Use a protocol

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.13-trixie
+FROM python:3.11-bookworm
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \

src/pretix/api/views/checkin.py

@@ -1122,7 +1122,7 @@ class CheckinViewSet(viewsets.ReadOnlyModelViewSet):
     permission = 'event.orders:read'
 
     def get_queryset(self):
-        qs = Checkin.all.filter(list__event=self.request.event).select_related(
+        qs = Checkin.all.filter().select_related(
             "position",
             "device",
         )

src/pretix/base/middleware.py

@@ -24,7 +24,6 @@ from urllib.parse import urlparse, urlsplit
 from zoneinfo import ZoneInfo, ZoneInfoNotFoundError
 
 from django.conf import settings
-from django.core.exceptions import BadRequest
 from django.http import Http404, HttpRequest, HttpResponse
 from django.middleware.common import CommonMiddleware
 from django.urls import get_script_prefix, resolve
@@ -347,15 +346,6 @@ class SecurityMiddleware(MiddlewareMixin):
 
         return resp
 
-    def process_request(self, request):
-        # Nullbytes in GET/POST parameters are mostly harmless, as they will later fail on database insertion, but it
-        # keeps spamming our error logs whenever someone tries to run a vulnerability scanner.
-        if "\x00" in request.META['QUERY_STRING'] or "%00" in request.META['QUERY_STRING']:
-            raise BadRequest("Invalid characters in input.")
-        if request.method in ('POST', 'PUT', 'PATCH') and request.POST:
-            if any("\x00" in value for key, value_list in request.POST.lists() for value in value_list):
-                raise BadRequest("Invalid characters in input.")
-
 
 class CustomCommonMiddleware(CommonMiddleware):
 

src/pretix/base/modelimport.py

@@ -70,10 +70,6 @@ def parse_csv(file, length=None, mode="strict", charset=None):
         except ImportError:
             charset = file.charset
     data = data.decode(charset or "utf-8", mode)
-
-    # remove stray linebreaks from the end of the file
-    data = data.rstrip("\n")
-
     # If the file was modified on a Mac, it only contains \r as line breaks
     if '\r' in data and '\n' not in data:
         data = data.replace('\r', '\n')

src/pretix/base/models/_transactions.py

@@ -29,9 +29,7 @@ import inspect
 import logging
 import os
 import threading
-from pathlib import Path
 
-import django
 from django.conf import settings
 from django.db import transaction
 
@@ -76,14 +74,10 @@ def _transactions_mark_order_dirty(order_id, using=None):
     if "PYTEST_CURRENT_TEST" in os.environ:
         # We don't care about Order.objects.create() calls in test code so let's try to figure out if this is test code
         # or not.
-        for frame in inspect.stack()[1:]:
-            if (
-                'pretix/base/models/orders' in frame.filename
-                or Path(frame.filename).is_relative_to(Path(django.__file__).parent)
-            ):
-                # Ignore model- and django-internal code
+        for frame in inspect.stack():
+            if 'pretix/base/models/orders' in frame.filename:
                 continue
-            elif 'test_' in frame.filename or 'conftest.py' in frame.filename:
+            elif 'test_' in frame.filename or 'conftest.py in frame.filename':
                 return
             elif 'pretix/' in frame.filename or 'pretix_' in frame.filename:
                 # This went through non-test code, let's consider it non-test

src/pretix/base/models/auth.py

@@ -705,18 +705,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         return self.teams.exists()
 
 
-class UserWithStaffSession:
-    # Wrapper around a User object with a staff session, implementing the PermissionHolder Protocol
-    def __init__(self, user):
-        self.user = user
-
-    def has_event_permission(self, organizer, event, perm_name=None, request=None, session_key=None) -> bool:
-        return True
-
-    def has_organizer_permission(self, organizer, perm_name=None, request=None):
-        return True
-
-
 class UserKnownLoginSource(models.Model):
     user = models.ForeignKey('User', on_delete=models.CASCADE, related_name="known_login_sources")
     agent_type = models.CharField(max_length=255, null=True, blank=True)

src/pretix/base/models/orders.py

@@ -590,7 +590,7 @@ class Order(LockModel, LoggedModel):
             not kwargs.get('force_save_with_deferred_fields', None) and
             (not update_fields or ('require_approval' not in update_fields and 'status' not in update_fields))
         ):
-            _fail("It is unsafe to call save() on an Order with deferred fields since we can't check if you missed "
+            _fail("It is unsafe to call save() on an OrderFee with deferred fields since we can't check if you missed "
                   "creating a transaction. Call save(force_save_with_deferred_fields=True) if you really want to do "
                   "this.")
 
@@ -2841,7 +2841,7 @@ class OrderPosition(AbstractPosition):
             if Transaction.key(self) != self.__initial_transaction_key or self.canceled != self.__initial_canceled or not self.pk:
                 _transactions_mark_order_dirty(self.order_id, using=kwargs.get('using', None))
         elif not kwargs.get('force_save_with_deferred_fields', None):
-            _fail("It is unsafe to call save() on an OrderPosition with deferred fields since we can't check if you missed "
+            _fail("It is unsafe to call save() on an OrderFee with deferred fields since we can't check if you missed "
                   "creating a transaction. Call save(force_save_with_deferred_fields=True) if you really want to do "
                   "this.")
 

src/pretix/base/services/export.py

@@ -40,7 +40,6 @@ from pretix.base.models import (
     CachedFile, Device, Event, Organizer, ScheduledEventExport, TeamAPIToken,
     User, cachedfile_name,
 )
-from pretix.base.models.auth import UserWithStaffSession
 from pretix.base.models.exports import ScheduledOrganizerExport
 from pretix.base.services.mail import mail
 from pretix.base.services.tasks import (
@@ -215,7 +214,7 @@ def init_event_exporters(event, user=None, token=None, device=None, request=None
         exporter: BaseExporter = response(
             event=event,
             organizer=event.organizer,
-            permission_holder=token or device or (UserWithStaffSession(user) if staff_session else user),
+            permission_holder=token or device or user,
             **kwargs
         )
 
@@ -252,7 +251,7 @@ def init_organizer_exporters(
             exporter: BaseExporter = response(
                 event=Event.objects.none(),
                 organizer=organizer,
-                permission_holder=token or device or (UserWithStaffSession(user) if staff_session else user),
+                permission_holder=token or device or user,
                 **kwargs,
             )
 
@@ -309,7 +308,7 @@ def init_organizer_exporters(
             exporter: BaseExporter = response(
                 event=_event_list_cache[permission_name],
                 organizer=organizer,
-                permission_holder=token or device or (UserWithStaffSession(user) if staff_session else user),
+                permission_holder=token or device or user,
                 **kwargs,
             )
 

src/pretix/control/forms/orders.py

@@ -436,7 +436,7 @@ class OrderPositionAddForm(forms.Form):
             d['used_membership'] = [m for m in self.memberships if str(m.pk) == d['used_membership']][0]
         else:
             d['used_membership'] = None
-        if d.get("count", 1) > 1 and d.get("seat"):
+        if d.get("count", 1) and d.get("seat"):
             raise ValidationError({
                 "seat": _("You can not choose a seat when adding multiple products at once.")
             })

src/pretix/control/views/organizer.py

@@ -1322,7 +1322,7 @@ class DeviceUpdateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixi
     def form_valid(self, form):
         if form.has_changed():
             self.object.log_action('pretix.device.changed', user=self.request.user, data={
-                k: form.cleaned_data[k] if k != 'limit_events' else [e.id for e in form.cleaned_data[k]]
+                k: getattr(self.object, k) if k != 'limit_events' else [e.id for e in getattr(self.object, k).all()]
                 for k in form.changed_data
             })
 

src/tests/base/test_modelimport_orders.py

@@ -991,30 +991,3 @@ def test_import_mixed_order_size_consistency(user, event, item):
         ).get()
     assert ('Inconsistent data in row 2: Column Email address contains value "a2@example.com", but for this order, '
             'the value has already been set to "a1@example.com".') in str(excinfo.value)
-
-
-@pytest.mark.django_db
-@scopes_disabled()
-def test_import_line_endings_mix(event, item, user):
-    # Ensures import works with mixed file endings.
-    # See Ticket#23230806 where a file to import ends with \r\n
-    settings = dict(DEFAULT_SETTINGS)
-    settings['item'] = 'static:{}'.format(item.pk)
-
-    cf = inputfile_factory()
-    file = cf.file
-    file.seek(0)
-    data = file.read()
-    data = data.replace(b'\n', b'\r')
-    data = data.rstrip(b'\r\r')
-    data = data + b'\r\n'
-
-    print(data)
-    cf.file.save("input.csv", ContentFile(data))
-    cf.save()
-
-    import_orders.apply(
-        args=(event.pk, cf.id, settings, 'en', user.pk)
-    )
-    assert event.orders.count() == 3
-    assert OrderPosition.objects.count() == 3

src/tests/base/test_notifications.py

@@ -24,6 +24,7 @@ from decimal import Decimal
 
 import pytest
 from django.core import mail as djmail
+from django.db import transaction
 from django.utils.timezone import now
 from django_scopes import scope
 
@@ -74,42 +75,47 @@ def user(team):
     return user
 
 
+@pytest.fixture
+def monkeypatch_on_commit(monkeypatch):
+    monkeypatch.setattr("django.db.transaction.on_commit", lambda t: t())
+
+
 @pytest.mark.django_db
-def test_notification_trigger_event_specific(event, order, user, django_capture_on_commit_callbacks):
+def test_notification_trigger_event_specific(event, order, user, monkeypatch_on_commit):
     djmail.outbox = []
     user.notification_settings.create(
         method='mail', event=event, action_type='pretix.event.order.paid', enabled=True
     )
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {})
     assert len(djmail.outbox) == 1
     assert djmail.outbox[0].subject.endswith("DUMMY: Order FOO has been marked as paid.")
 
 
 @pytest.mark.django_db
-def test_notification_trigger_global(event, order, user, django_capture_on_commit_callbacks):
+def test_notification_trigger_global(event, order, user, monkeypatch_on_commit):
     djmail.outbox = []
     user.notification_settings.create(
         method='mail', event=None, action_type='pretix.event.order.paid', enabled=True
     )
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {})
     assert len(djmail.outbox) == 1
 
 
 @pytest.mark.django_db
-def test_notification_trigger_global_wildcard(event, order, user, django_capture_on_commit_callbacks):
+def test_notification_trigger_global_wildcard(event, order, user, monkeypatch_on_commit):
     djmail.outbox = []
     user.notification_settings.create(
         method='mail', event=None, action_type='pretix.event.order.changed.*', enabled=True
     )
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.changed.item', {})
     assert len(djmail.outbox) == 1
 
 
 @pytest.mark.django_db
-def test_notification_enabled_global_ignored_specific(event, order, user, django_capture_on_commit_callbacks):
+def test_notification_enabled_global_ignored_specific(event, order, user, monkeypatch_on_commit):
     djmail.outbox = []
     user.notification_settings.create(
         method='mail', event=None, action_type='pretix.event.order.paid', enabled=True
@@ -117,24 +123,24 @@ def test_notification_enabled_global_ignored_specific(event, order, user, django
     user.notification_settings.create(
         method='mail', event=event, action_type='pretix.event.order.paid', enabled=False
     )
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {})
     assert len(djmail.outbox) == 0
 
 
 @pytest.mark.django_db
-def test_notification_ignore_same_user(event, order, user, django_capture_on_commit_callbacks):
+def test_notification_ignore_same_user(event, order, user, monkeypatch_on_commit):
     djmail.outbox = []
     user.notification_settings.create(
         method='mail', event=event, action_type='pretix.event.order.paid', enabled=True
     )
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {}, user=user)
     assert len(djmail.outbox) == 0
 
 
 @pytest.mark.django_db
-def test_notification_ignore_insufficient_permissions(event, order, user, team, django_capture_on_commit_callbacks):
+def test_notification_ignore_insufficient_permissions(event, order, user, team, monkeypatch_on_commit):
     djmail.outbox = []
     team.all_event_permissions = False
     team.limit_event_permissions = {"event.vouchers:read": True}
@@ -142,7 +148,7 @@ def test_notification_ignore_insufficient_permissions(event, order, user, team,
     user.notification_settings.create(
         method='mail', event=event, action_type='pretix.event.order.paid', enabled=True
     )
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {})
     assert len(djmail.outbox) == 0
 

src/tests/base/test_orders.py

@@ -28,9 +28,8 @@ from zoneinfo import ZoneInfo
 import pytest
 from django.conf import settings
 from django.core import mail as djmail
-from django.db import transaction
 from django.db.models import F, Sum
-from django.test import TestCase, TransactionTestCase, override_settings
+from django.test import TestCase, override_settings
 from django.utils.timezone import make_aware, now
 from django_countries.fields import Country
 from django_scopes import scope
@@ -1226,6 +1225,12 @@ class DownloadReminderTests(TestCase):
         assert len(djmail.outbox) == 0
 
 
+@pytest.fixture
+def class_monkeypatch(request, monkeypatch):
+    request.cls.monkeypatch = monkeypatch
+
+
+@pytest.mark.usefixtures("class_monkeypatch")
 class OrderCancelTests(TestCase):
     def setUp(self):
         super().setUp()
@@ -1253,6 +1258,7 @@ class OrderCancelTests(TestCase):
             self.order.create_transactions()
             generate_invoice(self.order)
             djmail.outbox = []
+        self.monkeypatch.setattr("django.db.transaction.on_commit", lambda t: t())
 
     @classscope(attr='o')
     def test_cancel_canceled(self):
@@ -1345,14 +1351,14 @@ class OrderCancelTests(TestCase):
         self.order.status = Order.STATUS_PAID
         self.order.save()
         djmail.outbox = []
-        with self.captureOnCommitCallbacks(execute=True):
-            cancel_order(self.order.pk, send_mail=True)
-
+        cancel_order(self.order.pk, send_mail=True)
+        print([s.subject for s in djmail.outbox])
+        print([s.to for s in djmail.outbox])
         assert len(djmail.outbox) == 2
-        assert ["dummy@dummy.test"] == djmail.outbox[0].to
-        assert not any(["Invoice_" in a[0] for a in djmail.outbox[0].attachments])
-        assert ["invoice@example.org"] == djmail.outbox[1].to
-        assert any(["Invoice_" in a[0] for a in djmail.outbox[1].attachments])
+        assert ["invoice@example.org"] == djmail.outbox[0].to
+        assert any(["Invoice_" in a[0] for a in djmail.outbox[0].attachments])
+        assert ["dummy@dummy.test"] == djmail.outbox[1].to
+        assert not any(["Invoice_" in a[0] for a in djmail.outbox[1].attachments])
 
     @classscope(attr='o')
     def test_cancel_paid_with_too_high_fee(self):
@@ -1482,7 +1488,8 @@ class OrderCancelTests(TestCase):
         assert self.order.all_logentries().filter(action_type='pretix.event.order.refund.requested').exists()
 
 
-class BaseOrderChangeManagerTestCase:
+@pytest.mark.usefixtures("class_monkeypatch")
+class OrderChangeManagerTests(TestCase):
     def setUp(self):
         super().setUp()
         self.o = Organizer.objects.create(name='Dummy', slug='dummy', plugins='pretix.plugins.banktransfer')
@@ -1545,6 +1552,7 @@ class BaseOrderChangeManagerTestCase:
             self.seat_a1 = self.event.seats.create(seat_number="A1", product=self.stalls, seat_guid="A1")
             self.seat_a2 = self.event.seats.create(seat_number="A2", product=self.stalls, seat_guid="A2")
             self.seat_a3 = self.event.seats.create(seat_number="A3", product=self.stalls, seat_guid="A3")
+        self.monkeypatch.setattr("django.db.transaction.on_commit", lambda t: t())
 
     def _enable_reverse_charge(self):
         self.tr7.eu_reverse_charge = True
@@ -1558,8 +1566,6 @@ class BaseOrderChangeManagerTestCase:
             country=Country('AT')
         )
 
-
-class OrderChangeManagerTests(BaseOrderChangeManagerTestCase, TestCase):
     @classscope(attr='o')
     def test_multiple_commits_forbidden(self):
         self.ocm.change_price(self.op1, Decimal('10.00'))
@@ -3898,16 +3904,15 @@ class OrderChangeManagerTests(BaseOrderChangeManagerTestCase, TestCase):
 
     @classscope(attr='o')
     def test_set_valid_until(self):
-        with transaction.atomic():
-            self.event.settings.ticket_secret_generator = "pretix_sig1"
-            assign_ticket_secret(self.event, self.op1, force_invalidate=True, save=True)
-            old_secret = self.op1.secret
+        self.event.settings.ticket_secret_generator = "pretix_sig1"
+        assign_ticket_secret(self.event, self.op1, force_invalidate=True, save=True)
+        old_secret = self.op1.secret
 
-            dt = make_aware(datetime(2022, 9, 20, 15, 0, 0, 0))
-            self.ocm.change_valid_until(self.op1, dt)
-            self.ocm.commit()
-            self.op1.refresh_from_db()
-            assert self.op1.secret != old_secret
+        dt = make_aware(datetime(2022, 9, 20, 15, 0, 0, 0))
+        self.ocm.change_valid_until(self.op1, dt)
+        self.ocm.commit()
+        self.op1.refresh_from_db()
+        assert self.op1.secret != old_secret
 
     @classscope(attr='o')
     def test_unset_valid_from_until(self):
@@ -3932,8 +3937,6 @@ class OrderChangeManagerTests(BaseOrderChangeManagerTestCase, TestCase):
         assert len(djmail.outbox) == 1
         assert len(["Invoice_" in a[0] for a in djmail.outbox[0].attachments]) == 2
 
-
-class OrderChangeManagerTransactionalTests(BaseOrderChangeManagerTestCase, TransactionTestCase):
     @classscope(attr='o')
     def test_new_invoice_send_somewhere_else(self):
         generate_invoice(self.order)

src/tests/base/test_webhooks.py

@@ -25,6 +25,7 @@ from decimal import Decimal
 
 import pytest
 import responses
+from django.db import transaction
 from django.utils.timezone import now
 from django_scopes import scopes_disabled
 
@@ -81,9 +82,14 @@ def force_str(v):
     return v.decode() if isinstance(v, bytes) else str(v)
 
 
+@pytest.fixture
+def monkeypatch_on_commit(monkeypatch):
+    monkeypatch.setattr("django.db.transaction.on_commit", lambda t: t())
+
+
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_trigger_event_specific(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_trigger_event_specific(event, order, webhook, monkeypatch_on_commit):
     responses.add_callback(
         responses.POST, 'https://google.com',
         callback=lambda r: (200, {}, 'ok'),
@@ -91,7 +97,7 @@ def test_webhook_trigger_event_specific(event, order, webhook, django_capture_on
         match_querystring=None,  # https://github.com/getsentry/responses/issues/464
     )
 
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         le = order.log_action('pretix.event.order.paid', {})
     assert len(responses.calls) == 1
     assert json.loads(force_str(responses.calls[0].request.body)) == {
@@ -113,12 +119,12 @@ def test_webhook_trigger_event_specific(event, order, webhook, django_capture_on
 
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_trigger_global(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_trigger_global(event, order, webhook, monkeypatch_on_commit):
     webhook.limit_events.clear()
     webhook.all_events = True
     webhook.save()
     responses.add(responses.POST, 'https://google.com', status=200)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         le = order.log_action('pretix.event.order.paid', {})
     assert len(responses.calls) == 1
     assert json.loads(force_str(responses.calls[0].request.body)) == {
@@ -132,13 +138,13 @@ def test_webhook_trigger_global(event, order, webhook, django_capture_on_commit_
 
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_trigger_global_wildcard(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_trigger_global_wildcard(event, order, webhook, monkeypatch_on_commit):
     webhook.listeners.create(action_type="pretix.event.order.changed.*")
     webhook.limit_events.clear()
     webhook.all_events = True
     webhook.save()
     responses.add(responses.POST, 'https://google.com', status=200)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         le = order.log_action('pretix.event.order.changed.item', {})
     assert len(responses.calls) == 1
     assert json.loads(force_str(responses.calls[0].request.body)) == {
@@ -152,30 +158,30 @@ def test_webhook_trigger_global_wildcard(event, order, webhook, django_capture_o
 
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_ignore_wrong_action_type(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_ignore_wrong_action_type(event, order, webhook, monkeypatch_on_commit):
     responses.add(responses.POST, 'https://google.com', status=200)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.changed.item', {})
     assert len(responses.calls) == 0
 
 
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_ignore_disabled(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_ignore_disabled(event, order, webhook, monkeypatch_on_commit):
     webhook.enabled = False
     webhook.save()
     responses.add(responses.POST, 'https://google.com', status=200)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.changed.item', {})
     assert len(responses.calls) == 0
 
 
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_ignore_wrong_event(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_ignore_wrong_event(event, order, webhook, monkeypatch_on_commit):
     webhook.limit_events.clear()
     responses.add(responses.POST, 'https://google.com', status=200)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.changed.item', {})
     assert len(responses.calls) == 0
 
@@ -183,10 +189,10 @@ def test_webhook_ignore_wrong_event(event, order, webhook, django_capture_on_com
 @pytest.mark.django_db
 @pytest.mark.xfail(reason="retries can't be tested with celery_always_eager")
 @responses.activate
-def test_webhook_retry(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_retry(event, order, webhook, monkeypatch_on_commit):
     responses.add(responses.POST, 'https://google.com', status=500)
     responses.add(responses.POST, 'https://google.com', status=200)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {})
     assert len(responses.calls) == 2
     with scopes_disabled():
@@ -210,9 +216,9 @@ def test_webhook_retry(event, order, webhook, django_capture_on_commit_callbacks
 
 @pytest.mark.django_db
 @responses.activate
-def test_webhook_disable_gone(event, order, webhook, django_capture_on_commit_callbacks):
+def test_webhook_disable_gone(event, order, webhook, monkeypatch_on_commit):
     responses.add(responses.POST, 'https://google.com', status=410)
-    with django_capture_on_commit_callbacks(execute=True):
+    with transaction.atomic():
         order.log_action('pretix.event.order.paid', {})
     assert len(responses.calls) == 1
     webhook.refresh_from_db()

src/tests/conftest.py

@@ -131,8 +131,3 @@ def set_lock_namespaces(request):
             yield
     else:
         yield
-
-
-@pytest.fixture
-def class_monkeypatch(request, monkeypatch):
-    request.cls.monkeypatch = monkeypatch

src/tests/control/test_auth.py

@@ -385,6 +385,11 @@ class RegistrationFormTest(TestCase):
         self.assertEqual(response.status_code, 403)
 
 
+@pytest.fixture
+def class_monkeypatch(request, monkeypatch):
+    request.cls.monkeypatch = monkeypatch
+
+
 @pytest.mark.usefixtures("class_monkeypatch")
 class Login2FAFormTest(TestCase):
 

src/tests/control/test_events.py

@@ -49,6 +49,11 @@ from tests.base import SoupTest, extract_form_fields
 from pretix.base.models import Event, LogEntry, Order, Organizer, Team, User
 
 
+@pytest.fixture
+def class_monkeypatch(request, monkeypatch):
+    request.cls.monkeypatch = monkeypatch
+
+
 @pytest.mark.usefixtures("class_monkeypatch")
 class EventsTest(SoupTest):
     @scopes_disabled()

src/tests/control/test_organizer.py

@@ -33,6 +33,11 @@ from tests.base import SoupTest, extract_form_fields
 from pretix.base.models import Event, Organizer, OutgoingMail, Team, User
 
 
+@pytest.fixture
+def class_monkeypatch(request, monkeypatch):
+    request.cls.monkeypatch = monkeypatch
+
+
 @pytest.mark.usefixtures("class_monkeypatch")
 class OrganizerTest(SoupTest):
     @scopes_disabled()

src/tests/control/test_user.py

@@ -286,6 +286,11 @@ class UserPasswordChangeTest(SoupTest):
         assert self.user.needs_password_change is False
 
 
+@pytest.fixture
+def class_monkeypatch(request, monkeypatch):
+    request.cls.monkeypatch = monkeypatch
+
+
 @pytest.mark.usefixtures("class_monkeypatch")
 class UserSettings2FATest(SoupTest):
     def setUp(self):

src/tests/presale/test_checkout.py

@@ -33,7 +33,7 @@ from django.conf import settings
 from django.core import mail as djmail
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.core.signing import dumps
-from django.test import TestCase, TransactionTestCase
+from django.test import TestCase
 from django.utils.crypto import get_random_string
 from django.utils.timezone import now
 from django_countries.fields import Country
@@ -60,6 +60,12 @@ from pretix.testutils.sessions import get_cart_session_key
 from .test_timemachine import TimemachineTestMixin
 
 
+@pytest.fixture
+def class_monkeypatch(request, monkeypatch):
+    request.cls.monkeypatch = monkeypatch
+
+
+@pytest.mark.usefixtures("class_monkeypatch")
 class BaseCheckoutTestCase:
     @scopes_disabled()
     def setUp(self):
@@ -98,6 +104,7 @@ class BaseCheckoutTestCase:
         self.workshopquota.items.add(self.workshop2)
         self.workshopquota.variations.add(self.workshop2a)
         self.workshopquota.variations.add(self.workshop2b)
+        self.monkeypatch.setattr("django.db.transaction.on_commit", lambda t: t())
 
     def _set_session(self, key, value):
         session = self.client.session
@@ -4413,8 +4420,6 @@ class CheckoutTestCase(BaseCheckoutTestCase, TimemachineTestMixin, TestCase):
             assert len(djmail.outbox) == 1
             assert any(["Invoice_" in a[0] for a in djmail.outbox[0].attachments])
 
-
-class CheckoutTransactionTestCase(BaseCheckoutTestCase, TransactionTestCase):
     def test_order_confirmation_mail_invoice_sent_somewhere_else(self):
         self.event.settings.invoice_address_asked = True
         self.event.settings.invoice_address_required = True