + self.event.settings.set('attendee_names_asked', True) + self.question = Question.objects.create(question='Foo', type=Question.TYPE_STRING, event=self.event, + required=False) + self.ticket.questions.add(self.question) self.order = Order.objects.create( status=Order.STATUS_PENDING, @@ -45,7 +54,8 @@ class OrdersTest(TestCase): user=self.user, datetime=now() - datetime.timedelta(days=3), expires=now() + datetime.timedelta(days=11), - total=Decimal("23") + total=Decimal("23"), + payment_provider='banktransfer' ) self.ticket_pos = OrderPosition.objects.create( order=self.order, @@ -54,6 +64,14 @@ class OrdersTest(TestCase): price=Decimal("14"), attendee_name="Peter" ) + self.not_my_order = Order.objects.create( + status=Order.STATUS_PENDING, + event=self.event, + user=self.user2, + datetime=now() - datetime.timedelta(days=3), + expires=now() + datetime.timedelta(days=11), + total=Decimal("23") + ) def test_orders_list(self): response = self.client.get( @@ -65,3 +83,213 @@ class OrdersTest(TestCase): row = rows[0] self.assertIn(self.order.code, row.text) self.assertIn(str(self.order.total), row.text) + + def test_unknown_order(self): + response = self.client.get( + '/%s/%s/order/ABCDE/' % (self.orga.slug, self.event.slug) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.not_my_order.code) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/ABCDE/pay' % (self.orga.slug, self.event.slug) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/%s/pay' % (self.orga.slug, self.event.slug, self.not_my_order.code) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/ABCDE/pay/confirm' % (self.orga.slug, self.event.slug) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/%s/pay/confirm' % (self.orga.slug, self.event.slug, self.not_my_order.code) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/ABCDE/modify' % (self.orga.slug, self.event.slug) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.not_my_order.code) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/ABCDE/cancel' % (self.orga.slug, self.event.slug) + ) + assert response.status_code == 404 + response = self.client.get( + '/%s/%s/order/%s/cancel' % (self.orga.slug, self.event.slug, self.not_my_order.code) + ) + assert response.status_code == 404 + + def test_orders_detail(self): + response = self.client.get( + '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code) + ) + assert response.status_code == 200 + doc = BeautifulSoup(response.rendered_content) + assert len(doc.select(".cart-row")) > 0 + assert "pending" in doc.select(".label-warning")[0].text.lower() + + def test_orders_modify_invalid(self): + self.order.status = Order.STATUS_REFUNDED + self.order.save() + response = self.client.get( + '/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code) + ) + assert response.status_code == 403 + + def test_orders_modify_attendee_optional(self): + self.event.settings.set('attendee_names_asked', True) + self.event.settings.set('attendee_names_required', False) + + response = self.client.get('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code)) + doc = BeautifulSoup(response.rendered_content) + self.assertEqual(len(doc.select('input[name=%s-attendee_name]' % self.ticket_pos.identity)), 1) + + # Not all fields filled out, expect success + response = self.client.post('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code), { + '%s-attendee_name' % self.ticket_pos.identity: '', + }, follow=True) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + self.ticket_pos = OrderPosition.objects.current.get(identity=self.ticket_pos.identity) + assert self.ticket_pos.attendee_name in (None, '') + + def test_orders_modify_attendee_required(self): + self.event.settings.set('attendee_names_asked', True) + self.event.settings.set('attendee_names_required', True) + + response = self.client.get('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code)) + doc = BeautifulSoup(response.rendered_content) + self.assertEqual(len(doc.select('input[name=%s-attendee_name]' % self.ticket_pos.identity)), 1) + + # Not all required fields filled out, expect failure + response = self.client.post('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code), { + '%s-attendee_name' % self.ticket_pos.identity: '', + }, follow=True) + doc = BeautifulSoup(response.rendered_content) + self.assertGreaterEqual(len(doc.select('.has-error')), 1) + + response = self.client.post('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code), { + '%s-attendee_name' % self.ticket_pos.identity: 'Peter', + }, follow=True) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + self.ticket_pos = OrderPosition.objects.current.get(identity=self.ticket_pos.identity) + assert self.ticket_pos.attendee_name == 'Peter' + + def test_orders_questions_optional(self): + self.event.settings.set('attendee_names_asked', False) + self.event.settings.set('attendee_names_required', False) + + response = self.client.get('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code)) + doc = BeautifulSoup(response.rendered_content) + self.assertEqual(len(doc.select('input[name=%s-question_%s]' % ( + self.ticket_pos.identity, self.question.identity))), 1) + + # Not all fields filled out, expect success + response = self.client.post('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code), { + '%s-question_%s' % (self.ticket_pos.identity, self.question.identity): '', + }, follow=True) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + assert not self.ticket_pos.answers.filter(question=self.question).exists() + + def test_orders_questions_required(self): + self.event.settings.set('attendee_names_asked', False) + self.event.settings.set('attendee_names_required', False) + self.question.required = True + self.question.save() + + response = self.client.get('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code)) + doc = BeautifulSoup(response.rendered_content) + self.assertEqual(len(doc.select('input[name=%s-question_%s]' % ( + self.ticket_pos.identity, self.question.identity))), 1) + + # Not all required fields filled out, expect failure + response = self.client.post('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code), { + '%s-question_%s' % (self.ticket_pos.identity, self.question.identity): '', + }, follow=True) + doc = BeautifulSoup(response.rendered_content) + self.assertGreaterEqual(len(doc.select('.has-error')), 1) + + response = self.client.post('/%s/%s/order/%s/modify' % (self.orga.slug, self.event.slug, self.order.code), { + '%s-question_%s' % (self.ticket_pos.identity, self.question.identity): 'ABC', + }, follow=True) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + assert self.ticket_pos.answers.get(question=self.question).answer == 'ABC' + + def test_orders_cancel_invalid(self): + self.order.status = Order.STATUS_PAID + self.order.save() + response = self.client.get( + '/%s/%s/order/%s/cancel' % (self.orga.slug, self.event.slug, self.order.code) + ) + assert response.status_code == 403 + + def test_orders_cancel(self): + response = self.client.get( + '/%s/%s/order/%s/cancel' % (self.orga.slug, self.event.slug, self.order.code) + ) + assert response.status_code == 200 + response = self.client.post('/%s/%s/order/%s/cancel' % (self.orga.slug, self.event.slug, self.order.code), { + }, follow=True) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + assert Order.objects.current.get(identity=self.order.identity).status == Order.STATUS_CANCELLED + + def test_orders_download(self): + self.event.settings.set('ticket_download', True) + del self.event.settings['ticket_download_date'] + response = self.client.get('/%s/%s/order/%s/download/pdf' % (self.orga.slug, self.event.slug, self.order.code), + follow=True) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + + response = self.client.get( + '/%s/%s/order/ABC/download/testdummy' % (self.orga.slug, self.event.slug) + ) + assert response.status_code == 404 + + response = self.client.get( + '/%s/%s/order/%s/download/testdummy' % (self.orga.slug, self.event.slug, self.order.code), + follow=True + ) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + + self.order.status = Order.STATUS_PAID + self.order.save() + response = self.client.get( + '/%s/%s/order/%s/download/testdummy' % (self.orga.slug, self.event.slug, self.order.code), + ) + assert response.status_code == 200 + assert response.content.strip().decode() == self.order.identity + + self.event.settings.set('ticket_download_date', now() + datetime.timedelta(days=1)) + response = self.client.get( + '/%s/%s/order/%s/download/testdummy' % (self.orga.slug, self.event.slug, self.order.code), + follow=True + ) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) + + del self.event.settings['ticket_download_date'] + response = self.client.get( + '/%s/%s/order/%s/download/testdummy' % (self.orga.slug, self.event.slug, self.order.code), + ) + assert response.status_code == 200 + + self.event.settings.set('ticket_download', False) + response = self.client.get( + '/%s/%s/order/%s/download/testdummy' % (self.orga.slug, self.event.slug, self.order.code), + follow=True + ) + self.assertRedirects(response, '/%s/%s/order/%s/' % (self.orga.slug, self.event.slug, self.order.code), + target_status_code=200) diff --git a/src/tests/testdummy/signals.py b/src/tests/testdummy/signals.py index d1a2e608ee..5c4c6bc641 100644 --- a/src/tests/testdummy/signals.py +++ b/src/tests/testdummy/signals.py @@ -1,6 +1,6 @@ from django.dispatch import receiver -from pretix.base.signals import determine_availability +from pretix.base.signals import determine_availability, register_ticket_outputs @receiver(determine_availability) @@ -13,3 +13,9 @@ def availability_handler(sender, **kwargs): v['available'] = (sender.settings.testdummy_available == 'yes') return variations return [] + + +@receiver(register_ticket_outputs) +def register_ticket_outputs(sender, **kwargs): + from .ticketoutput import DummyTicketOutput + return DummyTicketOutput diff --git a/src/tests/testdummy/ticketoutput.py b/src/tests/testdummy/ticketoutput.py new file mode 100644 index 0000000000..eff6df15f7 --- /dev/null +++ b/src/tests/testdummy/ticketoutput.py @@ -0,0 +1,18 @@ +import logging + +from django.http import HttpResponse +from pretix.base.ticketoutput import BaseTicketOutput + + +logger = logging.getLogger('tests.testdummy.ticketoutput') + + +class DummyTicketOutput(BaseTicketOutput): + identifier = 'testdummy' + verbose_name = 'Test dummy' + download_button_text = 'Download test file' + download_button_icon = 'fa-print' + + def generate(self, request, order): + response = HttpResponse(order.identity, content_type='text/plain') + return response