From af84354e51342e1e7b422a6cf25b9c5192040a98 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Mon, 9 Mar 2020 14:57:19 +0100 Subject: [PATCH] Resolve some warnings in the test suite --- src/pretix/api/views/organizer.py | 8 +++--- src/pretix/control/permissions.py | 5 ++-- src/pretix/plugins/paypal/payment.py | 3 +- src/pretix/plugins/stripe/payment.py | 3 +- src/tests/api/test_oauth.py | 42 ++++++++++++++-------------- 5 files changed, 30 insertions(+), 31 deletions(-) diff --git a/src/pretix/api/views/organizer.py b/src/pretix/api/views/organizer.py index fadee11b27..bf93b1961d 100644 --- a/src/pretix/api/views/organizer.py +++ b/src/pretix/api/views/organizer.py @@ -58,7 +58,7 @@ class SeatingPlanViewSet(viewsets.ModelViewSet): write_permission = 'can_change_organizer_settings' def get_queryset(self): - return self.request.organizer.seating_plans.all() + return self.request.organizer.seating_plans.order_by('name') def get_serializer_context(self): ctx = super().get_serializer_context() @@ -195,7 +195,7 @@ class TeamViewSet(viewsets.ModelViewSet): write_permission = 'can_change_teams' def get_queryset(self): - return self.request.organizer.teams.all() + return self.request.organizer.teams.order_by('pk') def get_serializer_context(self): ctx = super().get_serializer_context() @@ -268,7 +268,7 @@ class TeamInviteViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyMo return get_object_or_404(self.request.organizer.teams, pk=self.kwargs.get('team')) def get_queryset(self): - return self.team.invites.all() + return self.team.invites.order_by('email') def get_serializer_context(self): ctx = super().get_serializer_context() @@ -305,7 +305,7 @@ class TeamAPITokenViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnly return get_object_or_404(self.request.organizer.teams, pk=self.kwargs.get('team')) def get_queryset(self): - return self.team.tokens.all() + return self.team.tokens.order_by('name') def get_serializer_context(self): ctx = super().get_serializer_context() diff --git a/src/pretix/control/permissions.py b/src/pretix/control/permissions.py index 4ca5bbf2ff..5a253cb5e7 100644 --- a/src/pretix/control/permissions.py +++ b/src/pretix/control/permissions.py @@ -1,7 +1,8 @@ +from urllib.parse import quote + from django.core.exceptions import PermissionDenied from django.shortcuts import redirect from django.urls import reverse -from django.utils.http import urlquote from django.utils.translation import ugettext as _ @@ -93,7 +94,7 @@ def administrator_permission_required(): raise PermissionDenied() if not request.user.has_active_staff_session(request.session.session_key): if request.user.is_staff: - return redirect(reverse('control:user.sudo') + '?next=' + urlquote(request.path)) + return redirect(reverse('control:user.sudo') + '?next=' + quote(request.path)) raise PermissionDenied(_('You do not have permission to view this content.')) return function(request, *args, **kw) return wrapper diff --git a/src/pretix/plugins/paypal/payment.py b/src/pretix/plugins/paypal/payment.py index f56874126b..d9cb17cd75 100644 --- a/src/pretix/plugins/paypal/payment.py +++ b/src/pretix/plugins/paypal/payment.py @@ -10,7 +10,6 @@ from django.core import signing from django.http import HttpRequest from django.template.loader import get_template from django.urls import reverse -from django.utils.http import urlquote from django.utils.translation import ugettext as __, ugettext_lazy as _ from i18nfield.strings import LazyI18nString from paypalrestsdk.exceptions import BadRequest @@ -145,7 +144,7 @@ class Paypal(BasePaymentProvider): client_secret=self.settings.connect_secret_key, openid_client_id=self.settings.connect_client_id, openid_client_secret=self.settings.connect_secret_key, - openid_redirect_uri=urlquote(build_global_uri('plugins:paypal:oauth.return'))) + openid_redirect_uri=urllib.parse.quote(build_global_uri('plugins:paypal:oauth.return'))) else: paypalrestsdk.set_config( mode="sandbox" if "sandbox" in self.settings.get('endpoint') else 'live', diff --git a/src/pretix/plugins/stripe/payment.py b/src/pretix/plugins/stripe/payment.py index 846b1ab9c5..73440f56ed 100644 --- a/src/pretix/plugins/stripe/payment.py +++ b/src/pretix/plugins/stripe/payment.py @@ -15,7 +15,6 @@ from django.http import HttpRequest from django.template.loader import get_template from django.urls import reverse from django.utils.crypto import get_random_string -from django.utils.http import urlquote from django.utils.safestring import mark_safe from django.utils.timezone import now from django.utils.translation import pgettext, ugettext, ugettext_lazy as _ @@ -61,7 +60,7 @@ class StripeSettingsHolder(BasePaymentProvider): ).format( self.settings.connect_client_id, request.session['payment_stripe_oauth_token'], - urlquote(build_global_uri('plugins:stripe:oauth.return')), + urllib.parse.quote(build_global_uri('plugins:stripe:oauth.return')), ) def settings_content_render(self, request): diff --git a/src/tests/api/test_oauth.py b/src/tests/api/test_oauth.py index 272c9a685d..da1b92dd74 100644 --- a/src/tests/api/test_oauth.py +++ b/src/tests/api/test_oauth.py @@ -1,8 +1,8 @@ import base64 import json +from urllib.parse import quote import pytest -from django.utils.http import urlquote from pretix.api.models import ( OAuthAccessToken, OAuthApplication, OAuthGrant, OAuthRefreshToken, @@ -41,7 +41,7 @@ def application(): @pytest.mark.django_db def test_authorize_require_login(client, application: OAuthApplication): resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s' % ( - application.client_id, urlquote('https://example.org') + application.client_id, quote('https://example.org') )) assert resp.status_code == 302 assert resp['Location'].startswith('/control/login') @@ -51,7 +51,7 @@ def test_authorize_require_login(client, application: OAuthApplication): def test_authorize_invalid_redirect_uri(client, admin_user, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s' % ( - application.client_id, urlquote('https://example.org') + application.client_id, quote('https://example.org') )) assert resp.status_code == 400 @@ -60,7 +60,7 @@ def test_authorize_invalid_redirect_uri(client, admin_user, application: OAuthAp def test_authorize_missing_response_type(client, admin_user, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 302 assert resp['Location'] == 'https://pretalx.com?error=invalid_request&error_description=Missing+response_type+parameter.' @@ -70,11 +70,11 @@ def test_authorize_missing_response_type(client, admin_user, application: OAuthA def test_authorize_require_organizer(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) ), data={ 'redirect_uri': application.redirect_uris, 'scope': 'read write', @@ -89,7 +89,7 @@ def test_authorize_require_organizer(client, admin_user, organizer, application: def test_authorize_denied(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -107,7 +107,7 @@ def test_authorize_denied(client, admin_user, organizer, application: OAuthAppli def test_authorize_disallow_response_token(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=token' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 302 assert resp['Location'] == 'https://pretalx.com?error=unauthorized_client' @@ -117,7 +117,7 @@ def test_authorize_disallow_response_token(client, admin_user, organizer, applic def test_authorize_read_scope(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -141,7 +141,7 @@ def test_authorize_read_scope(client, admin_user, organizer, application: OAuthA def test_authorize_state(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code&state=asdadf' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -161,7 +161,7 @@ def test_authorize_state(client, admin_user, organizer, application: OAuthApplic def test_authorize_default_scope(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -186,7 +186,7 @@ def test_authorize_default_scope(client, admin_user, organizer, application: OAu def test_token_from_code_without_auth(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -213,7 +213,7 @@ def test_token_from_code_without_auth(client, admin_user, organizer, application def test_token_from_code(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -252,7 +252,7 @@ def test_use_token_for_access_one_organizer(client, admin_user, organizer, appli client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -294,7 +294,7 @@ def test_use_token_for_access_two_organizers(client, admin_user, organizer, appl client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -335,7 +335,7 @@ def test_use_token_for_access_two_organizers(client, admin_user, organizer, appl def test_token_refresh(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -377,7 +377,7 @@ def test_token_refresh(client, admin_user, organizer, application: OAuthApplicat def test_allow_write(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -409,7 +409,7 @@ def test_allow_write(client, admin_user, organizer, application: OAuthApplicatio def test_allow_read_only(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -441,7 +441,7 @@ def test_allow_read_only(client, admin_user, organizer, application: OAuthApplic def test_token_revoke_refresh_token(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -485,7 +485,7 @@ def test_token_revoke_refresh_token(client, admin_user, organizer, application: def test_token_revoke_access_token(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={ @@ -533,7 +533,7 @@ def test_token_revoke_access_token(client, admin_user, organizer, application: O def test_user_revoke(client, admin_user, organizer, application: OAuthApplication): client.login(email='dummy@dummy.dummy', password='dummy') resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % ( - application.client_id, urlquote(application.redirect_uris) + application.client_id, quote(application.redirect_uris) )) assert resp.status_code == 200 resp = client.post('/api/v1/oauth/authorize', data={