Fix sqlparse version

src/pretix/api/middleware.py

@@ -21,15 +21,15 @@ class IdempotencyMiddleware:
         if not request.path.startswith('/api/'):
             return self.get_response(request)
 
-        if not request.META.get('HTTP_X_IDEMPOTENCY_KEY'):
+        if not request.headers.get('X-Idempotency-Key'):
             return self.get_response(request)
 
         auth_hash_parts = '{}:{}'.format(
-            request.META.get('HTTP_AUTHORIZATION', ''),
+            request.headers.get('Authorization', ''),
             request.COOKIES.get(settings.SESSION_COOKIE_NAME, '')
         )
         auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
-        idempotency_key = request.META.get('HTTP_X_IDEMPOTENCY_KEY', '')
+        idempotency_key = request.headers.get('X-Idempotency-Key', '')
 
         with transaction.atomic():
             call, created = ApiCall.objects.select_for_update().get_or_create(

src/pretix/api/models.py

@@ -77,6 +77,9 @@ class WebHook(models.Model):
     all_events = models.BooleanField(default=True, verbose_name=_("All events (including newly created ones)"))
     limit_events = models.ManyToManyField('pretixbase.Event', verbose_name=_("Limit to events"), blank=True)
 
+    class Meta:
+        ordering = ('id',)
+
     @property
     def action_types(self):
         return [

src/pretix/api/views/__init__.py

@@ -31,10 +31,10 @@ class RichOrderingFilter(OrderingFilter):
 class ConditionalListView:
 
     def list(self, request, **kwargs):
-        if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE')
+        if_modified_since = request.headers.get('If-Modified-Since')
         if if_modified_since:
             if_modified_since = parse_http_date_safe(if_modified_since)
-        if_unmodified_since = request.META.get('HTTP_IF_UNMODIFIED_SINCE')
+        if_unmodified_since = request.headers.get('If-Unmodified-Since')
         if if_unmodified_since:
             if_unmodified_since = parse_http_date_safe(if_unmodified_since)
         if not hasattr(request, 'event'):

src/pretix/api/views/checkin.py

@@ -7,7 +7,7 @@ from django.utils.functional import cached_property
 from django.utils.timezone import now
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import viewsets
-from rest_framework.decorators import detail_route
+from rest_framework.decorators import action
 from rest_framework.fields import DateTimeField
 from rest_framework.response import Response
 
@@ -77,7 +77,7 @@ class CheckinListViewSet(viewsets.ModelViewSet):
         )
         super().perform_destroy(instance)
 
-    @detail_route(methods=['GET'])
+    @action(detail=True, methods=['GET'])
     def status(self, *args, **kwargs):
         clist = self.get_object()
         cqs = Checkin.objects.filter(
@@ -242,7 +242,7 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
 
         return qs
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def redeem(self, *args, **kwargs):
         force = bool(self.request.data.get('force', False))
         ignore_unpaid = bool(self.request.data.get('ignore_unpaid', False))

src/pretix/api/views/item.py

@@ -4,7 +4,7 @@ from django.shortcuts import get_object_or_404
 from django.utils.functional import cached_property
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import viewsets
-from rest_framework.decorators import detail_route
+from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import OrderingFilter
 from rest_framework.response import Response
@@ -499,7 +499,7 @@ class QuotaViewSet(ConditionalListView, viewsets.ModelViewSet):
             )
         super().perform_destroy(instance)
 
-    @detail_route(methods=['get'])
+    @action(detail=True, methods=['get'])
     def availability(self, request, *args, **kwargs):
         quota = self.get_object()
 

src/pretix/api/views/order.py

@@ -12,7 +12,7 @@ from django.utils.timezone import make_aware, now
 from django.utils.translation import ugettext as _
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import mixins, serializers, status, viewsets
-from rest_framework.decorators import detail_route
+from rest_framework.decorators import action
 from rest_framework.exceptions import (
     APIException, NotFound, PermissionDenied, ValidationError,
 )
@@ -127,7 +127,7 @@ class OrderViewSet(viewsets.ModelViewSet):
         serializer = self.get_serializer(queryset, many=True)
         return Response(serializer.data, headers={'X-Page-Generated': date})
 
-    @detail_route(url_name='download', url_path='download/(?P<output>[^/]+)')
+    @action(detail=True, url_name='download', url_path='download/(?P<output>[^/]+)')
     def download(self, request, output, **kwargs):
         provider = self._get_output_provider(output)
         order = self.get_object()
@@ -149,7 +149,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             )
             return resp
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def mark_paid(self, request, **kwargs):
         order = self.get_object()
 
@@ -190,7 +190,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             status=status.HTTP_400_BAD_REQUEST
         )
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def mark_canceled(self, request, **kwargs):
         send_mail = request.data.get('send_email', True)
         cancellation_fee = request.data.get('cancellation_fee', None)
@@ -224,7 +224,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             )
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def approve(self, request, **kwargs):
         send_mail = request.data.get('send_email', True)
 
@@ -242,7 +242,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def deny(self, request, **kwargs):
         send_mail = request.data.get('send_email', True)
         comment = request.data.get('comment', '')
@@ -260,7 +260,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def mark_pending(self, request, **kwargs):
         order = self.get_object()
 
@@ -279,7 +279,7 @@ class OrderViewSet(viewsets.ModelViewSet):
         )
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def mark_expired(self, request, **kwargs):
         order = self.get_object()
 
@@ -296,7 +296,7 @@ class OrderViewSet(viewsets.ModelViewSet):
         )
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def mark_refunded(self, request, **kwargs):
         order = self.get_object()
 
@@ -313,7 +313,7 @@ class OrderViewSet(viewsets.ModelViewSet):
         )
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def create_invoice(self, request, **kwargs):
         order = self.get_object()
         has_inv = order.invoices.exists() and not (
@@ -345,7 +345,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             status=status.HTTP_201_CREATED
         )
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def resend_link(self, request, **kwargs):
         order = self.get_object()
         if not order.email:
@@ -359,7 +359,7 @@ class OrderViewSet(viewsets.ModelViewSet):
             status=status.HTTP_204_NO_CONTENT
         )
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     @transaction.atomic
     def regenerate_secrets(self, request, **kwargs):
         order = self.get_object()
@@ -377,7 +377,7 @@ class OrderViewSet(viewsets.ModelViewSet):
         )
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def extend(self, request, **kwargs):
         new_date = request.data.get('expires', None)
         force = request.data.get('force', False)
@@ -619,7 +619,7 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, viewsets.ReadOnlyModelViewS
                 return prov
         raise NotFound('Unknown output provider.')
 
-    @detail_route(url_name='download', url_path='download/(?P<output>[^/]+)')
+    @action(detail=True, url_name='download', url_path='download/(?P<output>[^/]+)')
     def download(self, request, output, **kwargs):
         provider = self._get_output_provider(output)
         pos = self.get_object()
@@ -670,7 +670,7 @@ class PaymentViewSet(viewsets.ReadOnlyModelViewSet):
         order = get_object_or_404(Order, code=self.kwargs['order'], event=self.request.event)
         return order.payments.all()
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def confirm(self, request, **kwargs):
         payment = self.get_object()
         force = request.data.get('force', False)
@@ -691,7 +691,7 @@ class PaymentViewSet(viewsets.ReadOnlyModelViewSet):
             pass
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def refund(self, request, **kwargs):
         payment = self.get_object()
         amount = serializers.DecimalField(max_digits=10, decimal_places=2).to_internal_value(
@@ -756,7 +756,7 @@ class PaymentViewSet(viewsets.ReadOnlyModelViewSet):
                     payment.order.save(update_fields=['status', 'expires'])
             return Response(OrderRefundSerializer(r).data, status=status.HTTP_200_OK)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def cancel(self, request, **kwargs):
         payment = self.get_object()
 
@@ -784,7 +784,7 @@ class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
         order = get_object_or_404(Order, code=self.kwargs['order'], event=self.request.event)
         return order.refunds.all()
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def cancel(self, request, **kwargs):
         refund = self.get_object()
 
@@ -801,7 +801,7 @@ class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
             }, user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def process(self, request, **kwargs):
         refund = self.get_object()
 
@@ -826,7 +826,7 @@ class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
             refund.order.save(update_fields=['status', 'expires'])
         return self.retrieve(request, [], **kwargs)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def done(self, request, **kwargs):
         refund = self.get_object()
 
@@ -916,7 +916,7 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
             nr=Concat('prefix', 'invoice_no')
         )
 
-    @detail_route()
+    @action(detail=True, )
     def download(self, request, **kwargs):
         invoice = self.get_object()
 
@@ -934,7 +934,7 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
         resp['Content-Disposition'] = 'attachment; filename="{}.pdf"'.format(invoice.number)
         return resp
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def regenerate(self, request, **kwarts):
         inv = self.get_object()
         if inv.canceled:
@@ -953,7 +953,7 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
             )
             return Response(status=204)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def reissue(self, request, **kwarts):
         inv = self.get_object()
         if inv.canceled:

src/pretix/api/views/voucher.py

@@ -7,7 +7,7 @@ from django_filters.rest_framework import (
     BooleanFilter, DjangoFilterBackend, FilterSet,
 )
 from rest_framework import status, viewsets
-from rest_framework.decorators import list_route
+from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import OrderingFilter
 from rest_framework.response import Response
@@ -116,7 +116,7 @@ class VoucherViewSet(viewsets.ModelViewSet):
             instance.cartposition_set.all().delete()
             super().perform_destroy(instance)
 
-    @list_route(methods=['POST'])
+    @action(detail=False, methods=['POST'])
     def batch_create(self, request, *args, **kwargs):
         if any(self._predict_quota_check(d, None) for d in request.data):
             lockfn = request.event.lock

src/pretix/api/views/waitinglist.py

@@ -1,7 +1,7 @@
 import django_filters
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import viewsets
-from rest_framework.decorators import detail_route
+from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied, ValidationError
 from rest_framework.filters import OrderingFilter
 from rest_framework.response import Response
@@ -69,7 +69,7 @@ class WaitingListViewSet(viewsets.ModelViewSet):
         )
         super().perform_destroy(instance)
 
-    @detail_route(methods=['POST'])
+    @action(detail=True, methods=['POST'])
     def send_voucher(self, *args, **kwargs):
         try:
             self.get_object().send_voucher(

src/pretix/base/middleware.py

@@ -97,7 +97,7 @@ def get_language_from_event(request: HttpRequest) -> str:
 
 
 def get_language_from_browser(request: HttpRequest) -> str:
-    accept = request.META.get('HTTP_ACCEPT_LANGUAGE', '')
+    accept = request.headers.get('Accept-Language', '')
     for accept_lang, unused in parse_accept_lang_header(accept):
         if accept_lang == '*':
             break

src/pretix/base/models/auth.py

@@ -111,6 +111,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
     class Meta:
         verbose_name = _("User")
         verbose_name_plural = _("Users")
+        ordering = ('email',)
 
     def save(self, *args, **kwargs):
         self.email = self.email.lower()

src/pretix/base/models/fields.py

@@ -37,7 +37,7 @@ class MultiStringField(TextField):
     def get_prep_lookup(self, lookup_type, value):  # NOQA
         raise TypeError('Lookups on multi strings are currently not supported.')
 
-    def from_db_value(self, value, expression, connection, context):
+    def from_db_value(self, value, expression, connection):
         if value:
             return [v for v in value.split(DELIMITER) if v]
         else:

src/pretix/base/models/tax.py

@@ -118,6 +118,9 @@ class TaxRule(LoggedModel):
     )
     custom_rules = models.TextField(blank=True, null=True)
 
+    class Meta:
+        ordering = ('event', 'rate', 'id')
+
     def allow_delete(self):
         from pretix.base.models.orders import OrderFee, OrderPosition
 

src/pretix/base/services/invoices.py

@@ -120,7 +120,7 @@ def build_invoice(invoice: Invoice) -> Invoice:
         positions = list(
             invoice.order.positions.select_related('addon_to', 'item', 'tax_rule', 'subevent', 'variation').annotate(
                 addon_c=Count('addons')
-            )
+            ).order_by('positionid', 'id')
         )
 
         reverse_charge = False

src/pretix/base/templates/400.html

@@ -1,6 +1,6 @@
 {% extends "error.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block title %}{% trans "Bad Request" %}{% endblock %}
 {% block content %}
     <i class="fa fa-frown-o fa-fw big-icon"></i>

src/pretix/base/templates/403.html

@@ -1,6 +1,6 @@
 {% extends "error.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block title %}{% trans "Permission denied" %}{% endblock %}
 {% block content %}
     <i class="fa fa-fw fa-lock big-icon"></i>

src/pretix/base/templates/404.html

@@ -1,6 +1,6 @@
 {% extends "error.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block title %}{% trans "Not found" %}{% endblock %}
 {% block content %}
     <i class="fa fa-meh-o fa-fw big-icon"></i>

src/pretix/base/templates/500.html

@@ -1,6 +1,6 @@
 {% extends "error.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block title %}{% trans "Internal Server Error" %}{% endblock %}
 {% block content %}
     <i class="fa fa-bolt big-icon fa-fw"></i>

src/pretix/base/templates/csrffail.html

@@ -1,6 +1,6 @@
 {% extends "error.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% block title %}{% trans "Verification failed" %}{% endblock %}
 {% block content %}
     <i class="fa fa-frown-o big-icon fa-fw"></i>

src/pretix/base/templates/error.html

@@ -1,6 +1,6 @@
 {% load compress %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 <!DOCTYPE html>
 <html>
 <head>

src/pretix/base/views/js_catalog.py

@@ -2,7 +2,7 @@ from django.utils import timezone
 from django.utils.translation.trans_real import DjangoTranslation
 from django.views.decorators.cache import cache_page
 from django.views.decorators.http import etag
-from django.views.i18n import JavaScriptCatalog, render_javascript_catalog
+from django.views.i18n import JavaScriptCatalog
 
 # Yes, we want to regenerate this every time the module has been imported to
 # refresh the cache at least at every code deployment
@@ -21,4 +21,5 @@ js_info_dict = {
 def js_catalog(request, lang):
     c = JavaScriptCatalog()
     c.translation = DjangoTranslation(lang, domain='djangojs')
-    return render_javascript_catalog(c.get_catalog(), c.get_plural())
+    context = c.get_context_data()
+    return c.render_to_response(context)

src/pretix/base/views/metrics.py

@@ -20,10 +20,10 @@ def serve_metrics(request):
         return unauthed_response()
 
     # check if the user is properly authorized:
-    if "HTTP_AUTHORIZATION" not in request.META:
+    if "Authorization" not in request.headers:
         return unauthed_response()
 
-    method, credentials = request.META["HTTP_AUTHORIZATION"].split(" ", 1)
+    method, credentials = request.headers["Authorization"].split(" ", 1)
     if method.lower() != "basic":
         return unauthed_response()
 

src/pretix/control/templates/pretixcontrol/auth/base.html

@@ -1,6 +1,6 @@
 {% load compress %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 <!DOCTYPE html>
 <html>
 <head>

src/pretix/control/templates/pretixcontrol/organizers/device_connect.html

@@ -1,6 +1,6 @@
 {% extends "pretixcontrol/organizers/base.html" %}
 {% load i18n %}
-{% load staticfiles %}
+{% load static %}
 {% load bootstrap3 %}
 {% block inner %}
     <h1>{% trans "Connect to device:" %} {{ device.name }}</h1>

src/pretix/control/views/item.py

@@ -49,7 +49,9 @@ class ItemList(ListView):
             event=self.request.event
         ).annotate(
             var_count=Count('variations')
-        ).prefetch_related("category")
+        ).prefetch_related("category").order_by(
+            'category__position', 'category', 'position'
+        )
 
 
 def item_move(request, item, up=True):

src/pretix/helpers/security.py

@@ -13,7 +13,7 @@ class SessionReauthRequired(Exception):
 
 
 def get_user_agent_hash(request):
-    return hashlib.sha256(request.META['HTTP_USER_AGENT'].encode()).hexdigest()
+    return hashlib.sha256(request.headers['User-Agent'].encode()).hexdigest()
 
 
 def assert_session_valid(request):
@@ -26,7 +26,7 @@ def assert_session_valid(request):
         if time.time() - last_used > settings.PRETIX_SESSION_TIMEOUT_RELATIVE:
             raise SessionReauthRequired()
 
-    if 'HTTP_USER_AGENT' in request.META:
+    if 'User-Agent' in request.headers:
         if 'pinned_user_agent' in request.session:
             if request.session.get('pinned_user_agent') != get_user_agent_hash(request):
                 raise SessionInvalid()

src/pretix/multidomain/middlewares.py

@@ -23,10 +23,10 @@ LOCAL_HOST_NAMES = ('testserver', 'localhost')
 class MultiDomainMiddleware(MiddlewareMixin):
     def process_request(self, request):
         # We try three options, in order of decreasing preference.
-        if settings.USE_X_FORWARDED_HOST and ('HTTP_X_FORWARDED_HOST' in request.META):
+        if settings.USE_X_FORWARDED_HOST and ('X-Forwarded-Host' in request.headers):
-            host = request.META['HTTP_X_FORWARDED_HOST']
+            host = request.headers['X-Forwarded-Host']
-        elif 'HTTP_HOST' in request.META:
+        elif 'Host' in request.headers:
-            host = request.META['HTTP_HOST']
+            host = request.headers['Host']
         else:
             # Reconstruct the host using the algorithm from PEP 333.
             host = request.META['SERVER_NAME']

src/pretix/plugins/badges/models.py

@@ -52,3 +52,6 @@ class BadgeItem(models.Model):
                                 on_delete=models.CASCADE)
     layout = models.ForeignKey('BadgeLayout', on_delete=models.CASCADE, related_name='item_assignments',
                                null=True, blank=True)
+
+    class Meta:
+        ordering = ('id',)

src/pretix/plugins/banktransfer/models.py

@@ -21,6 +21,9 @@ class BankImportJob(models.Model):
     created = models.DateTimeField(auto_now_add=True)
     state = models.CharField(max_length=32, choices=STATES, default=STATE_PENDING)
 
+    class Meta:
+        ordering = ('id',)
+
     @property
     def owner_kwargs(self):
         if self.event:
@@ -76,3 +79,4 @@ class BankTransaction(models.Model):
 
     class Meta:
         unique_together = ('event', 'organizer', 'checksum')
+        ordering = ('date', 'id')

src/pretix/plugins/ticketoutputpdf/models.py

@@ -73,3 +73,4 @@ class TicketLayoutItem(models.Model):
 
     class Meta:
         unique_together = (('item', 'layout', 'sales_channel'),)
+        ordering = ("id",)

src/pretix/presale/views/locale.py

@@ -11,7 +11,7 @@ from .robots import NoSearchIndexViewMixin
 class LocaleSet(NoSearchIndexViewMixin, View):
 
     def get(self, request, *args, **kwargs):
-        url = request.GET.get('next', request.META.get('HTTP_REFERER', '/'))
+        url = request.GET.get('next', request.headers.get('Referer', '/'))
         url = url if is_safe_url(url, allowed_hosts=[request.get_host()]) else '/'
         resp = HttpResponseRedirect(url)
 

src/requirements/dev.txt

@@ -1,5 +1,5 @@
-django-debug-toolbar==1.9.1
+django-debug-toolbar==1.11
-sqlparse==0.2.1  # pinned due to difficulties with django-debug-toolbar
+sqlparse==0.3.*  # pinned due to difficulties with django-debug-toolbar
 # Testing requirements
 pycodestyle==2.5.*
 pyflakes==2.1.*
@@ -7,15 +7,16 @@ pep8-naming
 flake8==3.7.*
 codecov
 coverage
-pytest==3.6.*
+pytest==4.4.*
 pytest-django
-pytest-xdist==1.27.*
 isort
-pytest-rerunfailures==4.*
+pytest-rerunfailures==7.*
-pytest-mock==1.6.*
+pytest-mock==1.10.*
-pytest-cache
-pytest-sugar
 responses
 potypo
 freezegun
 
+# Not really required, just nice to have
+pytest-xdist==1.28.*
+pytest-cache
+pytest-sugar

src/requirements/production.txt

@@ -1,19 +1,19 @@
 # Functional requirements
-Django>=2.1,<2.2
+Django==2.2.*
-djangorestframework==3.8.*
+djangorestframework==3.9.*
-python-dateutil
+python-dateutil==2.8.*
 pytz
-django-bootstrap3==10.0.*
+django-bootstrap3==11.0.*
 django-formset-js-improved==0.5.0.2
 django-compressor==2.2.*
 django-hierarkey==1.0.*,>=1.0.3
-django-filter==2.0.*
+django-filter==2.1.*
 reportlab==3.5.*
 PyPDF2==1.26.*
 Pillow==5.*
 django-libsass
 libsass
-django-otp==0.4.*
+django-otp==0.5.*
 python-u2flib-server==4.*
 django-formtools==2.1
 celery==4.3.*
@@ -28,7 +28,7 @@ dj-static
 csscompressor
 django-markup
 markdown<=2.2
-bleach==2.*
+bleach==3.1.*
 sentry-sdk==0.7.*
 babel
 django-i18nfield>=1.4.0

src/setup.cfg

@@ -18,6 +18,9 @@ skip = make_testdata.py,wsgi.py,bootstrap,celery_app.py,pretix/settings.py,tests
 [tool:pytest]
 DJANGO_SETTINGS_MODULE=tests.settings
 addopts =--reruns 3 -rw
+filterwarnings =
+    ignore:The 'warn' method is deprecated:DeprecationWarning
+    ignore:django.contrib.staticfiles.templatetags.static:DeprecationWarning
 
 [coverage:run]
 source = pretix

src/setup.py

@@ -87,21 +87,21 @@ setup(
 
     keywords='tickets web shop ecommerce',
     install_requires=[
-        'Django>=2.1,<2.2',
+        'Django==2.2.*',
-        'djangorestframework==3.8.*',
+        'djangorestframework==3.9.*',
-        'python-dateutil==2.4.*',
+        'python-dateutil==2.8.*',
         'pytz',
-        'django-bootstrap3==10.0.*',
+        'django-bootstrap3==11.0.*',
         'django-formset-js-improved==0.5.0.2',
         'django-compressor==2.2.*',
         'django-hierarkey==1.0.*,>=1.0.2',
-        'django-filter==2.0.*',
+        'django-filter==2.1.*',
         'reportlab==3.5.*',
         'Pillow==5.*',
         'PyPDF2==1.26.*',
         'django-libsass',
         'libsass',
-        'django-otp==0.4.*',
+        'django-otp==0.5.*',
         'python-u2flib-server==4.*',
         'django-formtools==2.1',
         'celery==4.3.*',
@@ -116,7 +116,7 @@ setup(
         'csscompressor',
         'django-markup',
         'markdown<=2.2',
-        'bleach==2.*',
+        'bleach==3.1.*',
         'sentry-sdk==0.7.*',
         'babel',
         'paypalrestsdk==1.13.*',
@@ -144,21 +144,22 @@ setup(
     ],
     extras_require={
         'dev': [
-            'django-debug-toolbar==1.9.1',
+            'django-debug-toolbar==1.11',
-            'sqlparse==0.2.1',
+            'sqlparse==0.3.*',
             'pycodestyle==2.5.*',
             'pyflakes==2.1.*',
             'flake8==3.7.*',
             'pep8-naming',
             'coveralls',
             'coverage',
-            'pytest==3.6.*',
+            'pytest==4.4.*',
             'pytest-django',
-            'pytest-xdist==1.27.*',
+            'pytest-xdist==1.28.*',
             'isort',
-            'pytest-mock==1.6.*',
+            'pytest-mock==1.10.*',
-            'pytest-rerunfailures',
+            'pytest-rerunfailures==7.*',
             'responses',
+            'potypo',
             'freezegun',
         ],
         'memcached': ['pylibmc'],

src/tests/api/test_cart.py

@@ -76,8 +76,8 @@ def test_cp_list(token_client, organizer, event, item, taxrule, question):
         cr = CartPosition.objects.create(
             event=event, cart_id="aaa", item=item,
             price=23, attendee_name_parts={'full_name': 'Peter'},
-            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0),
+            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC),
-            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0)
+            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC)
         )
     res = dict(TEST_CARTPOSITION_RES)
     res["id"] = cr.pk
@@ -97,8 +97,8 @@ def test_cp_list_api(token_client, organizer, event, item, taxrule, question):
         cr = CartPosition.objects.create(
             event=event, cart_id="aaa@api", item=item,
             price=23, attendee_name_parts={'full_name': 'Peter'},
-            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0),
+            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC),
-            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0)
+            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC)
         )
     res = dict(TEST_CARTPOSITION_RES)
     res["id"] = cr.pk
@@ -118,8 +118,8 @@ def test_cp_detail(token_client, organizer, event, item, taxrule, question):
         cr = CartPosition.objects.create(
             event=event, cart_id="aaa@api", item=item,
             price=23, attendee_name_parts={'full_name': 'Peter'},
-            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0),
+            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC),
-            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0)
+            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC)
         )
     res = dict(TEST_CARTPOSITION_RES)
     res["id"] = cr.pk
@@ -139,8 +139,8 @@ def test_cp_delete(token_client, organizer, event, item, taxrule, question):
         cr = CartPosition.objects.create(
             event=event, cart_id="aaa@api", item=item,
             price=23, attendee_name_parts={'full_name': 'Peter'},
-            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0),
+            datetime=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC),
-            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0)
+            expires=datetime.datetime(2018, 6, 11, 10, 0, 0, 0, tzinfo=UTC)
         )
     res = dict(TEST_CARTPOSITION_RES)
     res["id"] = cr.pk
@@ -537,7 +537,7 @@ def test_cartpos_create_answer_validation(token_client, organizer, event, item,
     )
     assert resp.status_code == 400
     assert resp.data == {
-        'answers': [{'non_field_errors': ['Date has wrong format. Use one of these formats instead: YYYY[-MM[-DD]].']}]}
+        'answers': [{'non_field_errors': ['Date has wrong format. Use one of these formats instead: YYYY-MM-DD.']}]}
 
     question.type = Question.TYPE_DATETIME
     question.save()

src/tests/api/test_items.py

@@ -76,8 +76,8 @@ def cart_position(event, item, variations):
         c = CartPosition.objects.create(
             event=event,
             item=item,
-            datetime=datetime.now(),
+            datetime=testtime,
-            expires=datetime.now() + timedelta(days=1),
+            expires=testtime + timedelta(days=1),
             variation=variations[0],
             price=Decimal("23"),
             cart_id="z3fsn8jyufm5kpk768q69gkbyr5f4h6w"

src/tests/api/test_orders.py

@@ -2181,7 +2181,7 @@ def test_order_create_answer_validation(token_client, organizer, event, item, qu
     )
     assert resp.status_code == 400
     assert resp.data == {'positions': [{'answers': [
-        {'non_field_errors': ['Date has wrong format. Use one of these formats instead: YYYY[-MM[-DD]].']}]}]}
+        {'non_field_errors': ['Date has wrong format. Use one of these formats instead: YYYY-MM-DD.']}]}]}
 
     question.type = Question.TYPE_DATETIME
     question.save()

src/tests/base/test_models.py

@@ -1748,10 +1748,11 @@ class CachedFileTestCase(TestCase):
         cf.filename = "testfile.txt"
         cf.save()
         assert default_storage.exists(cf.file.name)
+        n = cf.file.name
         with default_storage.open(cf.file.name, 'r') as f:
             assert f.read().strip() == "file_content"
         cf.delete()
-        assert not default_storage.exists(cf.file.name)
+        assert not default_storage.exists(n)
 
 
 class CheckinListTestCase(TestCase):

src/tests/control/test_events.py

@@ -363,7 +363,7 @@ class EventsTest(SoupTest):
 
     def test_payment_settings_last_date_payment_after_presale_end(self):
         tr19 = self.event1.tax_rules.create(rate=Decimal('19.00'))
-        self.event1.presale_end = datetime.datetime.now()
+        self.event1.presale_end = now()
         self.event1.save(update_fields=['presale_end'])
         doc = self.post_doc('/control/event/%s/%s/settings/payment' % (self.orga1.slug, self.event1.slug), {
             'payment_term_days': '2',