PayPal: Migrate to Order v2 API and ISU authentication (#2493) (#2614)

Co-authored-by: Raphael Michel <michel@rami.io> Co-authored-by: Martin Gross <gross@rami.io>
2026-05-06 15:24:02 +00:00 · 2022-05-30 15:44:22 +02:00
parent 2e0be8c801
commit 925b8334a9
38 changed files with 3475 additions and 186 deletions
--- a/src/pretix/plugins/paypal/apps.py
+++ b/src/pretix/plugins/paypal/apps.py
@@ -56,6 +56,9 @@ class PaypalApp(AppConfig):
    def ready(self):
        from . import signals  # NOQA

+    def is_available(self, event):
+        return 'pretix.plugins.paypal' in event.plugins.split(',')
+
    @cached_property
    def compatibility_errors(self):
        errs = []
--- a/src/pretix/plugins/paypal/migrations/0003_migrate_to_v2.py
+++ b/src/pretix/plugins/paypal/migrations/0003_migrate_to_v2.py
@@ -0,0 +1,52 @@
+# Generated by Django 3.2.13 on 2022-05-25 08:39
+
+from django.db import migrations
+from django.db.models import Q
+
+
+def migrate_to_v2(app, schema_editor):
+    GlobalSettingsObject_SettingsStore = app.get_model('pretixbase', 'GlobalSettingsObject_SettingsStore')
+    EventSettingsStore = app.get_model('pretixbase', 'Event_SettingsStore')
+    Event = app.get_model('pretixbase', 'Event')
+
+    # If there are no system-wide OAuth keys set, per-event API keys are used, and we can migrate all events
+    if not GlobalSettingsObject_SettingsStore.objects.filter(
+            Q(key__in=['payment_paypal_connect_client_id', 'payment_paypal_connect_secret_key'])
+            & (Q(value__isnull=True) | ~Q(value=""))
+    ).exists():
+        for ev in Event.objects.filter(plugins__contains='pretix.plugins.paypal'):
+            switch_paypal_version(ev)
+
+    # There are system-wide OAuth keys set - so we need to check each event individually
+    else:
+        # Only look at events that have the PayPal plugin enabled
+        for ev in Event.objects.filter(plugins__contains='pretix.plugins.paypal'):
+            # If the payment method is enabled, we don't do anything
+            if EventSettingsStore.objects.filter(object_id=ev.pk, key='payment_paypal__enabled', value="True").exists():
+                pass
+            # In all other cases, the payment method is either disabled or hasn't been set up - in this case we'll
+            # migrate the event to v2
+            else:
+                switch_paypal_version(ev)
+
+
+def switch_paypal_version(event):
+    plugins_active = event.plugins.split(',')
+
+    if 'pretix.plugins.paypal' in plugins_active:
+        plugins_active.remove('pretix.plugins.paypal')
+        plugins_active.append('pretix.plugins.paypal2')
+
+        event.plugins = ','.join(plugins_active)
+        event.save(update_fields=['plugins'])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('paypal', '0002_referencedpaypalobject_payment'),
+    ]
+
+    operations = [
+        migrations.RunPython(migrate_to_v2, migrations.RunPython.noop)
+    ]
--- a/src/pretix/plugins/paypal/payment.py
+++ b/src/pretix/plugins/paypal/payment.py
@@ -57,7 +57,6 @@ from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota
 from pretix.base.payment import BasePaymentProvider, PaymentException
 from pretix.base.services.mail import SendMailException
 from pretix.base.settings import SettingsSandbox
-from pretix.helpers.urls import build_absolute_uri as build_global_uri
 from pretix.multidomain.urlreverse import build_absolute_uri
 from pretix.plugins.paypal.models import ReferencedPayPalObject

@@ -171,16 +170,10 @@ class Paypal(BasePaymentProvider):
        if self.settings.connect_client_id and not self.settings.secret:
            # Use PayPal connect
            if not self.settings.connect_user_id:
-                settings_content = (
-                    "<p>{}</p>"
-                    "<a href='{}' class='btn btn-primary btn-lg'>{}</a>"
-                ).format(
-                    _('To accept payments via PayPal, you will need an account at PayPal. By clicking on the '
-                      'following button, you can either create a new PayPal account connect pretix to an existing '
-                      'one.'),
-                    self.get_connect_url(request),
-                    _('Connect with {icon} PayPal').format(icon='<i class="fa fa-paypal"></i>')
-                )
+                # Migrate User to PayPal v2
+                self.event.disable_plugin("pretix.plugins.paypal")
+                self.event.enable_plugin("pretix.plugins.paypal2")
+                self.event.save()
            else:
                settings_content = (
                    "<button formaction='{}' class='btn btn-danger'>{}</button>"
@@ -192,29 +185,10 @@ class Paypal(BasePaymentProvider):
                    _('Disconnect from PayPal')
                )
        else:
-            settings_content = "<div class='alert alert-info'>%s<br /><code>%s</code></div>" % (
-                _('Please configure a PayPal Webhook to the following endpoint in order to automatically cancel orders '
-                  'when payments are refunded externally.'),
-                build_global_uri('plugins:paypal:webhook')
-            )
-
-        if self.event.currency not in SUPPORTED_CURRENCIES:
-            settings_content += (
-                '<br><br><div class="alert alert-warning">%s '
-                '<a href="https://developer.paypal.com/docs/api/reference/currency-codes/">%s</a>'
-                '</div>'
-            ) % (
-                _("PayPal does not process payments in your event's currency."),
-                _("Please check this PayPal page for a complete list of supported currencies.")
-            )
-
-        if self.event.currency in LOCAL_ONLY_CURRENCIES:
-            settings_content += '<br><br><div class="alert alert-warning">%s''</div>' % (
-                _("Your event's currency is supported by PayPal as a payment and balance currency for in-country "
-                  "accounts only. This means, that the receiving as well as the sending PayPal account must have been "
-                  "created in the same country and use the same currency. Out of country accounts will not be able to "
-                  "send any payments.")
-            )
+            # Migrate User to PayPal v2
+            self.event.disable_plugin("pretix.plugins.paypal")
+            self.event.enable_plugin("pretix.plugins.paypal2")
+            self.event.save()

        return settings_content

@@ -228,8 +202,8 @@ class Paypal(BasePaymentProvider):
                client_id=self.settings.connect_client_id,
                client_secret=self.settings.connect_secret_key,
                openid_client_id=self.settings.connect_client_id,
-                openid_client_secret=self.settings.connect_secret_key,
-                openid_redirect_uri=urllib.parse.quote(build_global_uri('plugins:paypal:oauth.return')))
+                openid_client_secret=self.settings.connect_secret_key
+            )
        else:
            paypalrestsdk.set_config(
                mode="sandbox" if "sandbox" in self.settings.get('endpoint') else 'live',
--- a/src/pretix/plugins/paypal/signals.py
+++ b/src/pretix/plugins/paypal/signals.py
@@ -19,17 +19,10 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-import json
-from collections import OrderedDict

-from django import forms
 from django.dispatch import receiver
-from django.utils.translation import gettext_lazy as _

-from pretix.base.forms import SecretKeySettingsField
-from pretix.base.signals import (
-    logentry_display, register_global_settings, register_payment_providers,
-)
+from pretix.base.signals import logentry_display, register_payment_providers


@receiver(register_payment_providers, dispatch_uid="payment_paypal")
@@ -40,46 +33,6 @@ def register_payment_provider(sender, **kwargs):

@receiver(signal=logentry_display, dispatch_uid="paypal_logentry_display")
 def pretixcontrol_logentry_display(sender, logentry, **kwargs):
-    if logentry.action_type != 'pretix.plugins.paypal.event':
-        return
+    from pretix.plugins.paypal2.signals import pretixcontrol_logentry_display

-    data = json.loads(logentry.data)
-    event_type = data.get('event_type')
-    text = None
-    plains = {
-        'PAYMENT.SALE.COMPLETED': _('Payment completed.'),
-        'PAYMENT.SALE.DENIED': _('Payment denied.'),
-        'PAYMENT.SALE.REFUNDED': _('Payment refunded.'),
-        'PAYMENT.SALE.REVERSED': _('Payment reversed.'),
-        'PAYMENT.SALE.PENDING': _('Payment pending.'),
-    }
-
-    if event_type in plains:
-        text = plains[event_type]
-    else:
-        text = event_type
-
-    if text:
-        return _('PayPal reported an event: {}').format(text)
-
-
-@receiver(register_global_settings, dispatch_uid='paypal_global_settings')
-def register_global_settings(sender, **kwargs):
-    return OrderedDict([
-        ('payment_paypal_connect_client_id', forms.CharField(
-            label=_('PayPal Connect: Client ID'),
-            required=False,
-        )),
-        ('payment_paypal_connect_secret_key', SecretKeySettingsField(
-            label=_('PayPal Connect: Secret key'),
-            required=False,
-        )),
-        ('payment_paypal_connect_endpoint', forms.ChoiceField(
-            label=_('PayPal Connect Endpoint'),
-            initial='live',
-            choices=(
-                ('live', 'Live'),
-                ('sandbox', 'Sandbox'),
-            ),
-        )),
-    ])
+    return pretixcontrol_logentry_display(sender, logentry, **kwargs)
--- a/src/pretix/plugins/paypal/urls.py
+++ b/src/pretix/plugins/paypal/urls.py
@@ -21,11 +21,7 @@
 #
 from django.conf.urls import include, re_path

-from pretix.multidomain import event_url
-
-from .views import (
-    abort, oauth_disconnect, oauth_return, redirect_view, success, webhook,
-)
+from .views import abort, oauth_disconnect, redirect_view, success

 event_patterns = [
    re_path(r'^paypal/', include([
@@ -35,14 +31,10 @@ event_patterns = [

        re_path(r'w/(?P<cart_namespace>[a-zA-Z0-9]{16})/abort/', abort, name='abort'),
        re_path(r'w/(?P<cart_namespace>[a-zA-Z0-9]{16})/return/', success, name='return'),
-
-        event_url(r'^webhook/$', webhook, name='webhook', require_live=False),
    ])),
 ]

 urlpatterns = [
    re_path(r'^control/event/(?P<organizer>[^/]+)/(?P<event>[^/]+)/paypal/disconnect/',
            oauth_disconnect, name='oauth.disconnect'),
-    re_path(r'^_paypal/webhook/$', webhook, name='webhook'),
-    re_path(r'^_paypal/oauth_return/$', oauth_return, name='oauth.return'),
 ]
--- a/src/pretix/plugins/paypal/views.py
+++ b/src/pretix/plugins/paypal/views.py
@@ -42,16 +42,15 @@ from django.contrib import messages
 from django.core import signing
 from django.db.models import Sum
 from django.http import HttpResponse, HttpResponseBadRequest
-from django.shortcuts import get_object_or_404, redirect, render
+from django.shortcuts import redirect, render
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
 from django_scopes import scopes_disabled
-from paypalrestsdk.openid_connect import Tokeninfo

-from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota
+from pretix.base.models import Order, OrderPayment, OrderRefund, Quota
 from pretix.base.payment import PaymentException
 from pretix.control.permissions import event_permission_required
 from pretix.multidomain.urlreverse import eventreverse
@@ -76,38 +75,6 @@ def redirect_view(request, *args, **kwargs):
    return r


-@scopes_disabled()
-def oauth_return(request, *args, **kwargs):
-    if 'payment_paypal_oauth_event' not in request.session:
-        messages.error(request, _('An error occurred during connecting with PayPal, please try again.'))
-        return redirect(reverse('control:index'))
-
-    event = get_object_or_404(Event, pk=request.session['payment_paypal_oauth_event'])
-
-    prov = Paypal(event)
-    prov.init_api()
-
-    try:
-        tokeninfo = Tokeninfo.create(request.GET.get('code'))
-        userinfo = Tokeninfo.create_with_refresh_token(tokeninfo['refresh_token']).userinfo()
-    except paypalrestsdk.exceptions.ConnectionError:
-        logger.exception('Failed to obtain OAuth token')
-        messages.error(request, _('An error occurred during connecting with PayPal, please try again.'))
-    else:
-        messages.success(request,
-                         _('Your PayPal account is now connected to pretix. You can change the settings in '
-                           'detail below.'))
-
-        event.settings.payment_paypal_connect_refresh_token = tokeninfo['refresh_token']
-        event.settings.payment_paypal_connect_user_id = userinfo.email
-
-    return redirect(reverse('control:event.settings.payment.provider', kwargs={
-        'organizer': event.organizer.slug,
-        'event': event.slug,
-        'provider': 'paypal'
-    }))
-
-
 def success(request, *args, **kwargs):
    pid = request.GET.get('paymentId')
    token = request.GET.get('token')
@@ -286,8 +253,14 @@ def oauth_disconnect(request, **kwargs):
    request.event.settings.payment_paypal__enabled = False
    messages.success(request, _('Your PayPal account has been disconnected.'))

+    # Migrate User to PayPal v2
+    event = request.event
+    event.disable_plugin("pretix.plugins.paypal")
+    event.enable_plugin("pretix.plugins.paypal2")
+    event.save()
+
    return redirect(reverse('control:event.settings.payment.provider', kwargs={
        'organizer': request.event.organizer.slug,
        'event': request.event.slug,
-        'provider': 'paypal'
+        'provider': 'paypal_settings'
    }))