Add idempotenty nonces to pretixdroid API

2026-05-07 15:34:02 +00:00 · 2017-05-04 09:32:36 +02:00
parent 429ef67bbf
commit d8eba81efc
5 changed files with 55 additions and 12 deletions
--- a/src/pretix/base/migrations/0059_checkin_nonce.py
+++ b/src/pretix/base/migrations/0059_checkin_nonce.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.7 on 2017-05-04 07:06
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('pretixbase', '0058_auto_20170429_1020'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='checkin',
+            name='nonce',
+            field=models.CharField(blank=True, max_length=190, null=True),
+        ),
+    ]
--- a/src/pretix/base/models/checkin.py
+++ b/src/pretix/base/models/checkin.py
@@ -8,3 +8,4 @@ class Checkin(models.Model):
    """
    position = models.ForeignKey('pretixbase.OrderPosition', related_name='checkins')
    datetime = models.DateTimeField(default=now)
+    nonce = models.CharField(max_length=190, null=True, blank=True)
--- a/src/pretix/plugins/pretixdroid/views.py
+++ b/src/pretix/plugins/pretixdroid/views.py
@@ -70,6 +70,7 @@ class ApiRedeemView(ApiView):
    def post(self, request, **kwargs):
        secret = request.POST.get('secret', '!INVALID!')
        force = request.POST.get('force', 'false') in ('true', 'True')
+        nonce = request.POST.get('nonce')
        response = {
            'version': API_VERSION
        }
@@ -86,24 +87,25 @@ class ApiRedeemView(ApiView):
                    order__event=self.event, secret=secret
                )
                if op.order.status == Order.STATUS_PAID:
-                    ci, created = Checkin.objects.get_or_create(position=op)
-                    if created and 'datetime' in request.POST:
-                        ci.datetime = dt
-                        ci.save()
+                    ci, created = Checkin.objects.get_or_create(position=op, defaults={
+                        'datetime': dt,
+                        'nonce': nonce,
+                    })
                else:
                    response['status'] = 'error'
                    response['reason'] = 'unpaid'

            if 'status' not in response:
-                if created:
+                if created or (nonce and nonce == ci.nonce):
                    response['status'] = 'ok'
-                    op.order.log_action('pretix.plugins.pretixdroid.scan', data={
-                        'position': op.id,
-                        'positionid': op.positionid,
-                        'first': True,
-                        'forced': False,
-                        'datetime': dt,
-                    })
+                    if created:
+                        op.order.log_action('pretix.plugins.pretixdroid.scan', data={
+                            'position': op.id,
+                            'positionid': op.positionid,
+                            'first': True,
+                            'forced': False,
+                            'datetime': dt,
+                        })
                else:
                    if force:
                        response['status'] = 'ok'