Fix #678 -- Data shredders for personally identifiable information (#817)

* Add data shredders for PII * First working shredder * Add more shredders * Add new shredders and download confirmation * tmp * PayPal, Stripe, banktransfer * Add icon to logs * Untested payment log shredders * Add waiting list shredder * First tests * Add tests for shredders * Improve templats, link to shredder * Test payment info shredders * More tests * Documentation * Fix enabled flag in payment provider overview * Fix minor issues
2026-05-05 15:14:04 +00:00 · 2018-05-02 15:59:59 +02:00
parent 335838f2b2
commit 7bccd62a4f
41 changed files with 1728 additions and 21 deletions
--- a/src/pretix/plugins/banktransfer/payment.py
+++ b/src/pretix/plugins/banktransfer/payment.py
@@ -7,6 +7,7 @@ from django.utils.translation import ugettext_lazy as _
 from i18nfield.fields import I18nFormField, I18nTextarea
 from i18nfield.strings import LazyI18nString

+from pretix.base.models import Order
 from pretix.base.payment import BasePaymentProvider


@@ -88,3 +89,13 @@ class BankTransfer(BasePaymentProvider):
        ctx = {'request': request, 'event': self.event,
               'payment_info': payment_info, 'order': order}
        return template.render(ctx)
+
+    def shred_payment_info(self, order: Order):
+        if not order.payment_info:
+            return
+        d = json.loads(order.payment_info)
+        d['reference'] = '█'
+        d['payer'] = '█'
+        d['_shredded'] = True
+        order.payment_info = json.dumps(d)
+        order.save(update_fields=['payment_info'])
--- a/src/pretix/plugins/paypal/payment.py
+++ b/src/pretix/plugins/paypal/payment.py
@@ -398,3 +398,23 @@ class Paypal(BasePaymentProvider):
        })
        request.session['payment_paypal_order'] = order.pk
        return self._create_payment(request, payment)
+
+    def shred_payment_info(self, order: Order):
+        d = json.loads(order.payment_info)
+        new = {
+            'id': d.get('id'),
+            'payer': {
+                'payer_info': {
+                    'email': '█'
+                }
+            },
+            'update_time': d.get('update_time'),
+            'transactions': [
+                {
+                    'amount': t.get('amount')
+                } for t in d.get('transactions', [])
+            ],
+            '_shredded': True
+        }
+        order.payment_info = json.dumps(new)
+        order.save(update_fields=['payment_info'])
--- a/src/pretix/plugins/paypal/signals.py
+++ b/src/pretix/plugins/paypal/signals.py
@@ -4,8 +4,10 @@ from django.dispatch import receiver
 from django.template.loader import get_template
 from django.utils.translation import ugettext_lazy as _

+from pretix.base.shredder import BaseDataShredder
 from pretix.base.signals import (
-    logentry_display, register_payment_providers, requiredaction_display,
+    logentry_display, register_data_shredders, register_payment_providers,
+    requiredaction_display,
 )


@@ -53,3 +55,32 @@ def pretixcontrol_action_display(sender, action, request, **kwargs):

    ctx = {'data': data, 'event': sender, 'action': action}
    return template.render(ctx, request)
+
+
+class PaymentLogsShredder(BaseDataShredder):
+    verbose_name = _('PayPal payment history')
+    identifier = 'paypal_logs'
+    description = _('This will remove payment-related history information. No download will be offered.')
+
+    def generate_files(self):
+        pass
+
+    def shred_data(self):
+        for le in self.event.logentry_set.filter(action_type="pretix.plugins.paypal.event").exclude(data=""):
+            d = le.parsed_data
+            if 'resource' in d:
+                d['resource'] = {
+                    'id': d['resource'].get('id'),
+                    'sale_id': d['resource'].get('sale_id'),
+                    'parent_payment': d['resource'].get('parent_payment'),
+                }
+            le.data = json.dumps(d)
+            le.shredded = True
+            le.save(update_fields=['data', 'shredded'])
+
+
+@receiver(register_data_shredders, dispatch_uid="paypal_shredders")
+def register_shredder(sender, **kwargs):
+    return [
+        PaymentLogsShredder,
+    ]
--- a/src/pretix/plugins/stripe/payment.py
+++ b/src/pretix/plugins/stripe/payment.py
@@ -16,7 +16,7 @@ from django.utils.http import urlquote
 from django.utils.translation import pgettext, ugettext, ugettext_lazy as _

 from pretix import __version__
-from pretix.base.models import Event, Quota, RequiredAction
+from pretix.base.models import Event, Order, Quota, RequiredAction
 from pretix.base.payment import BasePaymentProvider, PaymentException
 from pretix.base.services.mail import SendMailException
 from pretix.base.services.orders import mark_order_paid, mark_order_refunded
@@ -480,6 +480,34 @@ class StripeMethod(BasePaymentProvider):
        else:
            return str(url)

+    def shred_payment_info(self, order: Order):
+        if not order.payment_info:
+            return
+        d = json.loads(order.payment_info)
+        new = {}
+        if 'source' in d:
+            new['source'] = {
+                'id': d['source'].get('id'),
+                'type': d['source'].get('type'),
+                'brand': d['source'].get('brand'),
+                'last4': d['source'].get('last4'),
+                'bank_name': d['source'].get('bank_name'),
+                'bank': d['source'].get('bank'),
+                'bic': d['source'].get('bic'),
+                'card': {
+                    'brand': d['source'].get('card', {}).get('brand'),
+                    'country': d['source'].get('card', {}).get('cuntry'),
+                    'last4': d['source'].get('card', {}).get('last4'),
+                }
+            }
+            new['amount'] = d['amount']
+            new['currency'] = d['currency']
+            new['status'] = d['status']
+            new['id'] = d['id']
+            new['_shredded'] = True
+        order.payment_info = json.dumps(new)
+        order.save(update_fields=['payment_info'])
+

 class StripeCC(StripeMethod):
    identifier = 'stripe'
--- a/src/pretix/plugins/stripe/signals.py
+++ b/src/pretix/plugins/stripe/signals.py
@@ -8,9 +8,10 @@ from django.template.loader import get_template
 from django.utils.translation import ugettext_lazy as _

 from pretix.base.settings import settings_hierarkey
+from pretix.base.shredder import BaseDataShredder
 from pretix.base.signals import (
-    logentry_display, register_global_settings, register_payment_providers,
-    requiredaction_display,
+    logentry_display, register_data_shredders, register_global_settings,
+    register_payment_providers, requiredaction_display,
 )
 from pretix.plugins.stripe.forms import StripeKeyValidator
 from pretix.presale.signals import html_head
@@ -134,3 +135,30 @@ def register_global_settings(sender, **kwargs):
            ),
        )),
    ])
+
+
+class PaymentLogsShredder(BaseDataShredder):
+    verbose_name = _('Stripe payment history')
+    identifier = 'stripe_logs'
+    description = _('This will remove payment-related history information. No download will be offered.')
+
+    def generate_files(self):
+        pass
+
+    def shred_data(self):
+        for le in self.event.logentry_set.filter(action_type="pretix.plugins.stripe.event").exclude(data=""):
+            d = le.parsed_data
+            if 'data' in d:
+                for k, v in list(d['data']['object'].items()):
+                    if v not in ('reason', 'status', 'failure_message', 'object', 'id'):
+                        d['data']['object'][k] = '█'
+                le.data = json.dumps(d)
+                le.shredded = True
+                le.save(update_fields=['data', 'shredded'])
+
+
+@receiver(register_data_shredders, dispatch_uid="stripe_shredders")
+def register_shredder(sender, **kwargs):
+    return [
+        PaymentLogsShredder,
+    ]