mirror of
https://github.com/pretix/pretix.git
synced 2026-05-08 15:44:02 +00:00
Upgrade to Django 2.1 (#710)
* Upgrade to Django 2.0 * more models * i18n foo * Update setup.py * Fix Sentry exception PRETIXEU-JC * Enforce slug uniqueness * Import sorting * Upgrade to Django 2.1 * Travis config * Try to fix PostgreSQL failure * Smaller test matrix * staticfiles→static * Include request in all authenticate() calls
This commit is contained in:
Raphael Michel
@@ -2,8 +2,8 @@ import sys
|
||||
from importlib import import_module
|
||||
|
||||
from django.conf import settings
|
||||
from django.core.urlresolvers import Resolver404, get_script_prefix, resolve
|
||||
from django.db.models import Q
|
||||
from django.urls import Resolver404, get_script_prefix, resolve
|
||||
from django.utils.translation import get_language
|
||||
|
||||
from pretix.base.models.auth import StaffSession
|
||||
|
||||
@@ -78,7 +78,7 @@ class QuotaForm(I18nModelForm):
|
||||
self.instance = kwargs.get('instance', None)
|
||||
self.event = kwargs.get('event')
|
||||
items = kwargs.pop('items', None) or self.event.items.prefetch_related('variations')
|
||||
self.original_instance = copy.copy(self.instance) if self.instance else None
|
||||
self.original_instance = copy.deepcopy(self.instance) if self.instance else None
|
||||
initial = kwargs.get('initial', {})
|
||||
if self.instance and self.instance.pk:
|
||||
initial['itemvars'] = [str(i.pk) for i in self.instance.items.all()] + [
|
||||
@@ -370,6 +370,7 @@ class ItemVariationsFormSet(I18nFormSet):
|
||||
auto_id=self.auto_id,
|
||||
prefix=self.add_prefix('__prefix__'),
|
||||
empty_permitted=True,
|
||||
use_required_attribute=False,
|
||||
locales=self.locales,
|
||||
event=self.event
|
||||
)
|
||||
@@ -430,6 +431,7 @@ class ItemAddOnsFormSet(I18nFormSet):
|
||||
auto_id=self.auto_id,
|
||||
prefix=self.add_prefix('__prefix__'),
|
||||
empty_permitted=True,
|
||||
use_required_attribute=False,
|
||||
locales=self.locales,
|
||||
event=self.event
|
||||
)
|
||||
|
||||
@@ -150,6 +150,7 @@ class QuotaFormSet(I18nInlineFormSet):
|
||||
auto_id=self.auto_id,
|
||||
prefix=self.add_prefix('__prefix__'),
|
||||
empty_permitted=True,
|
||||
use_required_attribute=False,
|
||||
locales=self.locales,
|
||||
event=self.event,
|
||||
items=self.items
|
||||
@@ -196,6 +197,7 @@ class CheckinListFormSet(I18nInlineFormSet):
|
||||
auto_id=self.auto_id,
|
||||
prefix=self.add_prefix('__prefix__'),
|
||||
empty_permitted=True,
|
||||
use_required_attribute=False,
|
||||
event=self.event,
|
||||
)
|
||||
self.add_fields(form, None)
|
||||
|
||||
@@ -45,7 +45,7 @@ class VoucherForm(I18nModelForm):
|
||||
instance = kwargs.get('instance')
|
||||
initial = kwargs.get('initial')
|
||||
if instance:
|
||||
self.initial_instance_data = copy.copy(instance)
|
||||
self.initial_instance_data = copy.deepcopy(instance)
|
||||
try:
|
||||
if instance.variation:
|
||||
initial['itemvar'] = '%d-%d' % (instance.item.pk, instance.variation.pk)
|
||||
@@ -139,7 +139,7 @@ class VoucherForm(I18nModelForm):
|
||||
|
||||
if 'codes' in data:
|
||||
data['codes'] = [a.strip() for a in data.get('codes', '').strip().split("\n") if a]
|
||||
cnt = len(data['codes']) * data['max_usages']
|
||||
cnt = len(data['codes']) * data.get('max_usages', 0)
|
||||
else:
|
||||
cnt = data['max_usages']
|
||||
|
||||
@@ -217,7 +217,7 @@ class VoucherBulkForm(VoucherForm):
|
||||
def save(self, event, *args, **kwargs):
|
||||
objs = []
|
||||
for code in self.cleaned_data['codes']:
|
||||
obj = copy.copy(self.instance)
|
||||
obj = copy.deepcopy(self.instance)
|
||||
obj.event = event
|
||||
obj.code = code
|
||||
data = dict(self.cleaned_data)
|
||||
|
||||
@@ -2,9 +2,9 @@ from urllib.parse import quote, urljoin, urlparse
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME, logout
|
||||
from django.core.urlresolvers import get_script_prefix, resolve, reverse
|
||||
from django.http import Http404
|
||||
from django.shortcuts import get_object_or_404, redirect, resolve_url
|
||||
from django.urls import get_script_prefix, resolve, reverse
|
||||
from django.utils.deprecation import MiddlewareMixin
|
||||
from django.utils.encoding import force_str
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% load compress %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<form class="form-signin" action="" method="post">
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<form class="form-signin" action="" method="post">
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% block content %}
|
||||
<form class="form-signin" action="" method="post">
|
||||
{% bootstrap_form_errors form type='all' layout='inline' %}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load compress %}
|
||||
{% block content %}
|
||||
<form class="form-signin" action="" method="post" id="u2f-form">
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
{% if not error %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<form class="form-signin" action="" method="post">
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/auth/base.html" %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<form class="form-signin" action="" method="post">
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% load compress %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
{% load hijack_tags %}
|
||||
{% load statici18n %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/base.html" %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% block title %}{{ request.event.name }}{% endblock %}
|
||||
|
||||
{% block nav %}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
{% load i18n %}
|
||||
{% load eventurl %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% block title %}{{ request.event.name }}{% endblock %}
|
||||
{% block content %}
|
||||
<h1>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/items/base.html" %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% block title %}{% trans "Event logs" %}{% endblock %}
|
||||
{% block inside %}
|
||||
<h1>{% trans "Event logs" %}</h1>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/event/settings_base.html" %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load bootstrap3 %}
|
||||
{% block inside %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/event/settings_base.html" %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load bootstrap3 %}
|
||||
{% load eventurl %}
|
||||
{% load eventsignal %}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load i18n %}
|
||||
<ul class="list-group">
|
||||
{% for log in obj.all_logentries %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% extends "pretixcontrol/event/base.html" %}
|
||||
{% load i18n %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load compress %}
|
||||
{% block title %}{% trans "PDF Editor" %}{% endblock %}
|
||||
{% block custom_header %}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
|
||||
{% for family, styles in fonts.items %}
|
||||
{% for style, formats in styles.items %}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% extends "pretixcontrol/base.html" %}
|
||||
{% load i18n %}
|
||||
{% load bootstrap3 %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% load compress %}
|
||||
{% block title %}{% trans "Add a two-factor authentication device" %}{% endblock %}
|
||||
{% block content %}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
{% load i18n %}
|
||||
{% load bootstrap3 %}
|
||||
{% load compress %}
|
||||
{% load staticfiles %}
|
||||
{% load static %}
|
||||
{% block content %}
|
||||
<form class="form-signin" id="u2f-form" action="" method="post">
|
||||
{% csrf_token %}
|
||||
|
||||
@@ -48,13 +48,13 @@ def login(request):
|
||||
request.session['pretix_auth_2fa_user'] = form.user_cache.pk
|
||||
request.session['pretix_auth_2fa_time'] = str(int(time.time()))
|
||||
twofa_url = reverse('control:auth.login.2fa')
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next")):
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
|
||||
twofa_url += '?next=' + quote(request.GET.get('next'))
|
||||
return redirect(twofa_url)
|
||||
else:
|
||||
auth_login(request, form.user_cache)
|
||||
request.session['pretix_auth_login_time'] = int(time.time())
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next")):
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(request.GET.get("next"))
|
||||
return redirect(reverse('control:index'))
|
||||
else:
|
||||
@@ -72,7 +72,7 @@ def logout(request):
|
||||
auth_logout(request)
|
||||
request.session['pretix_auth_login_time'] = 0
|
||||
next = reverse('control:auth.login')
|
||||
if 'next' in request.GET and is_safe_url(request.GET.get('next')):
|
||||
if 'next' in request.GET and is_safe_url(request.GET.get('next'), allowed_hosts=None):
|
||||
next += '?next=' + quote(request.GET.get('next'))
|
||||
return redirect(next)
|
||||
|
||||
@@ -94,7 +94,7 @@ def register(request):
|
||||
locale=request.LANGUAGE_CODE,
|
||||
timezone=request.timezone if hasattr(request, 'timezone') else settings.TIME_ZONE
|
||||
)
|
||||
user = authenticate(email=user.email, password=form.cleaned_data['password'])
|
||||
user = authenticate(request=request, email=user.email, password=form.cleaned_data['password'])
|
||||
user.log_action('pretix.control.auth.user.created', user=user)
|
||||
auth_login(request, user)
|
||||
request.session['pretix_auth_login_time'] = int(time.time())
|
||||
@@ -148,7 +148,7 @@ def invite(request, token):
|
||||
locale=request.LANGUAGE_CODE,
|
||||
timezone=request.timezone if hasattr(request, 'timezone') else settings.TIME_ZONE
|
||||
)
|
||||
user = authenticate(email=user.email, password=form.cleaned_data['password'])
|
||||
user = authenticate(request=request, email=user.email, password=form.cleaned_data['password'])
|
||||
user.log_action('pretix.control.auth.user.created', user=user)
|
||||
auth_login(request, user)
|
||||
request.session['pretix_auth_login_time'] = int(time.time())
|
||||
@@ -329,7 +329,7 @@ class Login2FAView(TemplateView):
|
||||
request.session['pretix_auth_login_time'] = int(time.time())
|
||||
del request.session['pretix_auth_2fa_user']
|
||||
del request.session['pretix_auth_2fa_time']
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next")):
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(request.GET.get("next"))
|
||||
return redirect(reverse('control:index'))
|
||||
else:
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
import dateutil.parser
|
||||
from django.contrib import messages
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import Max, OuterRef, Subquery
|
||||
from django.http import Http404, HttpResponseRedirect
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.urls import reverse
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.timezone import is_aware, make_aware, now
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
@@ -2,7 +2,6 @@ from decimal import Decimal
|
||||
|
||||
import pytz
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db.models import (
|
||||
Count, Exists, IntegerField, Max, Min, OuterRef, Q, Subquery, Sum,
|
||||
)
|
||||
@@ -10,6 +9,7 @@ from django.db.models.functions import Coalesce, Greatest
|
||||
from django.dispatch import receiver
|
||||
from django.shortcuts import render
|
||||
from django.template.loader import get_template
|
||||
from django.urls import reverse
|
||||
from django.utils import formats
|
||||
from django.utils.formats import date_format
|
||||
from django.utils.html import escape
|
||||
|
||||
@@ -9,7 +9,6 @@ from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.files import File
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import ProtectedError
|
||||
from django.http import (
|
||||
@@ -17,6 +16,7 @@ from django.http import (
|
||||
JsonResponse,
|
||||
)
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.urls import reverse
|
||||
from django.utils import translation
|
||||
from django.utils.formats import date_format
|
||||
from django.utils.functional import cached_property
|
||||
|
||||
@@ -2,12 +2,12 @@ import json
|
||||
|
||||
from django.contrib import messages
|
||||
from django.core.files import File
|
||||
from django.core.urlresolvers import resolve, reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import Count, F, Q
|
||||
from django.forms.models import inlineformset_factory
|
||||
from django.http import Http404, HttpResponseRedirect
|
||||
from django.shortcuts import redirect
|
||||
from django.urls import resolve, reverse
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.timezone import now
|
||||
from django.utils.translation import ugettext, ugettext_lazy as _
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
from django.conf import settings
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import (
|
||||
F, IntegerField, Max, Min, OuterRef, Prefetch, Subquery, Sum,
|
||||
@@ -7,6 +6,7 @@ from django.db.models import (
|
||||
from django.db.models.functions import Coalesce, Greatest
|
||||
from django.http import JsonResponse
|
||||
from django.shortcuts import redirect
|
||||
from django.urls import reverse
|
||||
from django.utils.crypto import get_random_string
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.translation import ugettext, ugettext_lazy as _
|
||||
|
||||
@@ -10,11 +10,11 @@ import vat_moss.id
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.core.files import File
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import Count
|
||||
from django.http import FileResponse, Http404, HttpResponseNotAllowed
|
||||
from django.shortcuts import get_object_or_404, redirect, render
|
||||
from django.urls import reverse
|
||||
from django.utils import formats
|
||||
from django.utils.formats import date_format
|
||||
from django.utils.functional import cached_property
|
||||
@@ -275,7 +275,7 @@ class OrderRefundCancel(OrderView):
|
||||
messages.success(self.request, _('The refund has been canceled.'))
|
||||
else:
|
||||
messages.error(self.request, _('This refund can not be canceled at the moment.'))
|
||||
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next")):
|
||||
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(self.request.GET.get("next"))
|
||||
return redirect(self.get_order_url())
|
||||
|
||||
@@ -310,7 +310,7 @@ class OrderRefundProcess(OrderView):
|
||||
messages.success(self.request, _('The refund has been processed.'))
|
||||
else:
|
||||
messages.error(self.request, _('This refund can not be processed at the moment.'))
|
||||
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next")):
|
||||
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(self.request.GET.get("next"))
|
||||
return redirect(self.get_order_url())
|
||||
|
||||
@@ -336,7 +336,7 @@ class OrderRefundDone(OrderView):
|
||||
messages.success(self.request, _('The refund has been marked as done.'))
|
||||
else:
|
||||
messages.error(self.request, _('This refund can not be processed at the moment.'))
|
||||
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next")):
|
||||
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(self.request.GET.get("next"))
|
||||
return redirect(self.get_order_url())
|
||||
|
||||
|
||||
@@ -2,11 +2,11 @@ from django import forms
|
||||
from django.contrib import messages
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.files import File
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import Count
|
||||
from django.forms import inlineformset_factory
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.urls import reverse
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.generic import (
|
||||
|
||||
@@ -3,13 +3,13 @@ from datetime import datetime
|
||||
|
||||
from dateutil.rrule import DAILY, MONTHLY, WEEKLY, YEARLY, rrule, rruleset
|
||||
from django.contrib import messages
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import F, IntegerField, OuterRef, Prefetch, Subquery, Sum
|
||||
from django.db.models.functions import Coalesce
|
||||
from django.forms import inlineformset_factory
|
||||
from django.http import Http404, HttpResponseRedirect
|
||||
from django.shortcuts import redirect, render
|
||||
from django.urls import reverse
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.timezone import make_aware
|
||||
from django.utils.translation import pgettext_lazy, ugettext_lazy as _
|
||||
@@ -424,7 +424,7 @@ class SubEventCreate(SubEventEditorMixin, EventPermissionRequiredMixin, CreateVi
|
||||
kwargs = super().get_form_kwargs()
|
||||
kwargs['event'] = self.request.event
|
||||
if self.copy_from:
|
||||
i = copy.copy(self.copy_from)
|
||||
i = copy.deepcopy(self.copy_from)
|
||||
i.pk = None
|
||||
kwargs['instance'] = i
|
||||
else:
|
||||
|
||||
@@ -7,8 +7,8 @@ from urllib.parse import quote
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import update_session_auth_hash
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.urls import reverse
|
||||
from django.utils.crypto import get_random_string
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.http import is_safe_url
|
||||
@@ -73,7 +73,7 @@ class ReauthView(TemplateView):
|
||||
t = int(time.time())
|
||||
request.session['pretix_auth_login_time'] = t
|
||||
request.session['pretix_auth_last_used'] = t
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next")):
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(request.GET.get("next"))
|
||||
return redirect(reverse('control:index'))
|
||||
else:
|
||||
@@ -544,7 +544,7 @@ class StartStaffSession(StaffMemberRequiredMixin, RecentAuthenticationRequiredMi
|
||||
session_key=request.session.session_key
|
||||
)
|
||||
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next")):
|
||||
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
|
||||
return redirect(request.GET.get("next"))
|
||||
else:
|
||||
return redirect(reverse("control:index"))
|
||||
|
||||
@@ -1,13 +1,16 @@
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.shortcuts import get_object_or_404, redirect
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.shortcuts import get_object_or_404, redirect, resolve_url
|
||||
from django.urls import reverse
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.http import is_safe_url
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views import View
|
||||
from django.views.generic import ListView
|
||||
from hijack.helpers import login_user, release_hijack
|
||||
|
||||
from pretix.base.models import User
|
||||
from pretix.base.services.mail import SendMailException
|
||||
@@ -161,3 +164,78 @@ class UserCreateView(AdministratorPermissionRequiredMixin, RecentAuthenticationR
|
||||
def form_valid(self, form):
|
||||
messages.success(self.request, _('The new user has been created.'))
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
# TODO: COMPAT methods: Remove after https://github.com/arteria/django-hijack/pull/178 is merged
|
||||
def login_user(request, hijacked):
|
||||
from hijack.helpers import (
|
||||
check_hijack_authorization, get_used_backend, no_update_last_login, login,
|
||||
hijack_started, hijack_settings
|
||||
)
|
||||
hijacker = request.user
|
||||
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
|
||||
if request.session.get('hijack_history'):
|
||||
hijack_history = request.session['hijack_history'] + hijack_history
|
||||
|
||||
check_hijack_authorization(request, hijacked)
|
||||
|
||||
backend = get_used_backend(request)
|
||||
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
|
||||
|
||||
with no_update_last_login():
|
||||
# Actually log user in
|
||||
login(request, hijacked)
|
||||
|
||||
hijack_started.send(
|
||||
sender=None, request=request,
|
||||
hijacker=hijacker, hijacked=hijacked,
|
||||
# send IDs for backward compatibility
|
||||
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
|
||||
request.session['hijack_history'] = hijack_history
|
||||
request.session['is_hijacked_user'] = True
|
||||
request.session['display_hijack_warning'] = True
|
||||
request.session.modified = True
|
||||
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
|
||||
|
||||
|
||||
def redirect_to_next(request, default_url):
|
||||
redirect_to = request.GET.get('next', '')
|
||||
if not is_safe_url(redirect_to, allowed_hosts=None):
|
||||
redirect_to = default_url
|
||||
return HttpResponseRedirect(resolve_url(redirect_to))
|
||||
|
||||
|
||||
def release_hijack(request):
|
||||
from hijack.helpers import (
|
||||
get_used_backend, no_update_last_login, login, hijack_ended, hijack_settings
|
||||
)
|
||||
hijack_history = request.session.get('hijack_history', False)
|
||||
|
||||
if not hijack_history:
|
||||
raise PermissionDenied
|
||||
|
||||
hijacker = None
|
||||
hijacked = None
|
||||
if hijack_history:
|
||||
hijacked = request.user
|
||||
user_pk = hijack_history.pop()
|
||||
hijacker = get_object_or_404(get_user_model(), pk=user_pk)
|
||||
backend = get_used_backend(request)
|
||||
hijacker.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
|
||||
with no_update_last_login():
|
||||
login(request, hijacker)
|
||||
if hijack_history:
|
||||
request.session['hijack_history'] = hijack_history
|
||||
request.session['is_hijacked_user'] = True
|
||||
request.session['display_hijack_warning'] = True
|
||||
else:
|
||||
request.session.pop('hijack_history', None)
|
||||
request.session.pop('is_hijacked_user', None)
|
||||
request.session.pop('display_hijack_warning', None)
|
||||
request.session.modified = True
|
||||
hijack_ended.send(
|
||||
sender=None, request=request,
|
||||
hijacker=hijacker, hijacked=hijacked,
|
||||
# send IDs for backward compatibility
|
||||
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
|
||||
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGOUT_REDIRECT_URL)
|
||||
|
||||
@@ -3,7 +3,6 @@ import io
|
||||
from defusedcsv import csv
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.core.urlresolvers import resolve, reverse
|
||||
from django.db import transaction
|
||||
from django.db.models import Sum
|
||||
from django.http import (
|
||||
@@ -11,6 +10,7 @@ from django.http import (
|
||||
JsonResponse,
|
||||
)
|
||||
from django.shortcuts import redirect
|
||||
from django.urls import resolve, reverse
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.generic import (
|
||||
|
||||
Reference in New Issue
Block a user