Resolve some warnings in the test suite

src/pretix/api/views/organizer.py

@@ -58,7 +58,7 @@ class SeatingPlanViewSet(viewsets.ModelViewSet):
     write_permission = 'can_change_organizer_settings'
 
     def get_queryset(self):
-        return self.request.organizer.seating_plans.all()
+        return self.request.organizer.seating_plans.order_by('name')
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -195,7 +195,7 @@ class TeamViewSet(viewsets.ModelViewSet):
     write_permission = 'can_change_teams'
 
     def get_queryset(self):
-        return self.request.organizer.teams.all()
+        return self.request.organizer.teams.order_by('pk')
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -268,7 +268,7 @@ class TeamInviteViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyMo
         return get_object_or_404(self.request.organizer.teams, pk=self.kwargs.get('team'))
 
     def get_queryset(self):
-        return self.team.invites.all()
+        return self.team.invites.order_by('email')
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -305,7 +305,7 @@ class TeamAPITokenViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnly
         return get_object_or_404(self.request.organizer.teams, pk=self.kwargs.get('team'))
 
     def get_queryset(self):
-        return self.team.tokens.all()
+        return self.team.tokens.order_by('name')
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()

src/pretix/control/permissions.py

@@ -1,7 +1,8 @@
+from urllib.parse import quote
+
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import redirect
 from django.urls import reverse
-from django.utils.http import urlquote
 from django.utils.translation import ugettext as _
 
 
@@ -93,7 +94,7 @@ def administrator_permission_required():
                 raise PermissionDenied()
             if not request.user.has_active_staff_session(request.session.session_key):
                 if request.user.is_staff:
-                    return redirect(reverse('control:user.sudo') + '?next=' + urlquote(request.path))
+                    return redirect(reverse('control:user.sudo') + '?next=' + quote(request.path))
                 raise PermissionDenied(_('You do not have permission to view this content.'))
             return function(request, *args, **kw)
         return wrapper

src/pretix/plugins/paypal/payment.py

@@ -10,7 +10,6 @@ from django.core import signing
 from django.http import HttpRequest
 from django.template.loader import get_template
 from django.urls import reverse
-from django.utils.http import urlquote
 from django.utils.translation import ugettext as __, ugettext_lazy as _
 from i18nfield.strings import LazyI18nString
 from paypalrestsdk.exceptions import BadRequest
@@ -145,7 +144,7 @@ class Paypal(BasePaymentProvider):
                 client_secret=self.settings.connect_secret_key,
                 openid_client_id=self.settings.connect_client_id,
                 openid_client_secret=self.settings.connect_secret_key,
-                openid_redirect_uri=urlquote(build_global_uri('plugins:paypal:oauth.return')))
+                openid_redirect_uri=urllib.parse.quote(build_global_uri('plugins:paypal:oauth.return')))
         else:
             paypalrestsdk.set_config(
                 mode="sandbox" if "sandbox" in self.settings.get('endpoint') else 'live',

src/pretix/plugins/stripe/payment.py

@@ -15,7 +15,6 @@ from django.http import HttpRequest
 from django.template.loader import get_template
 from django.urls import reverse
 from django.utils.crypto import get_random_string
-from django.utils.http import urlquote
 from django.utils.safestring import mark_safe
 from django.utils.timezone import now
 from django.utils.translation import pgettext, ugettext, ugettext_lazy as _
@@ -61,7 +60,7 @@ class StripeSettingsHolder(BasePaymentProvider):
         ).format(
             self.settings.connect_client_id,
             request.session['payment_stripe_oauth_token'],
-            urlquote(build_global_uri('plugins:stripe:oauth.return')),
+            urllib.parse.quote(build_global_uri('plugins:stripe:oauth.return')),
         )
 
     def settings_content_render(self, request):

src/tests/api/test_oauth.py

@@ -1,8 +1,8 @@
 import base64
 import json
+from urllib.parse import quote
 
 import pytest
-from django.utils.http import urlquote
 
 from pretix.api.models import (
     OAuthAccessToken, OAuthApplication, OAuthGrant, OAuthRefreshToken,
@@ -41,7 +41,7 @@ def application():
 @pytest.mark.django_db
 def test_authorize_require_login(client, application: OAuthApplication):
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s' % (
-        application.client_id, urlquote('https://example.org')
+        application.client_id, quote('https://example.org')
     ))
     assert resp.status_code == 302
     assert resp['Location'].startswith('/control/login')
@@ -51,7 +51,7 @@ def test_authorize_require_login(client, application: OAuthApplication):
 def test_authorize_invalid_redirect_uri(client, admin_user, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s' % (
-        application.client_id, urlquote('https://example.org')
+        application.client_id, quote('https://example.org')
     ))
     assert resp.status_code == 400
 
@@ -60,7 +60,7 @@ def test_authorize_invalid_redirect_uri(client, admin_user, application: OAuthAp
 def test_authorize_missing_response_type(client, admin_user, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 302
     assert resp['Location'] == 'https://pretalx.com?error=invalid_request&error_description=Missing+response_type+parameter.'
@@ -70,11 +70,11 @@ def test_authorize_missing_response_type(client, admin_user, application: OAuthA
 def test_authorize_require_organizer(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ), data={
         'redirect_uri': application.redirect_uris,
         'scope': 'read write',
@@ -89,7 +89,7 @@ def test_authorize_require_organizer(client, admin_user, organizer, application:
 def test_authorize_denied(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -107,7 +107,7 @@ def test_authorize_denied(client, admin_user, organizer, application: OAuthAppli
 def test_authorize_disallow_response_token(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=token' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 302
     assert resp['Location'] == 'https://pretalx.com?error=unauthorized_client'
@@ -117,7 +117,7 @@ def test_authorize_disallow_response_token(client, admin_user, organizer, applic
 def test_authorize_read_scope(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -141,7 +141,7 @@ def test_authorize_read_scope(client, admin_user, organizer, application: OAuthA
 def test_authorize_state(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code&state=asdadf' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -161,7 +161,7 @@ def test_authorize_state(client, admin_user, organizer, application: OAuthApplic
 def test_authorize_default_scope(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -186,7 +186,7 @@ def test_authorize_default_scope(client, admin_user, organizer, application: OAu
 def test_token_from_code_without_auth(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -213,7 +213,7 @@ def test_token_from_code_without_auth(client, admin_user, organizer, application
 def test_token_from_code(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -252,7 +252,7 @@ def test_use_token_for_access_one_organizer(client, admin_user, organizer, appli
 
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -294,7 +294,7 @@ def test_use_token_for_access_two_organizers(client, admin_user, organizer, appl
 
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -335,7 +335,7 @@ def test_use_token_for_access_two_organizers(client, admin_user, organizer, appl
 def test_token_refresh(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -377,7 +377,7 @@ def test_token_refresh(client, admin_user, organizer, application: OAuthApplicat
 def test_allow_write(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -409,7 +409,7 @@ def test_allow_write(client, admin_user, organizer, application: OAuthApplicatio
 def test_allow_read_only(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -441,7 +441,7 @@ def test_allow_read_only(client, admin_user, organizer, application: OAuthApplic
 def test_token_revoke_refresh_token(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -485,7 +485,7 @@ def test_token_revoke_refresh_token(client, admin_user, organizer, application:
 def test_token_revoke_access_token(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={
@@ -533,7 +533,7 @@ def test_token_revoke_access_token(client, admin_user, organizer, application: O
 def test_user_revoke(client, admin_user, organizer, application: OAuthApplication):
     client.login(email='dummy@dummy.dummy', password='dummy')
     resp = client.get('/api/v1/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code' % (
-        application.client_id, urlquote(application.redirect_uris)
+        application.client_id, quote(application.redirect_uris)
     ))
     assert resp.status_code == 200
     resp = client.post('/api/v1/oauth/authorize', data={