CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add idempotenty nonces to pretixdroid API

Browse Source
This commit is contained in:
Raphael Michel
2017-05-04 09:32:36 +02:00
parent 429ef67bbf
commit d8eba81efc
5 changed files with 55 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/pretix/plugins/pretixdroid/views.py
View File

@@ -70,6 +70,7 @@ class ApiRedeemView(ApiView):
def post(self, request, **kwargs):
secret = request.POST.get('secret', '!INVALID!')
force = request.POST.get('force', 'false') in ('true', 'True')
nonce = request.POST.get('nonce')
response = {
'version': API_VERSION
}
@@ -86,24 +87,25 @@ class ApiRedeemView(ApiView):
order__event=self.event, secret=secret
)
if op.order.status == Order.STATUS_PAID:
ci, created = Checkin.objects.get_or_create(position=op)
if created and 'datetime' in request.POST:
ci.datetime = dt
ci.save()
ci, created = Checkin.objects.get_or_create(position=op, defaults={
'datetime': dt,
'nonce': nonce,
})
else:
response['status'] = 'error'
response['reason'] = 'unpaid'
if 'status' not in response:
if created:
if created or (nonce and nonce == ci.nonce):
response['status'] = 'ok'
op.order.log_action('pretix.plugins.pretixdroid.scan', data={
'position': op.id,
'positionid': op.positionid,
'first': True,
'forced': False,
'datetime': dt,
})
if created:
op.order.log_action('pretix.plugins.pretixdroid.scan', data={
'position': op.id,
'positionid': op.positionid,
'first': True,
'forced': False,
'datetime': dt,
})
else:
if force:
response['status'] = 'ok'