REmove totod

.gitlab-ci.yml

@@ -17,7 +17,7 @@ pypi:
         - virtualenv env
         - source env/bin/activate
         - pip install -U pip wheel setuptools
-        - XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements.txt -r src/requirements/dev.txt
+        - XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements.txt -r src/requirements/dev.txt -r src/requirements/py34.txt
         - cd src
         - python setup.py sdist
         - pip install dist/pretix-*.tar.gz

.readthedocs.requirements.txt

@@ -1 +1,2 @@
+-r src/requirements/py34.txt
 -r doc/requirements.txt

.travis.sh

@@ -11,16 +11,17 @@ fi
 
 if [ "$PRETIX_CONFIG_FILE" == "tests/travis_postgres.cfg" ]; then
     psql -c 'create database travis_ci_test;' -U postgres
+    pip3 install -Ur src/requirements/postgres.txt
 fi
 
 if [ "$1" == "style" ]; then
-	XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements.txt -r src/requirements/dev.txt
+	XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements.txt -r src/requirements/dev.txt -r src/requirements/py34.txt
 	cd src
     flake8 .
     isort -c -rc -df .
 fi
 if [ "$1" == "doctests" ]; then
-	XDG_CACHE_HOME=/cache pip3 install -Ur doc/requirements.txt
+	XDG_CACHE_HOME=/cache pip3 install -Ur doc/requirements.txt -r src/requirements/py34.txt
 	cd doc
 	make doctest
 fi
@@ -38,21 +39,21 @@ if [ "$1" == "translation-spelling" ]; then
 	potypo
 fi
 if [ "$1" == "tests" ]; then
-	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
+	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt -r src/requirements/py34.txt pytest-xdist
 	cd src
 	python manage.py check
 	make all compress
-	py.test --reruns 5 -n 3 tests
+	py.test --reruns 5 -n 2 tests
 fi
 if [ "$1" == "tests-cov" ]; then
-	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
+	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt -r src/requirements/py34.txt
 	cd src
 	python manage.py check
 	make all compress
 	coverage run -m py.test --reruns 5 tests && codecov
 fi
 if [ "$1" == "plugins" ]; then
-	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
+	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt -r src/requirements/py34.txt
 	cd src
 	python setup.py develop
 	make all compress

.travis.yml

@@ -1,7 +1,7 @@
 language: python
 sudo: false
 install:
-  - pip install -U pip wheel setuptools
+  - pip install -U pip wheel setuptools==28.6.1
 script:
   - bash .travis.sh $JOB
 cache:
@@ -18,12 +18,22 @@ matrix:
       env: JOB=tests-cov PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
     - python: 3.6
       env: JOB=style
-    - python: 3.6
+    - python: 3.4
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_sqlite.cfg
+    - python: 3.5
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_sqlite.cfg
+    - python: 3.4
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_mysql.cfg
+    - python: 3.5
       env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_mysql.cfg
     - python: 3.6
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_mysql.cfg
+    - python: 3.4
       env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
     - python: 3.5
       env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
+    - python: 3.6
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
     - python: 3.6
       env: JOB=plugins
     - python: 3.6
@@ -32,15 +42,11 @@ matrix:
       env: JOB=translation-spelling
 addons:
   postgresql: "9.4"
-  mariadb: '10.3'
   apt:
       packages:
           - enchant
           - myspell-de-de
           - aspell-en
-          - sqlite3
-  sources:
-    - travis-ci/sqlite3
 branches:
   except:
   - /^weblate-.*/

Dockerfile

@@ -1,26 +1,10 @@
 FROM python:3.6
 
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-            build-essential \
-            default-libmysqlclient-dev \
-            gettext \
-            git \
-            libffi-dev \
-            libjpeg-dev \
-            libmemcached-dev \
-            libpq-dev \
-            libssl-dev \
-            libxml2-dev \
-            libxslt1-dev \
-            locales \
-            nginx \
-            python-dev \
-            python-virtualenv \
-            python3-dev \
-            sudo \
-            supervisor \
-            zlib1g-dev && \
+    apt-get install -y git libxml2-dev libxslt1-dev python-dev python-virtualenv locales \
+      libffi-dev build-essential python3-dev zlib1g-dev libssl-dev gettext libpq-dev \
+      default-libmysqlclient-dev libmemcached-dev libjpeg-dev supervisor nginx sudo \
+	  --no-install-recommends && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
     dpkg-reconfigure locales && \
@@ -35,22 +19,6 @@ RUN apt-get update && \
 ENV LC_ALL=C.UTF-8 \
     DJANGO_SETTINGS_MODULE=production_settings
 
-# To copy only the requirements files needed to install from PIP
-COPY src/requirements /pretix/src/requirements
-COPY src/requirements.txt /pretix/src
-RUN pip3 install -U \
-        pip \
-        setuptools \
-        wheel && \
-    cd /pretix/src && \
-    pip3 install \
-        -r requirements.txt \
-        -r requirements/memcached.txt \
-        -r requirements/mysql.txt \
-        -r requirements/redis.txt \
-        gunicorn && \
-    rm -rf ~/.cache/pip
-
 COPY deployment/docker/pretix.bash /usr/local/bin/pretix
 COPY deployment/docker/supervisord.conf /etc/supervisord.conf
 COPY deployment/docker/nginx.conf /etc/nginx/nginx.conf
@@ -59,8 +27,11 @@ COPY src /pretix/src
 
 RUN chmod +x /usr/local/bin/pretix && \
     rm /etc/nginx/sites-enabled/default && \
+    pip3 install -U pip wheel setuptools && \
     cd /pretix/src && \
     rm -f pretix.cfg && \
+    pip3 install -r requirements.txt -r requirements/mysql.txt -r requirements/postgres.txt \
+    	-r requirements/memcached.txt -r requirements/redis.txt gunicorn && \
 	mkdir -p data && \
     chown -R pretixuser:pretixuser /pretix /data data && \
 	sudo -u pretixuser make production

doc/admin/config.rst

@@ -53,10 +53,6 @@ Example::
     A comma-separated list of plugins that are enabled by default for all new events.
     Defaults to ``pretix.plugins.sendmail,pretix.plugins.statistics``.
 
-``plugins_exclude``
-    A comma-separated list of plugins that are not available even though they are installed.
-    Defaults to an empty string.
-
 ``cookie_domain``
     The cookie domain to be set. Defaults to ``None``.
 
@@ -125,23 +121,6 @@ Example::
     Indicates if the database backend is a MySQL/MariaDB Galera cluster and
     turns on some optimizations/special case handlers. Default: ``False``
 
-Database replica settings
--------------------------
-
-If you use a replicated database setup, pretix expects that the default database connection always points to the primary database node.
-Routing read queries to a replica on database layer is **strongly** discouraged since this can lead to inaccurate such as more tickets
-being sold than are actually available.
-
-However, pretix can still make use of a database replica to keep some expensive queries with that can tolerate some latency from your
-primary database, such as backend search queries. The ``replica`` configuration section can have the same settings as the ``database``
-section (except for the ``backend`` setting) and will default back to the ``database`` settings for all values that are not given. This
-way, you just need to specify the settings that are different for the replica.
-
-Example::
-
-    [replica]
-    host=192.168.0.2
-
 URLs
 ----
 
@@ -312,13 +291,5 @@ various places like order codes, secrets in the ticket QR codes, etc. Example::
     ; Voucher code needs to be < 255 characters, default is 16
     voucher_code=16
 
-External tools
---------------
-
-pretix can make use of some external tools if they are installed. Currently, they are all optional. Example::
-
-    [tools]
-    pdftk=/usr/bin/pdftk
-
 .. _Python documentation: https://docs.python.org/3/library/configparser.html?highlight=configparser#supported-ini-file-structure
 .. _Celery documentation: http://docs.celeryproject.org/en/latest/userguide/configuration.html

doc/admin/installation/dev_version.rst

@@ -1,37 +0,0 @@
-.. highlight:: none
-
-Installing a development version
-================================
-
-If you want to use a feature of pretix that is not yet contained in the last monthly release, you can also
-install a development version with pretix.
-
-.. warning:: When in production, we strongly recommend only installing released versions. Development versions might
-             be broken, incompatible to plugins, or in rare cases incompatible to upgrade later on.
-
-
-Manual installation
--------------------
-
-You can use ``pip`` to update pretix directly to the development branch. Then, upgrade as usual::
-
-    $ source /var/pretix/venv/bin/activate
-    (venv)$ pip3 install -U "git+https://github.com/pretix/pretix.git#egg=pretix&subdirectory=src"
-    (venv)$ python -m pretix migrate
-    (venv)$ python -m pretix rebuild
-    (venv)$ python -m pretix updatestyles
-    # systemctl restart pretix-web pretix-worker
-
-Docker installation
--------------------
-
-To use the latest development version with Docker, first pull it from Docker Hub::
-
-    $ docker pull pretix/standalone:latest
-
-
-Then change your ``/etc/systemd/system/pretix.service`` file to use the ``:latest`` tag instead of ``:stable`` as well
-and upgrade as usual::
-
-    $ systemctl restart pretix.service
-    $ docker exec -it pretix.service pretix upgrade

doc/admin/installation/docker_smallscale.rst

@@ -26,7 +26,7 @@ installation guides):
 * `Docker`_
 * A SMTP server to send out mails, e.g. `Postfix`_ on your machine or some third-party server you have credentials for
 * A HTTP reverse proxy, e.g. `nginx`_ or Apache to allow HTTPS connections
-* A `PostgreSQL`_, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
+* A `MySQL`_ or `PostgreSQL`_ database server
 * A `redis`_ server
 
 We also recommend that you use a firewall, although this is not a pretix-specific recommendation. If you're new to
@@ -36,9 +36,6 @@ Linux and firewalls, we recommend that you start with `ufw`_.
           SSL certificates can be obtained for free these days. We also *do not* provide support for HTTP-only
           installations except for evaluation purposes.
 
-.. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
-             **MariaDB 10.2.7 or newer**.
-
 On this guide
 -------------
 
@@ -61,7 +58,7 @@ Next, we need a database and a database user. We can create these with any kind
 our database's shell, e.g. for MySQL::
 
     $ mysql -u root -p
-    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
+    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
     mysql> GRANT ALL PRIVILEGES ON pretix.* TO pretix@'localhost' IDENTIFIED BY '*********';
     mysql> FLUSH PRIVILEGES;
 

doc/admin/installation/enterprise.rst

@@ -1,84 +0,0 @@
-.. highlight:: none
-
-Installing pretix Enterprise plugins
-====================================
-
-If you want to use a feature of pretix that is part of our commercial offering pretix Enterprise, you need to follow
-some extra steps. Installation works similar to normal pretix plugins, but involves a few extra steps.
-
-Buying the license
-------------------
-
-To obtain a license, please get in touch at sales@pretix.eu. Please let us know how many tickets you roughly intend
-to sell per year and how many servers you want to use the plugin on. We recommend having a look at our `price list`_
-first.
-
-
-Manual installation
--------------------
-
-First, generate an SSH key for the system user that you install pretix as. In our tutorial, that would be the user
-``pretix``. Choose an empty passphrase::
-
-    # su pretix
-    $ ssh-keygen
-    Generating public/private rsa key pair.
-    Enter file in which to save the key (/var/pretix/.ssh/id_rsa):
-    Enter passphrase (empty for no passphrase):
-    Enter same passphrase again:
-    Your identification has been saved in /var/pretix/.ssh/id_rsa.
-    Your public key has been saved in /var/pretix/.ssh/id_rsa.pub.
-
-Next, send the content of the *public* key to your sales representative at pretix::
-
-    $ cat /var/pretix/.ssh/id_rsa.pub
-    ssh-rsa AAAAB3N...744HZawHlD pretix@foo
-
-After we configured your key in our system, you can install the plugin directly using ``pip`` from the URL we told
-you, for example::
-
-    $ source /var/pretix/venv/bin/activate
-    (venv)$ pip3 install -U "git+ssh://git@code.rami.io:10022/pretix/pretix-slack.git@stable#egg=pretix-slack"
-    (venv)$ python -m pretix migrate
-    (venv)$ python -m pretix rebuild
-    # systemctl restart pretix-web pretix-worker
-
-Docker installation
--------------------
-
-To install a plugin, you need to build your own docker image. To do so, create a new directory to work in. As a first
-step, generate a new SSH key in that directory to use for authentication with us::
-
-    $ cd /home/me/mypretixdocker
-    $ ssh-keygen -N "" -f id_pretix_enterprise
-
-Next, send the content of the *public* key to your sales representative at pretix::
-
-    $ cat id_pretix_enterprise.pub
-    ssh-rsa AAAAB3N...744HZawHlD pretix@foo
-
-After we configured your key in our system, you can add a ``Dockerfile`` in your directory that includes the newly
-generated key and installs the plugin from the URL we told you::
-
-    FROM pretix/standalone:stable
-    USER root
-    COPY id_pretix_enterprise /root/.ssh/id_rsa
-    COPY id_pretix_enterprise.pub /root/.ssh/id_rsa.pub
-    RUN chmod -R 0600 /root/.ssh && \
-        mkdir -p /etc/ssh && \
-        ssh-keyscan -t rsa -p 10022 code.rami.io >> /root/.ssh/known_hosts && \
-        echo StrictHostKeyChecking=no >> /root/.ssh/config && \
-        pip3 install -Ue "git+ssh://git@code.rami.io:10022/pretix/pretix-slack.git@stable#egg=pretix-slack" && \
-        cd /pretix/src && \
-        sudo -u pretixuser make production
-    USER pretixuser
-
-Then, build the image for docker::
-
-    $ docker build -t mypretix
-
-You can now use that image ``mypretix`` instead of ``pretix/standalone:stable`` in your ``/etc/systemd/system/pretix.service``
-service file. Be sure to re-build your custom image after you pulled ``pretix/standalone`` if you want to perform an
-update to a new version of pretix.
-
-.. _price list: https://pretix.eu/about/en/pricing

doc/admin/installation/general.rst

@@ -21,9 +21,6 @@ To use pretix, you will need the following things:
 
   .. warning:: Do not ever use SQLite in production. It will break.
 
-  .. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
-               **MariaDB 10.2.7 or newer**.
-
 * A **reverse proxy**. pretix needs to deliver some static content to your users (e.g. CSS, images, ...). While pretix
   is capable of doing this, having this handled by a proper web server like **nginx** or **Apache** will be much
   faster. Also, you need a proxying web server in front to provide SSL encryption.

doc/admin/installation/index.rst

@@ -10,5 +10,3 @@ for your needs.
    general
    docker_smallscale
    manual_smallscale
-   dev_version
-   enterprise

doc/admin/installation/manual_smallscale.rst

@@ -23,7 +23,7 @@ installation guides):
 
 * A SMTP server to send out mails, e.g. `Postfix`_ on your machine or some third-party server you have credentials for
 * A HTTP reverse proxy, e.g. `nginx`_ or Apache to allow HTTPS connections
-* A `PostgreSQL`_, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
+* A `MySQL`_ or `PostgreSQL`_ database server
 * A `redis`_ server
 
 We also recommend that you use a firewall, although this is not a pretix-specific recommendation. If you're new to
@@ -33,9 +33,6 @@ Linux and firewalls, we recommend that you start with `ufw`_.
           SSL certificates can be obtained for free these days. We also *do not* provide support for HTTP-only
           installations except for evaluation purposes.
 
-.. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
-             **MariaDB 10.2.7 or newer**.
-
 Unix user
 ---------
 
@@ -53,7 +50,7 @@ Having the database server installed, we still need a database and a database us
 of database managing tool or directly on our database's shell, e.g. for MySQL::
 
     $ mysql -u root -p
-    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
+    mysql> CREATE DATABASE pretix DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
     mysql> GRANT ALL PRIVILEGES ON pretix.* TO pretix@'localhost' IDENTIFIED BY '*********';
     mysql> FLUSH PRIVILEGES;
 
@@ -64,7 +61,7 @@ To build and run pretix, you will need the following debian packages::
 
     # apt-get install git build-essential python-dev python-virtualenv python3 python3-pip \
                       python3-dev libxml2-dev libxslt1-dev libffi-dev zlib1g-dev libssl-dev \
-                      gettext libpq-dev libmysqlclient-dev libjpeg-dev libopenjp2-7-dev
+                      gettext libpq-dev libmysqlclient-dev libjpeg-dev
 
 Config file
 -----------
@@ -124,7 +121,8 @@ command if you're running PostgreSQL::
 
     (venv)$ pip3 install "pretix[mysql]" gunicorn
 
-Note that you need Python 3.5 or newer. You can find out your Python version using ``python -V``.
+If you are running Python 3.4, you also need to ``pip3 install typing``. This is not required on 3.5 or newer.
+You can find out your Python version using ``python -V``.
 
 We also need to create a data directory::
 

doc/api/auth.rst

@@ -1,9 +0,0 @@
-Authentication
-==============
-
-.. toctree::
-   :maxdepth: 2
-
-   tokenauth
-   oauth
-   deviceauth

doc/api/deviceauth.rst

@@ -1,137 +0,0 @@
-.. _`rest-deviceauth`:
-
-Device authentication
-=====================
-
-Initializing a new device
--------------------------
-
-Users can create new devices in the "Device" section of their organizer settings. When creating
-a new device, users can specify a list of events the device is allowed to access. After a new
-device is created, users will be presented initialization instructions, consisting of an URL
-and an initialization token. They will also be shown as a QR code with the following contents::
-
-   {"handshake_version": 1, "url": "https://pretix.eu", "token": "kpp4jn8g2ynzonp6"}
-
-Your application should be able to scan a QR code of this type, or allow to enter the URL and the
-initialization token manually. The handshake version is not used for manual initialization. When a
-QR code is scanned with a higher handshake version than you support, you should reject the request
-and prompt the user to update the client application.
-
-After your application received the token, you need to call the initialization endpoint to obtain
-a proper API token. At this point, you need to identify the name and version of your application,
-as well as the type of underlying hardware. Example:
-
-.. sourcecode:: http
-
-   POST /api/v1/device/initialize HTTP/1.1
-   Host: pretix.eu
-   Content-Type: application/json
-
-   {
-       "token": "kpp4jn8g2ynzonp6",
-       "hardware_brand": "Samsung",
-       "hardware_model": "Galaxy S",
-       "software_brand": "pretixdroid",
-       "software_version": "4.0.0"
-   }
-
-Every initialization token can only be used once. On success, you will receive a response containing
-information on your device as well as your API token:
-
-.. sourcecode:: http
-
-   HTTP/1.1 200 OK
-   Content-Type: application/json
-
-   {
-       "organizer": "foo",
-       "device_id": 5,
-       "unique_serial": "HHZ9LW9JWP390VFZ",
-       "api_token": "1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd",
-       "name": "Bar"
-   }
-
-Please make sure that you store this ``api_token`` value. We also recommend storing your device ID, your assigned
-``unique_serial``, and the ``organizer`` you have access to, but that's up to you.
-
-In case of an error, the response will look like this:
-
-.. sourcecode:: http
-
-   HTTP/1.1 400 Bad Request
-   Content-Type: application/json
-
-   {"token":["This initialization token has already been used."]}
-
-
-Performing API requests
------------------------
-
-You need to include the API token with every request to pretix' API in the ``Authorization`` header
-like the following:
-
-.. sourcecode:: http
-   :emphasize-lines: 3
-
-   GET /api/v1/organizers/ HTTP/1.1
-   Host: pretix.eu
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-Updating the software version
------------------------------
-
-If your application is updated, we ask you to tell the server about the new version in use. You can do this at the
-following endpoint:
-
-.. sourcecode:: http
-
-   POST /api/v1/device/update HTTP/1.1
-   Host: pretix.eu
-   Content-Type: application/json
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-   {
-       "hardware_brand": "Samsung",
-       "hardware_model": "Galaxy S",
-       "software_brand": "pretixdroid",
-       "software_version": "4.1.0"
-   }
-
-Creating a new API key
-----------------------
-
-If you think your API key might have leaked or just want to be extra cautious, the API allows you to create a new key.
-The old API key will be invalid immediately. A request for a new key looks like this:
-
-.. sourcecode:: http
-
-   POST /api/v1/device/roll HTTP/1.1
-   Host: pretix.eu
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-The response will look like the response to the initialization request.
-
-Removing a device
------------------
-
-If you want implement a way to to deprovision a device in your software, you can call the ``revoke`` endpoint to
-invalidate your API key. There is no way to reverse this operation.
-
-.. sourcecode:: http
-
-   POST /api/v1/device/revoke HTTP/1.1
-   Host: pretix.eu
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-This can also be done by the user through the web interface.
-
-Permissions
------------
-
-Device authentication is currently hardcoded to grant the following permissions:
-
-* View event meta data and products etc.
-* View and change orders
-
-Devices cannot change events or products and cannot access vouchers.

doc/api/fundamentals.rst

@@ -9,20 +9,44 @@ with pretix' REST API, such as authentication, pagination and similar definition
 Authentication
 --------------
 
-To access the API, you need to present valid authentication credentials. pretix currently
-supports the following authorization schemes:
+If you're building an application for end users, we strongly recommend that you use our
+:ref:`OAuth-based authentication progress <rest-oauth>`. However, for simpler needs, you
+can also go with static API tokens that you can create on a per-team basis (see below).
 
-* :ref:`rest-tokenauth`: This is the simplest way and recommended for server-side applications
-  that interact with pretix without user interaction.
-* :ref:`rest-oauth`: This is the recommended way to use if you write a third-party application
-  that users can connect with their pretix account. It provides the best user experience, but
-  requires user interaction and slightly more implementation effort.
-* :ref:`rest-deviceauth`: This is the recommended way if you build apps or hardware devices that can
-  connect to pretix, e.g. for processing check-ins or to sell tickets offline. It provides a way
-  to uniquely identify devices and allows for a quick configuration flow inside your software.
-* Authentication using browser sessions: This is used by the pretix web interface and it is *not*
-  officially supported for use by third-party applications. It might change or be removed at any
-  time without prior notice. If you use it, you need to comply with Django's `CSRF policies`_.
+You need to include the API token with every request to pretix' API in the ``Authorization`` header
+like the following:
+
+.. sourcecode:: http
+   :emphasize-lines: 3
+
+   GET /api/v1/organizers/ HTTP/1.1
+   Host: pretix.eu
+   Authorization: Token e1l6gq2ye72thbwkacj7jbri7a7tvxe614ojv8ybureain92ocub46t5gab5966k
+
+.. note:: The API currently also supports authentication via browser sessions, i.e. the
+          same way that you authenticate with pretix when using the browser interface.
+          Using this type of authentication is *not* officially supported for use by
+          third-party clients and might change or be removed at any time. We plan on
+          adding OAuth2 support in the future for user-level authentication. If you want
+          to use session authentication, be sure to comply with Django's `CSRF policies`_.
+
+Obtaining an API token
+----------------------
+
+To authenticate your API requests, you need to obtain an API token. You can create a
+token in the pretix web interface on the level of organizer teams. Create a new team
+or choose an existing team that has the level of permissions the token should have and
+create a new token using the form below the list of team members:
+
+.. image:: img/token_form.png
+    :class: screenshot
+
+You can enter a description for the token to distinguish from other tokens later on.
+Once you click "Add", you will be provided with an API token in the success message.
+Copy this token, as you won't be able to retrieve it again.
+
+.. image:: img/token_success.png
+    :class: screenshot
 
 Permissions
 -----------
@@ -148,7 +172,6 @@ Field specific input errors include the name of the offending fields as keys in
 
    {"amount": ["A valid integer is required."], "description": ["This field may not be blank."]}
 
-If you see errors of type ``429 Too Many Requests``, you should read our documentation on :ref:`rest-ratelimit`.
 
 Data types
 ----------
@@ -181,4 +204,4 @@ as the string values ``true`` and ``false``.
 If the ``ordering`` parameter is documented for a resource, you can use it to sort the result set by one of the allowed
 fields. Prepend a ``-`` to the field name to reverse the sort order.
 
-.. _CSRF policies: https://docs.djangoproject.com/en/1.11/ref/csrf/#ajax
+.. _CSRF policies: https://docs.djangoproject.com/en/1.11/ref/csrf/#ajax

doc/api/index.rst

@@ -14,7 +14,5 @@ in functionality over time.
    :maxdepth: 2
 
    fundamentals
-   auth
+   oauth
    resources/index
-   ratelimit
-   webhooks

doc/api/oauth.rst

@@ -1,7 +1,7 @@
 .. _`rest-oauth`:
 
-OAuth authentication / "Connect with pretix"
-============================================
+OAuth support / "Connect with pretix"
+=====================================
 
 In addition to static tokens, pretix supports `OAuth2`_-based authentication starting with
 pretix 1.16. This allows you to put a "Connect with pretix" button into your website or tool
@@ -166,42 +166,6 @@ endpoint to revoke it.
 If you want to revoke your client secret, you can generate a new one in the list of your managed applications in the
 pretix user interface.
 
-Fetching the user profile
--------------------------
-
-If you need the user's meta data, you can fetch it here:
-
-.. http:get:: /api/v1/me
-
-   Returns the profile of the authenticated user
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/me HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Authorization: Bearer i3ytqTSRWsKp16fqjekHXa4tdM4qNC
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        email: "admin@localhost",
-        fullname: "John Doe",
-        locale: "de",
-        timezone: "Europe/Berlin"
-      }
-
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-
 .. _OAuth2: https://en.wikipedia.org/wiki/OAuth
 .. _OAuth2 Simplified: https://aaronparecki.com/oauth-2-simplified/
-.. _HTTP Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication
+.. _HTTP Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication

doc/api/ratelimit.rst

@@ -1,31 +0,0 @@
-.. _`rest-ratelimit`:
-
-Rate limiting
-=============
-
-.. note:: This page only applies to the pretix Hosted service at pretix.eu. APIs of custom pretix installations do not
-          enforce any rate limiting by default.
-
-All authenticated requests to pretix' API are rate limited. If you exceed the limits, you will receive a response
-with HTTP status code ``429 Too Many Requests``. This response will have a ``Retry-After`` header, containing the number
-of seconds you are supposed to wait until you try again. We expect that all API clients respect this. If you continue
-to burst requests after a ``429`` status code, we might get in touch with you or, in extreme cases, disable your API
-access.
-
-Currently, the following rate limits apply:
-
-
-
-.. rst-class:: rest-resource-table
-
-===================================== =================================================================================
-Authentication method                 Rate limit
-===================================== =================================================================================
-:ref:`rest-deviceauth`                360 requests per minute per device
-:ref:`rest-tokenauth`                 360 requests per minute per organizer account
-:ref:`rest-oauth`                     360 requests per minute per combination of accessed organizer and OAuth application
-Session authentication                *Not an officially supported authentication method for external access*
-===================================== =================================================================================
-
-If you require a higher rate limit, please get in touch at support@pretix.eu and tell us about your use case, we are
-sure we can work something out.

doc/api/resources/carts.rst

@@ -25,7 +25,6 @@ item                                  integer                    ID of the item
 variation                             integer                    ID of the variation (or ``null``)
 price                                 money (string)             Price of this position
 attendee_name                         string                     Specified attendee name for this position (or ``null``)
-attendee_name_parts                   object of strings          Composition of attendee name (i.e. first name, last name, …)
 attendee_email                        string                     Specified attendee email address for this position (or ``null``)
 voucher                               integer                    Internal ID of the voucher used for this position (or ``null``)
 addon_to                              integer                    Internal ID of the position this position is an add-on for (or ``null``)
@@ -79,7 +78,6 @@ Cart position endpoints
             "variation": null,
             "price": "23.00",
             "attendee_name": null,
-            "attendee_name_parts": {},
             "attendee_email": null,
             "voucher": null,
             "addon_to": null,
@@ -124,7 +122,6 @@ Cart position endpoints
         "variation": null,
         "price": "23.00",
         "attendee_name": null,
-        "attendee_name_parts": {},
         "attendee_email": null,
         "voucher": null,
         "addon_to": null,
@@ -178,7 +175,7 @@ Cart position endpoints
    * ``item``
    * ``variation`` (optional)
    * ``price``
-   * ``attendee_name`` **or** ``attendee_name_parts`` (optional)
+   * ``attendee_name`` (optional)
    * ``attendee_email`` (optional)
    * ``subevent`` (optional)
    * ``expires`` (optional)
@@ -202,10 +199,7 @@ Cart position endpoints
         "item": 1,
         "variation": null,
         "price": "23.00",
-        "attendee_name_parts": {
-          "given_name": "Peter",
-          "family_name": "Miller"
-        },
+        "attendee_name": "Peter",
         "attendee_email": null,
         "answers": [
           {

doc/api/resources/checkinlists.rst

@@ -332,10 +332,6 @@ Order position endpoints
 
    The ``.../redeem/`` endpoint has been added.
 
-.. versionchanged:: 2.0
-
-   The order positions endpoint has been extended by the filter queries ``voucher`` and ``voucher__code``.
-
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/checkinlists/(list)/positions/
 
    Returns a list of all order positions within a given event. The result is the same as
@@ -371,9 +367,6 @@ Order position endpoints
             "variation": null,
             "price": "23.00",
             "attendee_name": "Peter",
-            "attendee_name_parts": {
-              "full_name": "Peter",
-            },
             "attendee_email": null,
             "voucher": null,
             "tax_rate": "0.00",
@@ -429,8 +422,6 @@ Order position endpoints
    :query integer addon_to: Only return positions that are add-ons to the position with the given ID.
    :query integer addon_to__in: Only return positions that are add-ons to one of the positions with the given
                                       comma-separated IDs.
-   :query string voucher: Only return positions with a specific voucher.
-   :query string voucher__code: Only return positions with a specific voucher code.
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch
    :param list: The ID of the check-in list to look for
@@ -445,8 +436,6 @@ Order position endpoints
    The result format is the same as the :ref:`order-position-resource`, with one important difference: the
    ``checkins`` value will only include check-ins for the selected list.
 
-   **Instead of an ID, you can also use the ``secret`` field as the lookup parameter.**
-
    **Example request**:
 
    .. sourcecode:: http
@@ -471,9 +460,6 @@ Order position endpoints
         "variation": null,
         "price": "23.00",
         "attendee_name": "Peter",
-        "attendee_name_parts": {
-          "full_name": "Peter",
-        },
         "attendee_email": null,
         "voucher": null,
         "tax_rate": "0.00",
@@ -518,8 +504,6 @@ Order position endpoints
    Tries to redeem an order position, identified by its internal ID, i.e. checks the attendee in. This endpoint
    accepts a number of optional requests in the body.
 
-   **Instead of an ID, you can also use the ``secret`` field as the lookup parameter.**
-
    :<json boolean questions_supported: When this parameter is set to ``true``, handling of questions is supported. If
                                        you do not implement question handling in your user interface, you **must**
                                        set this to ``false``. In that case, questions will just be ignored. Defaults
@@ -565,10 +549,7 @@ Order position endpoints
       Content-Type: application/json
 
       {
-        "status": "ok",
-        "position": {
-          …
-        }
+        "status": "ok"
       }
 
    **Example response with required questions**:
@@ -579,10 +560,7 @@ Order position endpoints
       Content-Type: text/json
 
       {
-        "status": "incomplete",
-        "position": {
-          …
-        },
+        "status": "incomplete"
         "questions": [
           {
             "id": 1,
@@ -627,9 +605,6 @@ Order position endpoints
       {
         "status": "error",
         "reason": "unpaid",
-        "position": {
-          …
-        }
       }
 
    Possible error reasons:

doc/api/resources/events.rst

@@ -15,7 +15,6 @@ name                                  multi-lingual string       The event's ful
 slug                                  string                     A short form of the name, used e.g. in URLs.
 live                                  boolean                    If ``true``, the event ticket shop is publicly
                                                                  available.
-testmode                              boolean                    If ``true``, the ticket shop is in test mode.
 currency                              string                     The currency this event is handled in.
 date_from                             datetime                   The event's start date
 date_to                               datetime                   The event's end date (or ``null``)
@@ -42,14 +41,6 @@ plugins                               list                       A list of packa
    The ``plugins`` field has been added.
    The operations POST, PATCH, PUT and DELETE have been added.
 
-.. versionchanged:: 2.1
-
-   Filters have been added to the list of events.
-
-.. versionchanged:: 2.5
-
-   The ``testmode`` attribute has been added.
-
 Endpoints
 ---------
 
@@ -84,7 +75,6 @@ Endpoints
             "name": {"en": "Sample Conference"},
             "slug": "sampleconf",
             "live": false,
-            "testmode": false,
             "currency": "EUR",
             "date_from": "2017-12-27T10:00:00Z",
             "date_to": null,
@@ -106,12 +96,6 @@ Endpoints
       }
 
    :query page: The page number in case of a multi-page result set, default is 1
-   :query is_public: If set to ``true``/``false``, only events with a matching value of ``is_public`` are returned.
-   :query live: If set to ``true``/``false``, only events with a matching value of ``live`` are returned.
-   :query has_subevents: If set to ``true``/``false``, only events with a matching value of ``has_subevents`` are returned.
-   :query is_future: If set to ``true`` (``false``), only events that happen currently or in the future are (not) returned. Event series are never (always) returned.
-   :query is_past: If set to ``true`` (``false``), only events that are over are (not) returned. Event series are never (always) returned.
-   :query ends_after: If set to a date and time, only events that happen during of after the given time are returned. Event series are never returned.
    :param organizer: The ``slug`` field of a valid organizer
    :statuscode 200: no error
    :statuscode 401: Authentication failure
@@ -143,7 +127,6 @@ Endpoints
         "name": {"en": "Sample Conference"},
         "slug": "sampleconf",
         "live": false,
-        "testmode": false,
         "currency": "EUR",
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,
@@ -190,7 +173,6 @@ Endpoints
         "name": {"en": "Sample Conference"},
         "slug": "sampleconf",
         "live": false,
-        "testmode": false,
         "currency": "EUR",
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,
@@ -219,7 +201,6 @@ Endpoints
         "name": {"en": "Sample Conference"},
         "slug": "sampleconf",
         "live": false,
-        "testmode": false,
         "currency": "EUR",
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,
@@ -268,7 +249,6 @@ Endpoints
         "name": {"en": "Sample Conference"},
         "slug": "sampleconf",
         "live": false,
-        "testmode": false,
         "currency": "EUR",
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,
@@ -297,7 +277,6 @@ Endpoints
         "name": {"en": "Sample Conference"},
         "slug": "sampleconf",
         "live": false,
-        "testmode": false,
         "currency": "EUR",
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,
@@ -358,7 +337,6 @@ Endpoints
         "name": {"en": "Sample Conference"},
         "slug": "sampleconf",
         "live": false,
-        "testmode": false,
         "currency": "EUR",
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,

doc/api/resources/index.rst

@@ -21,4 +21,3 @@ Resources and endpoints
    checkinlists
    waitinglist
    carts
-   webhooks

doc/api/resources/items.rst

@@ -37,8 +37,6 @@ admission                             boolean                    ``True`` for it
 position                              integer                    An integer, used for sorting
 picture                               string                     A product picture to be displayed in the shop
                                                                  (read-only).
-sales_channels                        list of strings            Sales channels this product is available on, such as
-                                                                 ``"web"`` or ``"resellers"``. Defaults to ``["web"]``.
 available_from                        datetime                   The first date time at which this item can be bought
                                                                  (or ``null``).
 available_until                       datetime                   The last date time at which this item can be bought
@@ -61,15 +59,6 @@ checkin_attention                     boolean                    If ``True``, th
                                                                  a product is being scanned.
 original_price                        money (string)             An original price, shown for comparison, not used
                                                                  for price calculations.
-require_approval                      boolean                    If ``True``, orders with this product will need to be
-                                                                 approved by the event organizer before they can be
-                                                                 paid.
-generate_tickets                      boolean                    If ``False``, tickets are never generated for this
-                                                                 product, regardless of other settings. If ``True``,
-                                                                 tickets are generated even if this is a
-                                                                 non-admission or add-on product, regardless of event
-                                                                 settings. If this is ``null``, regular ticketing
-                                                                 rules apply.
 has_variations                        boolean                    Shows whether or not this item has variations.
 variations                            list of objects            A list with one object for each variation of this item.
                                                                  Can be empty. Only writable during creation,
@@ -107,19 +96,7 @@ addons                                list of objects            Definition of a
 
 .. versionchanged:: 1.16
 
-   The ``internal_name`` and ``original_price`` fields have been added.
-
-.. versionchanged:: 2.0
-
-   The field ``require_approval`` has been added.
-
-.. versionchanged:: 2.3
-
-   The ``sales_channels`` attribute has been added.
-
-.. versionchanged:: 2.4
-
-   The ``generate_tickets`` attribute has been added.
+   The field ``internal_name`` and ``original_price`` fields have been added.
 
 Notes
 -----
@@ -163,7 +140,6 @@ Endpoints
             "id": 1,
             "name": {"en": "Standard ticket"},
             "internal_name": "",
-            "sales_channels": ["web"],
             "default_price": "23.00",
             "original_price": null,
             "category": null,
@@ -184,8 +160,6 @@ Endpoints
             "max_per_order": null,
             "checkin_attention": false,
             "has_variations": false,
-            "generate_tickets": null,
-            "require_approval": false,
             "variations": [
               {
                  "value": {"en": "Student"},
@@ -250,7 +224,6 @@ Endpoints
         "id": 1,
         "name": {"en": "Standard ticket"},
         "internal_name": "",
-        "sales_channels": ["web"],
         "default_price": "23.00",
         "original_price": null,
         "category": null,
@@ -267,12 +240,10 @@ Endpoints
         "require_voucher": false,
         "hide_without_voucher": false,
         "allow_cancel": true,
-        "generate_tickets": null,
         "min_per_order": null,
         "max_per_order": null,
         "checkin_attention": false,
         "has_variations": false,
-        "require_approval": false,
         "variations": [
           {
              "value": {"en": "Student"},
@@ -318,7 +289,6 @@ Endpoints
         "id": 1,
         "name": {"en": "Standard ticket"},
         "internal_name": "",
-        "sales_channels": ["web"],
         "default_price": "23.00",
         "original_price": null,
         "category": null,
@@ -335,11 +305,9 @@ Endpoints
         "require_voucher": false,
         "hide_without_voucher": false,
         "allow_cancel": true,
-        "generate_tickets": null,
         "min_per_order": null,
         "max_per_order": null,
         "checkin_attention": false,
-        "require_approval": false,
         "variations": [
           {
              "value": {"en": "Student"},
@@ -373,7 +341,6 @@ Endpoints
         "id": 1,
         "name": {"en": "Standard ticket"},
         "internal_name": "",
-        "sales_channels": ["web"],
         "default_price": "23.00",
         "original_price": null,
         "category": null,
@@ -392,10 +359,8 @@ Endpoints
         "allow_cancel": true,
         "min_per_order": null,
         "max_per_order": null,
-        "generate_tickets": null,
         "checkin_attention": false,
         "has_variations": true,
-        "require_approval": false,
         "variations": [
           {
              "value": {"en": "Student"},
@@ -460,7 +425,6 @@ Endpoints
         "id": 1,
         "name": {"en": "Ticket"},
         "internal_name": "",
-        "sales_channels": ["web"],
         "default_price": "25.00",
         "original_price": null,
         "category": null,
@@ -476,13 +440,11 @@ Endpoints
         "available_until": null,
         "require_voucher": false,
         "hide_without_voucher": false,
-        "generate_tickets": null,
         "allow_cancel": true,
         "min_per_order": null,
         "max_per_order": null,
         "checkin_attention": false,
         "has_variations": true,
-        "require_approval": false,
         "variations": [
           {
              "value": {"en": "Student"},

doc/api/resources/question_options.rst

@@ -128,7 +128,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/questions/1/options/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "identifier": "LVETRWVU",

doc/api/resources/subevents.rst

@@ -17,7 +17,6 @@ Field                                 Type                       Description
 ===================================== ========================== =======================================================
 id                                    integer                    Internal ID of the sub-event
 name                                  multi-lingual string       The sub-event's full name
-event                                 string                     The slug of the parent event
 active                                boolean                    If ``true``, the sub-event ticket shop is publicly
                                                                  available.
 date_from                             datetime                   The sub-event's start date
@@ -41,10 +40,6 @@ meta_data                             dict                       Values set for
 
    The ``meta_data`` field has been added.
 
-.. versionchanged:: 2.1
-
-   The ``event`` field has been added, together with filters on the list of dates and an organizer-level list.
-
 
 Endpoints
 ---------
@@ -77,7 +72,6 @@ Endpoints
           {
             "id": 1,
             "name": {"en": "First Sample Conference"},
-            "event": "sampleconf",
             "active": false,
             "date_from": "2017-12-27T10:00:00Z",
             "date_to": null,
@@ -98,10 +92,6 @@ Endpoints
       }
 
    :query page: The page number in case of a multi-page result set, default is 1
-   :query active: If set to ``true``/``false``, only events with a matching value of ``active`` are returned.
-   :query is_future: If set to ``true`` (``false``), only events that happen currently or in the future are (not) returned.
-   :query is_past: If set to ``true`` (``false``), only events that are over are (not) returned.
-   :query ends_after: If set to a date and time, only events that happen during of after the given time are returned.
    :param organizer: The ``slug`` field of a valid organizer
    :param event: The ``slug`` field of the event to fetch
    :statuscode 200: no error
@@ -131,7 +121,6 @@ Endpoints
       {
         "id": 1,
         "name": {"en": "First Sample Conference"},
-        "event": "sampleconf",
         "active": false,
         "date_from": "2017-12-27T10:00:00Z",
         "date_to": null,
@@ -155,63 +144,3 @@ Endpoints
    :statuscode 200: no error
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view it.
-
-.. http:get:: /api/v1/organizers/(organizer)/subevents/
-
-   Returns a list of all sub-events of any event series you have access to within an organizer account.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/subevents/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "name": {"en": "First Sample Conference"},
-            "event": "sampleconf",
-            "active": false,
-            "date_from": "2017-12-27T10:00:00Z",
-            "date_to": null,
-            "date_admission": null,
-            "presale_start": null,
-            "presale_end": null,
-            "location": null,
-            "item_price_overrides": [
-              {
-                "item": 2,
-                "price": "12.00"
-              }
-            ],
-            "variation_price_overrides": [],
-            "meta_data": {}
-          }
-        ]
-      }
-
-   :query page: The page number in case of a multi-page result set, default is 1
-   :query active: If set to ``true``/``false``, only events with a matching value of ``active`` are returned.
-   :query event__live: If set to ``true``/``false``, only events with a matching value of ``live`` on the parent event are returned.
-   :query is_future: If set to ``true`` (``false``), only events that happen currently or in the future are (not) returned.
-   :query is_past: If set to ``true`` (``false``), only events that are over are (not) returned.
-   :query ends_after: If set to a date and time, only events that happen during of after the given time are returned.
-   :param organizer: The ``slug`` field of a valid organizer
-   :param event: The ``slug`` field of the event to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view it.

doc/api/resources/vouchers.rst

@@ -231,76 +231,6 @@ Endpoints
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create this resource.
    :statuscode 409: The server was unable to acquire a lock and could not process your request. You can try again after a short waiting period.
 
-.. http:post:: /api/v1/organizers/(organizer)/events/(event)/vouchers/batch_create/
-
-   Creates multiple new vouchers atomically.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/events/sampleconf/vouchers/batch_create/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 408
-
-      [
-        {
-          "code": "43K6LKM37FBVR2YG",
-          "max_usages": 1,
-          "valid_until": null,
-          "block_quota": false,
-          "allow_ignore_quota": false,
-          "price_mode": "set",
-          "value": "12.00",
-          "item": 1,
-          "variation": null,
-          "quota": null,
-          "tag": "testvoucher",
-          "comment": "",
-          "subevent": null
-        },
-        {
-          "code": "ASDKLJCYXCASDASD",
-          "max_usages": 1,
-          "valid_until": null,
-          "block_quota": false,
-          "allow_ignore_quota": false,
-          "price_mode": "set",
-          "value": "12.00",
-          "item": 1,
-          "variation": null,
-          "quota": null,
-          "tag": "testvoucher",
-          "comment": "",
-          "subevent": null
-        },
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      [
-        {
-          "id": 1,
-          "code": "43K6LKM37FBVR2YG",
-          …
-        }, …
-      }
-
-   :param organizer: The ``slug`` field of the organizer to create a vouchers for
-   :param event: The ``slug`` field of the event to create a vouchers for
-   :statuscode 201: no error
-   :statuscode 400: The vouchers could not be created due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create this resource.
-   :statuscode 409: The server was unable to acquire a lock and could not process your request. You can try again after a short waiting period.
-
 .. http:patch:: /api/v1/organizers/(organizer)/events/(event)/vouchers/(id)/
 
    Update a voucher. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of

doc/api/resources/webhooks.rst

@@ -1,242 +0,0 @@
-.. _`rest-webhooks`:
-
-Webhooks
-========
-
-.. note:: This page is about how to modify webhook settings themselves through the REST API. If you just want to know
-          how webhooks work, go here: :ref:`webhooks`
-
-Resource description
---------------------
-
-The webhook resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the webhook
-enabled                               boolean                    If ``False``, this webhook will not receive any notifications
-target_url                            string                     The URL to call
-all_events                            boolean                    If ``True``, this webhook will receive notifications
-                                                                 on all events of this organizer
-limit_events                          list of strings            If ``all_events`` is ``False``, this is a list of
-                                                                 event slugs this webhook is active for
-action_types                          list of strings            A list of action type filters that limit the
-                                                                 notifications sent to this webhook. See below for
-                                                                 valid values
-===================================== ========================== =======================================================
-
-The following values for ``action_types`` are valid with pretix core:
-
-    * ``pretix.event.order.placed``
-    * ``pretix.event.order.paid``
-    * ``pretix.event.order.canceled``
-    * ``pretix.event.order.expired``
-    * ``pretix.event.order.modified``
-    * ``pretix.event.order.contact.changed``
-    * ``pretix.event.order.changed.*``
-    * ``pretix.event.order.refund.created.externally``
-    * ``pretix.event.order.approved``
-    * ``pretix.event.order.denied``
-    * ``pretix.event.checkin``
-    * ``pretix.event.checkin.reverted``
-
-Installed plugins might register more valid values.
-
-
-Endpoints
----------
-
-.. http:get:: /api/v1/organizers/(organizer)/webhooks/
-
-   Returns a list of all webhooks within a given organizer.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/webhooks/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 2,
-            "enabled": true,
-            "target_url": "https://httpstat.us/200",
-            "all_events": false,
-            "limit_events": ["democon"],
-            "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:get:: /api/v1/organizers/(organizer)/webhooks/(id)/
-
-   Returns information on one webhook, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/webhooks/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 2,
-        "enabled": true,
-        "target_url": "https://httpstat.us/200",
-        "all_events": false,
-        "limit_events": ["democon"],
-        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param id: The ``id`` field of the webhook to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/webhooks/
-
-   Creates a new webhook
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/webhooks/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content: application/json
-
-      {
-        "enabled": true,
-        "target_url": "https://httpstat.us/200",
-        "all_events": false,
-        "limit_events": ["democon"],
-        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 3,
-        "enabled": true,
-        "target_url": "https://httpstat.us/200",
-        "all_events": false,
-        "limit_events": ["democon"],
-        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to create a webhook for
-   :statuscode 201: no error
-   :statuscode 400: The webhook could not be created due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/webhooks/(id)/
-
-   Update a webhook. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of
-   the resource, other fields will be reset to default. With ``PATCH``, you only need to provide the fields that you
-   want to change.
-
-   You can change all fields of the resource except the ``id`` field.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/webhooks/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "enabled": false
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "enabled": false,
-        "target_url": "https://httpstat.us/200",
-        "all_events": false,
-        "limit_events": ["democon"],
-        "action_types": ["pretix.event.order.modified", "pretix.event.order.changed.*"]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the webhook to modify
-   :statuscode 200: no error
-   :statuscode 400: The webhook could not be modified due to invalid submitted data
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
-
-.. http:delete:: /api/v1/organizers/(organizer)/webhook/(id)/
-
-   Delete a webhook. Currently, this will not delete but just disable the webhook.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      DELETE /api/v1/organizers/bigevents/webhooks/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 204 No Content
-      Vary: Accept
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the webhook to delete
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to delete this resource.

doc/api/tokenauth.rst

@@ -1,36 +0,0 @@
-.. _`rest-tokenauth`:
-
-Token-based authentication
-==========================
-
-Obtaining an API token
-----------------------
-
-To authenticate your API requests with Tokens, you need to obtain a team-level API token.
-You can create a token in the pretix web interface on the level of organizer teams. Create
-a new team or choose an existing team that has the level of permissions the token should
-have and create a new token using the form below the list of team members:
-
-.. image:: img/token_form.png
-   :class: screenshot
-
-You can enter a description for the token to distinguish from other tokens later on.
-Once you click "Add", you will be provided with an API token in the success message.
-Copy this token, as you won't be able to retrieve it again.
-
-.. image:: img/token_success.png
-   :class: screenshot
-
-Using an API token
-------------------
-
-You need to include the API token with every request to pretix' API in the ``Authorization`` header
-like the following:
-
-.. sourcecode:: http
-   :emphasize-lines: 3
-
-   GET /api/v1/organizers/ HTTP/1.1
-   Host: pretix.eu
-   Authorization: Token e1l6gq2ye72thbwkacj7jbri7a7tvxe614ojv8ybureain92ocub46t5gab5966k
-

doc/api/webhooks.rst

@@ -1,108 +0,0 @@
-.. _`webhooks`:
-
-Webhooks
-========
-
-pretix can send webhook calls to notify your application of any changes that happen inside pretix. This is especially
-useful for everything triggered by an actual user, such as a new ticket sale or the arrival of a payment.
-
-You can register any number of webhook URLs that pretix will notify any time one of the supported events occurs inside
-your organizer account. A great example use case of webhooks would be to add the buyer to your mailing list every time
-a new order comes in.
-
-Configuring webhooks
---------------------
-
-You can find the list of your active webhooks in the "Webhook" section of your organizer account:
-
-.. thumbnail:: ../screens/organizer/webhook_list.png
-   :align: center
-   :class: screenshot
-
-Click "Create webhook" if you want to add a new URL. You will then be able to enter the URL pretix shall call for
-notifications. You need to select any number of notification types that you want to receive and you can optionally
-filter the events you want to receive notifications for.
-
-.. thumbnail:: ../screens/organizer/webhook_edit.png
-   :align: center
-   :class: screenshot
-
-You can also configure webhooks :ref:`through the API itself <rest-webhooks>`.
-
-Receiving webhooks
-------------------
-
-Creating a webhook endpoint on your server is no different from creating any other page on your website. If your
-website is written in PHP, you might just create a new ``.php`` file on your server; if you use a web framework like
-Symfony or Django, you would just create a new route with the desired URL.
-
-We will call your URL with a HTTP ``POST`` request with a ``JSON`` body. In PHP, you can parse this like this::
-
-    $input = @file_get_contents('php://input');
-    $event_json = json_decode($input);
-    // Do something with $event_json
-
-In Django, you would create a view like this::
-
-    def my_webhook_view(request):
-      event_json = json.loads(request.body)
-      # Do something with event_json
-      return HttpResponse(status=200)
-
-More samples for the language of your choice are easy to find online.
-
-The exact body of the request varies by notification type, but for the main types included with pretix core, such as
-those related to changes of an order, it will look like this::
-
-    {
-      "notification_id": 123455,
-      "organizer": "acmecorp",
-      "event": "democon",
-      "code": "ABC23",
-      "action": "pretix.event.order.placed"
-    }
-
-Notifications regarding a check-in will contain more details like ``orderposition_id``
-and ``checkin_list``.
-
-.. warning:: You should not trust data supplied to your webhook, but only use it as a trigger to fetch updated data.
-             Anyone could send data there if they guess the correct URL and you won't be able to tell. Therefore, we
-             only include the minimum amount of data necessary for you to fetch the changed objects from our
-             :ref:`rest-api` in an authenticated way.
-
-If you want to further prevent others from accessing your webhook URL, you can also use `Basic authentication`_ and
-supply the URL to us in the format of ``https://username:password@domain.com/path/``.
-We recommend that you use HTTPS for your webhook URL and might require it in the future. If HTTPS is used, we require
-that a valid certificate is in use.
-
-.. note:: If you use a web framework that makes use of automatic CSRF protection, this protection might prevent us
-          from calling your webhook URL. In this case, we recommend that you turn of CSRF protection selectively
-          for that route. In Django, you can do this by putting the ``@csrf_exempt`` decorator on your view. In
-          Rails, you can pass an ``except`` parameter to ``protect_from_forgery``.
-
-
-Responding to a webhook
------------------------
-
-If you successfully received a webhook call, your endpoint should return a HTTP status code between ``200`` and ``299``.
-If any other status code is returned, we will assume you did not receive the call. This does mean that any redirection
-or ``304 Not Modified`` response will be treated as a failure. pretix will not follow any ``301`` or ``302`` redirect
-headers and pretix will ignore all other information in your response headers or body.
-
-If we do not receive a status code in the range of ``200`` and ``299``, pretix will retry to deliver for up to three
-days with an exponential back off. Therefore, we recommend that you implement your endpoint in a way where calling it
-multiple times for the same event due to a perceived error does not do any harm.
-
-There is only one exception: If status code ``410 Gone`` is returned, we will assume the
-endpoint does not exist any more and automatically disable the webhook.
-
-.. note:: If you use a self-hosted version of pretix (i.e. not our SaaS offering at pretix.eu) and you did not
-          configure a background task queue, failed webhooks will not be retried.
-
-Debugging webhooks
-------------------
-
-If you want to debug your webhooks, you can view a log of all sent notifications and the responses of your server for
-30 days right next to your configuration.
-
-.. _Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication

doc/development/api/customview.rst

@@ -64,7 +64,7 @@ Similarly, there is ``organizer_permission_required`` and ``OrganizerPermissionR
 event-related views, there is also a signal that allows you to add the view to the event navigation like this::
 
 
-    from django.urls import resolve, reverse
+    from django.core.urlresolvers import resolve, reverse
     from django.dispatch import receiver
     from django.utils.translation import ugettext_lazy as _
     from pretix.control.signals import nav_event

doc/development/api/email.rst

@@ -1,109 +0,0 @@
-.. highlight:: python
-   :linenothreshold: 5
-
-Writing an HTML e-mail renderer plugin
-======================================
-
-An email renderer class controls how the HTML part of e-mails sent by pretix is built.
-The creation of such a plugin is very similar to creating an export output.
-
-Please read :ref:`Creating a plugin <pluginsetup>` first, if you haven't already.
-
-Output registration
--------------------
-
-The email HTML renderer API does not make a lot of usage from signals, however, it
-does use a signal to get a list of all available email renderers. Your plugin
-should listen for this signal and return the subclass of ``pretix.base.email.BaseHTMLMailRenderer``
-that we'll provide in this plugin::
-
-    from django.dispatch import receiver
-
-    from pretix.base.signals import register_html_mail_renderers
-
-
-    @receiver(register_html_mail_renderers, dispatch_uid="renderer_custom")
-    def register_mail_renderers(sender, **kwargs):
-        from .email import MyMailRenderer
-        return MyMailRenderer
-
-
-The renderer class
-------------------
-
-.. class:: pretix.base.email.BaseHTMLMailRenderer
-
-   The central object of each email renderer is the subclass of ``BaseHTMLMailRenderer``.
-
-   .. py:attribute:: BaseHTMLMailRenderer.event
-
-      The default constructor sets this property to the event we are currently
-      working for.
-
-   .. autoattribute:: identifier
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: verbose_name
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: thumbnail_filename
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: is_available
-
-   .. automethod:: render
-
-      This is an abstract method, you **must** implement this!
-
-Helper class for template-base renderers
-----------------------------------------
-
-The email renderer that ships with pretix is based on Django templates to generate HTML.
-In case you also want to render emails based on a template, we provided a ready-made base
-class ``TemplateBasedMailRenderer`` that you can re-use to perform the following steps:
-
-* Convert the body text and the signature to HTML using our markdown renderer
-
-* Render the template
-
-* Call `inlinestyler`_ to convert all ``<style>`` style sheets to inline ``style=""``
-  attributes for better compatibility
-
-To use it, you just need to implement some variables::
-
-    class ClassicMailRenderer(TemplateBasedMailRenderer):
-        verbose_name = _('pretix default')
-        identifier = 'classic'
-        thumbnail_filename = 'pretixbase/email/thumb.png'
-        template_name = 'pretixbase/email/plainwrapper.html'
-
-The template is passed the following context variables:
-
-``site``
-   Name of the pretix installation (``settings.PRETIX_INSTANCE_NAME``)
-
-``site_url``
-   Root URL of the pretix installation (``settings.SITE_URL``)
-
-``body``
-   The body as markdown (render with ``{{ body|safe }}``)
-
-``subject``
-   The email subject
-
-``color``
-   The primary color of the event
-
-``event``
-   The ``Event`` object
-
-``signature`` (optional, only if configured)
-   The body as markdown (render with ``{{ signature|safe }}``)
-
-``order`` (optional, only if applicable)
-   The ``Order`` object
-
-.. _inlinestyler: https://pypi.org/project/inlinestyler/

doc/development/api/general.rst

@@ -12,7 +12,7 @@ Core
 
 .. automodule:: pretix.base.signals
    :members: periodic_task, event_live_issues, event_copy_data, email_filter, register_notification_types,
-      item_copy_data, register_sales_channels
+      item_copy_data
 
 Order events
 """"""""""""
@@ -26,7 +26,7 @@ Frontend
 --------
 
 .. automodule:: pretix.presale.signals
-   :members: html_head, html_footer, footer_link, front_page_top, front_page_bottom, fee_calculation_for_cart, contact_form_fields, question_form_fields, checkout_confirm_messages, checkout_confirm_page_content, checkout_all_optional
+   :members: html_head, html_footer, footer_links, front_page_top, front_page_bottom, fee_calculation_for_cart, contact_form_fields, question_form_fields, checkout_confirm_messages, checkout_confirm_page_content
 
 
 .. automodule:: pretix.presale.signals
@@ -48,8 +48,7 @@ Backend
 -------
 
 .. automodule:: pretix.control.signals
-   :members: nav_event, html_head, html_page_start, quota_detail_html, nav_topbar, nav_global, nav_organizer, nav_event_settings,
-             order_info, event_settings_widget, oauth_application_registered, order_position_buttons
+   :members: nav_event, html_head, quota_detail_html, nav_topbar, nav_global, nav_organizer, nav_event_settings, order_info, event_settings_widget, oauth_application_registered
 
 
 .. automodule:: pretix.base.signals

doc/development/api/index.rst

@@ -10,8 +10,6 @@ Contents:
    exporter
    ticketoutput
    payment
-   payment_2.0
-   email
    invoice
    shredder
    customview

doc/development/api/invoice.rst

@@ -23,7 +23,7 @@ that we'll provide in this plugin::
 
 
     @receiver(register_invoice_renderers, dispatch_uid="output_custom")
-    def register_invoice_renderers(sender, **kwargs):
+    def register_infoice_renderers(sender, **kwargs):
         from .invoice import MyInvoiceRenderer
         return MyInvoiceRenderer
 

doc/development/api/payment.rst

@@ -9,10 +9,6 @@ is very similar to creating an export output.
 
 Please read :ref:`Creating a plugin <pluginsetup>` first, if you haven't already.
 
-.. warning:: We changed our payment provider API a lot in pretix 2.x. Our documentation page on :ref:`payment2.0`
-             might be insightful even if you do not have a payment provider to port, as it outlines the rationale
-             behind the current design.
-
 Provider registration
 ---------------------
 
@@ -35,7 +31,7 @@ that the plugin will provide::
 The provider class
 ------------------
 
-.. py:class:: pretix.base.payment.BasePaymentProvider
+.. class:: pretix.base.payment.BasePaymentProvider
 
    The central object of each payment provider is the subclass of ``BasePaymentProvider``.
 
@@ -58,64 +54,58 @@ The provider class
 
       This is an abstract attribute, you **must** override this!
 
-   .. autoattribute:: public_name
-
    .. autoattribute:: is_enabled
 
+   .. automethod:: calculate_fee
+
    .. autoattribute:: settings_form_fields
 
-   .. automethod:: settings_form_clean
-
    .. automethod:: settings_content_render
 
-   .. automethod:: is_allowed
+   .. automethod:: render_invoice_text
 
    .. automethod:: payment_form_render
 
    .. automethod:: payment_form
 
+   .. automethod:: is_allowed
+
    .. autoattribute:: payment_form_fields
 
-   .. automethod:: payment_is_valid_session
-
    .. automethod:: checkout_prepare
 
+   .. automethod:: payment_is_valid_session
+
    .. automethod:: checkout_confirm_render
 
       This is an abstract method, you **must** override this!
 
-   .. automethod:: execute_payment
-
-   .. automethod:: calculate_fee
+   .. automethod:: payment_perform
 
    .. automethod:: order_pending_mail_render
 
-   .. automethod:: payment_pending_render
+   .. automethod:: order_pending_render
 
-   .. autoattribute:: abort_pending_allowed
-
-   .. automethod:: render_invoice_text
+      This is an abstract method, you **must** override this!
 
    .. automethod:: order_change_allowed
 
-   .. automethod:: payment_prepare
+   .. automethod:: order_can_retry
 
-   .. automethod:: payment_control_render
+   .. automethod:: order_prepare
 
-   .. automethod:: payment_refund_supported
+   .. automethod:: order_paid_render
 
-   .. automethod:: payment_partial_refund_supported
+   .. automethod:: order_control_render
 
-   .. automethod:: execute_refund
+   .. automethod:: order_control_refund_render
+
+   .. automethod:: order_control_refund_perform
+
+   .. automethod:: is_implicit
 
    .. automethod:: shred_payment_info
 
-   .. autoattribute:: is_implicit
-
-   .. autoattribute:: is_meta
-
-   .. autoattribute:: test_mode_message
-
 
 Additional views
 ----------------

doc/development/api/payment_2.0.rst

@@ -1,129 +0,0 @@
-.. highlight:: python
-   :linenothreshold: 5
-
-.. _`payment2.0`:
-
-Porting a payment provider from pretix 1.x to pretix 2.x
-========================================================
-
-In pretix 2.x, we changed large parts of the payment provider API. This documentation details the changes we made
-and shows you how you can make an existing pretix 1.x payment provider compatible with pretix 2.x
-
-Conceptual overview
--------------------
-
-In pretix 1.x, an order was always directly connected to a payment provider for the full life of an order. As long as
-an order was unpaid, this could still be changed in some cases, but once an order was paid, no changes to the payment
-provider were possible any more. Additionally, the internal state of orders allowed orders only to be fully paid or
-not paid at all. This leads to a couple of consequences:
-
-* Payment-related functions (like "execute payment" or "do a refund") always operated on full orders.
-
-* Changing the total of an order was basically impossible once an order was paid, since there was no concept of
-  partial payments or partial refunds.
-
-* Payment provider plugins needed to take complicated steps to detect cases that require human intervention, like e.g.
-
-  * An order has expired, no quota is left to revive it, but a payment has been received
-
-  * A payment has been received for a canceled order
-
-  * A payment has been received for an order that has already been paid with a different payment method
-
-  * An external payment service notified us of a refund/dispute
-
-  We noticed that we copied and repeated large portions of code in all our official payment provider plugins, just
-  to deal with some of these cases.
-
-* Sometimes, there is the need to mark an order as refunded within pretix, without automatically triggering a refund
-  with an external API. Every payment method needed to implement a user interface for this independently.
-
-* If a refund was not possible automatically, there was no way user to track which payments actually have been refunded
-  manually and which are still left to do.
-
-* When the payment with one payment provider failed and the user changed to a different payment provider, all
-  information about the first payment was lost from the order object and could only be retrieved from order log data,
-  which also made it hard to design a data shredder API to get rid of this data.
-
-In pretix 2.x, we introduced two new models, :py:class:`OrderPayment <pretix.base.models.OrderPayment>` and
-:py:class:`OrderRefund <pretix.base.models.OrderRefund>`. Each instance of these is connected to an order and
-represents one single attempt to pay or refund a specific amount of money. Each one of these has an individual state,
-can individually fail or succeed, and carries an amount variable that can differ from the order total.
-
-This has the following advantages:
-
-* The system can now detect orders that are over- or underpaid, independent of the payment providers in use.
-
-* Therefore, we can now allow partial payments, partial refunds, and changing paid orders, and automatically detect
-  the cases listed above and notify the user.
-
-Payment providers now interact with those payment and refund objects more than with orders.
-
-Your to-do list
----------------
-
-Payment processing
-""""""""""""""""""
-
-* The method ``BasePaymentProvider.order_pending_render`` has been removed and replaced by a new
-  ``BasePaymentProvider.payment_pending_render(request, payment)`` method that is passed an ``OrderPayment``
-  object instead of an ``Order``.
-
-* The method ``BasePaymentProvider.payment_form_render`` now receives a new ``total`` parameter.
-
-* The method ``BasePaymentProvider.payment_perform`` has been removed and replaced by a new method
-  ``BasePaymentProvider.execute_payment(request, payment)`` that is passed an ``OrderPayment``
-  object instead of an ``Order``.
-
-* The function ``pretix.base.services.mark_order_paid`` has been removed, instead call ``payment.confirm()``
-  on a pending ``OrderPayment`` object. If no further payments are required for this order, this will also
-  mark the order as paid automatically. Note that ``payment.confirm()`` can still throw a ``QuotaExceededException``,
-  however it will still mark the payment as complete (not the order!), so you should catch this exception and
-  inform the user, but not abort the transaction.
-
-* A new property ``BasePaymentProvider.abort_pending_allowed`` has been introduced. Only if set, the user will
-  be able to retry a payment or switch the payment method when the order currently has a payment object in
-  state ``"pending"``. This replaces ``BasePaymentProvider.order_can_retry``, which no longer exists.
-
-* The methods ``BasePaymentProvider.retry_prepare`` and ``BasePaymentProvider.order_prepare`` have both been
-  replaced by a new method ``BasePaymentProvider.payment_prepare(request, payment)`` that is passed an ``OrderPayment``
-  object instead of an ``Order``. **Keep in mind that this payment object might have an amount property that
-  differs from the order total, if the order is already partially paid.**
-
-* The method ``BasePaymentProvider.order_paid_render`` has been removed.
-
-* The method ``BasePaymentProvider.order_control_render`` has been removed and replaced by a new method
-  ``BasePaymentProvider.payment_control_render(request, payment)`` that is passed an ``OrderPayment``
-  object instead of an ``Order``.
-
-* There's no need to manually deal with excess payments or duplicate payments anymore, just setting the ``OrderPayment``
-  methods to the correct state will do the job.
-
-Creating refunds
-""""""""""""""""
-
-* The methods ``BasePaymentProvider.order_control_refund_render`` and ``BasePaymentProvider.order_control_refund_perform``
-  have been removed.
-
-* Two new boolean methods ``BasePaymentProvider.payment_refund_supported(payment)`` and ``BasePaymentProvider.payment_partial_refund_supported(payment)``
-  have been introduced. They should be set to return ``True`` if and only if the payment API allows to *automatically*
-  transfer the money back to the customer.
-
-* A new method ``BasePaymentProvider.execute_refund(refund)`` has been introduced. This method is called using a
-  ``OrderRefund`` object in ``"created"`` state and is expected to transfer the money back and confirm success with
-  calling ``refund.done()``. This will only ever be called if either ``BasePaymentProvider.payment_refund_supported(payment)``
-  or ``BasePaymentProvider.payment_partial_refund_supported(payment)`` return ``True``.
-
-Processing external refunds
-"""""""""""""""""""""""""""
-
-* If e.g. a webhook API notifies you that a payment has been disputed or refunded with the external API, you are
-  expected to call ``OrderPayment.create_external_refund(self, amount, execution_date, info='{}')`` on this payment.
-  This will create and return an appropriate ``OrderRefund`` object and send out a notification. However, it will not
-  mark the order as refunded, but will ask the event organizer for a decision.
-
-Data shredders
-""""""""""""""
-
-* The method ``BasePaymentProvider.shred_payment_info`` is no longer passed an order, but instead **either**
-  an ``OrderPayment`` **or** an ``OrderRefund``.

doc/development/api/plugins.rst

@@ -79,9 +79,6 @@ human-readable error messages. We recommend using the ``django.utils.functional.
 decorator, as it might get called a lot. You can also implement ``compatibility_warnings``,
 those will be displayed but not block the plugin execution.
 
-The ``AppConfig`` class may implement a method ``is_available(event)`` that checks if a plugin
-is available for a specific event. If not, it will not be shown in the plugin list of that event.
-
 Plugin registration
 -------------------
 

doc/development/concepts.rst

@@ -82,12 +82,6 @@ Orders
 ^^^^^^
 
 If a customer completes the checkout process, an **Order** will be created containing all the entered information.
-An order can be in one of currently four states that are listed in the diagram below:
+An order can be in one of currently five states that are listed in the diagram below:
 
 .. image:: /images/order_states.png
-
-There are additional "fake" states that are displayed like states but not represented as states in the system:
-
-* An order is considered **canceled (with paid fee)** if it is in **paid** status but does not include any non-cancelled positions.
-
-* An order is considered **requiring approval** if it is in **pending** status with the ``require_approval`` attribute set to ``True``.

doc/development/implementation/models.rst

@@ -86,15 +86,6 @@ Carts and Orders
 .. autoclass:: pretix.base.models.OrderPosition
    :members:
 
-.. autoclass:: pretix.base.models.OrderFee
-   :members:
-
-.. autoclass:: pretix.base.models.OrderPayment
-   :members:
-
-.. autoclass:: pretix.base.models.OrderRefund
-   :members:
-
 .. autoclass:: pretix.base.models.CartPosition
    :members:
 

doc/development/setup.rst

@@ -18,7 +18,7 @@ External Dependencies
 ---------------------
 Your should install the following on your system:
 
-* Python 3.5 or newer
+* Python 3.4 or newer
 * ``pip`` for Python 3 (Debian package: ``python3-pip``)
 * ``python-dev`` for Python 3 (Debian package: ``python3-dev``)
 * ``libffi`` (Debian package: ``libffi-dev``)
@@ -54,6 +54,10 @@ The first thing you need are all the main application's dependencies::
     cd src/
     pip3 install -r requirements.txt -r requirements/dev.txt
 
+If you are working with Python 3.4, you will also need (you can skip this for Python 3.5+)::
+
+    pip3 install -r requirements/py34.txt
+
 Next, you need to copy the SCSS files from the source folder to the STATIC_ROOT directory::
 
     python manage.py collectstatic --noinput

doc/images/order_states.puml

@@ -4,6 +4,7 @@ Pending: Order is expecting payment\nOrder reduces quotas
 Expired: Payment period is over\nOrder does not affect quotas
 Paid: Order was successful\nOrder reduces quotas
 Canceled: Order has been canceled\nOrder does not affect quotas
+Refunded: Order has been refunded\nOrder does not affect quotas
 
 [*] --> Pending: customer\nplaces order
 Pending --> Paid: successful payment
@@ -11,9 +12,8 @@ Pending --> Expired: automatically\nor manually\non admin action
 Expired --> Paid: if payment is received\nonly if quota left
 Expired --> Canceled
 Expired --> Pending: manually\non admin action
-Paid --> Canceled: manually on\nadmin action\nor if an external\npayment provider\nnotifies about a\npayment refund
+Paid --> Refunded: manually on\nadmin action\nor if an external\npayment provider\nnotifies about a\npayment refund
 Pending --> Canceled: on admin or\ncustomer action
 Paid -> Pending: manually on admin action
-[*] --> Paid: customer\nplaces free order
 
 @enduml

doc/plugins/ticketoutputpdf.rst

@@ -20,7 +20,6 @@ default                               boolean                    ``true`` if thi
 layout                                object                     Layout specification for libpretixprint
 background                            URL                        Background PDF file
 item_assignments                      list of objects            Products this layout is assigned to
-├ sales_channel                       string                     Sales channel (defaults to ``web``).
 └ item                                integer                    Item ID
 ===================================== ========================== =======================================================
 
@@ -28,10 +27,6 @@ item_assignments                      list of objects            Products this l
 
    This resource has been added.
 
-.. versionchanged:: 2.3
-
-   The ``item_assignments.sales_channel`` field has been added.
-
 
 Endpoints
 ---------

doc/spelling_wordlist.txt

@@ -1,12 +1,10 @@
 addon
 addons
-Analytics
 anonymize
 api
 auditability
 auth
 autobuild
-availabilities
 backend
 backends
 banktransfer
@@ -25,7 +23,6 @@ cronjob
 cryptographic
 debian
 deduplication
-deprovision
 discoverable
 django
 dockerfile
@@ -67,7 +64,6 @@ ons
 optimizations
 overpayment
 param
-passphrase
 percental
 positionid
 pre
@@ -92,7 +88,6 @@ regex
 renderer
 renderers
 reportlab
-SaaS
 screenshot
 selectable
 serializers
@@ -109,9 +104,7 @@ subevent
 subevents
 submodule
 subpath
-Symfony
 systemd
-testmode
 testutils
 timestamp
 tuples

doc/user/events/widget.rst

@@ -107,13 +107,6 @@ voucher's settings.
         </div>
     </noscript>
 
-Disabling the voucher input
----------------------------
-
-If you want to disable voucher input in the widget, you can pass the ``disable-vouchers`` attribute::
-
-   <pretix-widget event="https://pretix.eu/demo/democon/" disable-vouchers></pretix-widget>
-
 pretix Button
 -------------
 
@@ -143,107 +136,14 @@ resources. Then, instead of the ``pretix-widget`` tag, use the ``pretix-button``
 As you can see, the ``pretix-button`` element takes an additional ``items`` attribute that specifies the items that
 should be added to the cart. The syntax of this attribute is ``item_ITEMID=1,item_ITEMID=2,variation_ITEMID_VARID=4``
 where ``ITEMID`` are the internal IDs of items to be added and ``VARID`` are the internal IDs of variations of those
-items, if the items have variations. If you omit the ``items`` attribute, the general start page will be presented.
+items, if the items have variations.
 
 Just as the widget, the button supports the optional attributes ``voucher`` and ``skip-ssl-check``.
 
 You can style the button using the ``pretix-button`` CSS class.
 
-Dynamically loading the widget
-------------------------------
+.. versionchanged:: 1.13
 
-If you need to control the way or timing the widget loads, for example because you want to modify user data (see
-below) dynamically via JavaScript, you can register a listener that we will call before creating the widget::
-
-    <script type="text/javascript">
-    window.pretixWidgetCallback = function () {
-        // Will be run before we create the widget.
-    }
-    </script>
-
-If you want, you can suppress us loading the widget and/or modify the user data passed to the widget::
-
-    <script type="text/javascript">
-    window.pretixWidgetCallback = function () {
-        window.PretixWidget.build_widgets = false;
-        window.PretixWidget.widget_data["email"] = "test@example.org";
-    }
-    </script>
-
-If you then later want to trigger loading the widgets, just call ``window.PretixWidget.buildWidgets()``.
-
-
-Passing user data to the widget
--------------------------------
-
-If you display the widget in a restricted area of your website and you want to pre-fill fields in the checkout process
-with known user data to save your users some typing and increase conversions, you can pass additional data attributes
-with that information::
-
-    <pretix-widget event="https://pretix.eu/demo/democon/"
-        data-attendee-name-given-name="John"
-        data-attendee-name-family-name="Doe"
-        data-invoice-address-name-given-name="John"
-        data-invoice-address-name-family-name="Doe"
-        data-email="test@example.org"
-        data-question-L9G8NG9M="Foobar">
-    </pretix-widget>
-
-This works for the pretix Button as well. Currently, the following attributes are understood by pretix itself:
-
-* ``data-email`` will pre-fill the order email field as well as the attendee email field (if enabled).
-
-* ``data-question-IDENTIFIER`` will pre-fill the answer for the question with the given identifier. You can view and set
-  identifiers in the *Questions* section of the backend.
-
-* Depending on the person name scheme configured in your event settings, you can pass one or more of
-  ``data-attendee-name-full-name``, ``data-attendee-name-given-name``, ``data-attendee-name-family-name``,
-  ``data-attendee-name-middle-name``, ``data-attendee-name-title``, ``data-attendee-name-calling-name``,
-  ``data-attendee-name-latin-transcription``. If you don't know or don't care, you can also just pass a string as
-  ``data-attendee-name``, which will pre-fill the last part of the name, whatever that is.
-
-* ``data-invoice-address-FIELD`` will  pre-fill the corresponding field of the invoice address. Possible values for
-  ``FIELD`` are ``company``, ``street``, ``zipcode``, ``city`` and ``country``, as well as fields specified by the
-  naming scheme such as ``name-title`` or ``name-given-name`` (see above). ``country`` expects a two-character
-  country code.
-
-Any configured pretix plugins might understand more data fields. For example, if the appropriate plugins on pretix
-Hosted or pretix Enterprise are active, you can pass the following fields:
-
-* If you use the campaigns plugin, you can pass a campaign ID as a value to ``data-campaign``. This way, all orders
-  made through this widget will be counted towards this campaign.
-
-* If you use the tracking plugin, you can pass a Google Analytics User ID to enable cross-domain tracking. This will
-  require you to dynamically load the widget, like this::
-
-    <script>
-        (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-        m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-        })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
-
-        ga('create', 'UA-XXXXXX-1', 'auto');
-        ga('send', 'pageview');
-
-        window.pretixWidgetCallback = function () {
-            window.PretixWidget.build_widgets = false;
-            window.addEventListener('load', function() { // Wait for GA to be loaded
-                if(window.ga && ga.create) {
-                    ga(function(tracker) {
-                        window.PretixWidget.widget_data["tracking-ga-id"] = tracker.get('clientId');
-                        window.PretixWidget.buildWidgets()
-                    });
-                } else { // Tracking is probably blocked
-                       window.PretixWidget.buildWidgets()
-                }
-            });
-        };
-    </script>
-
-
-.. versionchanged:: 2.3
-
-   Data passing options have been added in pretix 2.3. If you use a self-hosted version of pretix, they only work
-   fully if you configured a redis server.
+   The pretix Button has been added in version 1.13.
 
 .. _Let's Encrypt: https://letsencrypt.org/

doc/user/faq.rst

@@ -4,10 +4,22 @@ FAQ and Troubleshooting
 How can I test my shop before taking it live?
 ---------------------------------------------
 
-On your event dashboard, click on the first tile that shows your shop status. On the lower part of this page, you can
-place your event into "test mode". In "test mode", everything behaves the same, but orders created during test mode can
-later be fully deleted. Be sure to actually delete them when or after you turn off test mode, since test mode orders
-still count toward your quotas and are included in your reports.
+There are multiple ways to do this.
+
+First, you could just create some orders in your real shop and cancel/refund them later. If you don't want to process
+real payments for the tests, you can either use a "manual" payment method like bank transfer and just mark the orders
+as paid with the button in the backend, or if you want to use e.g. Stripe, you can configure pretix to use your keys
+for the Stripe test system and use their test credit cars. Read our :ref:`Stripe documentation <stripe>` for more
+information.
+
+Second, you could create a separate event, just for testing. In the last step of the :ref:`event creation process <event_create>`,
+you can specify that you want to copy all settings from your real event, so you don't have to do all of it twice.
+
+We are planning to add a dedicated test mode in a later version of pretix.
+
+If you are using the hosted service at pretix.eu and want to get rid of the test orders completely, contact us at
+support@pretix.eu and we can remove them for you. Please note that we only are able to do that *before* you have
+received any real orders (i.e. taken the shop public). We won't charge any fees for test orders or test events.
 
 How do I delete an event?
 -------------------------

readthedocs.yml

@@ -1,6 +0,0 @@
-
-build:
-  image: latest
-
-python:
-  version: 3.6

src/.coveragerc

@@ -0,0 +1,12 @@
+[run]
+source = pretix
+omit = */migrations/*,*/urls.py,*/tests/*,*/testdummy/*,*/admin.py,pretix/wsgi.py,pretix/settings.py
+
+[report]
+exclude_lines =
+	pragma: no cover
+	def __str__
+	der __repr__
+	if settings.DEBUG
+	NOQA
+	NotImplementedError

src/.update-locales

@@ -34,5 +34,4 @@ git push
 # Unlock Weblate
 for c in $COMPONENTS; do
 	wlc unlock $c;
-	wlc pull $c;
 done

src/MANIFEST.in

@@ -8,8 +8,6 @@ recursive-include pretix/control/templates *
 recursive-include pretix/presale/templates *
 recursive-include pretix/plugins/banktransfer/templates *
 recursive-include pretix/plugins/banktransfer/static *
-recursive-include pretix/plugins/manualpayment/templates *
-recursive-include pretix/plugins/manualpayment/static *
 recursive-include pretix/plugins/paypal/templates *
 recursive-include pretix/plugins/pretixdroid/templates *
 recursive-include pretix/plugins/pretixdroid/static *

src/pretix/__init__.py

@@ -1 +1 @@
-__version__ = "2.5.0.dev0"
+__version__ = "2.0.0.dev0"

src/pretix/api/__init__.py

@@ -5,8 +5,5 @@ class PretixApiConfig(AppConfig):
     name = 'pretix.api'
     label = 'pretixapi'
 
-    def ready(self):
-        from . import signals, webhooks  # noqa
-
 
 default_app_config = 'pretix.api.PretixApiConfig'

src/pretix/api/auth/device.py

@@ -1,25 +0,0 @@
-from django.contrib.auth.models import AnonymousUser
-from rest_framework import exceptions
-from rest_framework.authentication import TokenAuthentication
-
-from pretix.base.models import Device
-
-
-class DeviceTokenAuthentication(TokenAuthentication):
-    model = Device
-    keyword = 'Device'
-
-    def authenticate_credentials(self, key):
-        model = self.get_model()
-        try:
-            device = model.objects.select_related('organizer').get(api_token=key)
-        except model.DoesNotExist:
-            raise exceptions.AuthenticationFailed('Invalid token.')
-
-        if not device.initialized:
-            raise exceptions.AuthenticationFailed('Device has not been initialized.')
-
-        if not device.api_token:
-            raise exceptions.AuthenticationFailed('Device access has been revoked.')
-
-        return AnonymousUser(), device

src/pretix/api/auth/permission.py

@@ -1,7 +1,7 @@
 from rest_framework.permissions import SAFE_METHODS, BasePermission
 
 from pretix.api.models import OAuthAccessToken
-from pretix.base.models import Device, Event
+from pretix.base.models import Event
 from pretix.base.models.organizer import Organizer, TeamAPIToken
 from pretix.helpers.security import (
     SessionInvalid, SessionReauthRequired, assert_session_valid,
@@ -9,9 +9,10 @@ from pretix.helpers.security import (
 
 
 class EventPermission(BasePermission):
+    model = TeamAPIToken
 
     def has_permission(self, request, view):
-        if not request.user.is_authenticated and not isinstance(request.auth, (Device, TeamAPIToken)):
+        if not request.user.is_authenticated and not isinstance(request.auth, TeamAPIToken):
             return False
 
         if request.method not in SAFE_METHODS and hasattr(view, 'write_permission'):
@@ -30,7 +31,7 @@ class EventPermission(BasePermission):
             except SessionReauthRequired:
                 return False
 
-        perm_holder = (request.auth if isinstance(request.auth, (Device, TeamAPIToken))
+        perm_holder = (request.auth if isinstance(request.auth, TeamAPIToken)
                        else request.user)
         if 'event' in request.resolver_match.kwargs and 'organizer' in request.resolver_match.kwargs:
             request.event = Event.objects.filter(
@@ -75,7 +76,7 @@ class EventCRUDPermission(EventPermission):
             return False
         elif view.action == 'destroy' and 'can_change_event_settings' not in request.eventpermset:
             return False
-        elif view.action in ['update', 'partial_update'] \
+        elif view.action in ['retrieve', 'update', 'partial_update'] \
                 and 'can_change_event_settings' not in request.eventpermset:
             return False
 

src/pretix/api/exception.py

@@ -10,10 +10,7 @@ def custom_exception_handler(exc, context):
     if isinstance(exc, LockTimeoutException):
         response = Response(
             {'detail': 'The server was too busy to process your request. Please try again.'},
-            status=status.HTTP_409_CONFLICT,
-            headers={
-                'Retry-After': 5
-            }
+            status=status.HTTP_409_CONFLICT
         )
 
     return response

src/pretix/api/migrations/0001_initial.py

@@ -46,7 +46,7 @@ class Migration(migrations.Migration):
                 ('updated', models.DateTimeField(auto_now=True)),
                 ('name', models.CharField(max_length=255, verbose_name='Application name')),
                 ('redirect_uris', models.TextField(help_text='Allowed URIs list, space separated',
-                                                   validators=[oauth2_provider.validators.URIValidator],
+                                                   validators=[oauth2_provider.validators.validate_uris],
                                                    verbose_name='Redirection URIs')),
                 ('client_id',
                  models.CharField(db_index=True, default=oauth2_provider.generators.generate_client_id, max_length=100,

src/pretix/api/migrations/0003_webhook_webhookcall_webhookeventlistener.py

@@ -1,79 +0,0 @@
-# Generated by Django 2.1.1 on 2018-11-07 10:46
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('pretixbase', '0102_auto_20181017_0024'),
-        ('pretixapi', '0002_auto_20180604_1120'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='WebHook',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('enabled', models.BooleanField(default=True, verbose_name='Enable webhook')),
-                ('target_url', models.URLField(verbose_name='Target URL')),
-                ('all_events', models.BooleanField(default=False, verbose_name='All events (including newly created ones)')),
-                ('limit_events', models.ManyToManyField(blank=True, to='pretixbase.Event', verbose_name='Limit to events')),
-                ('organizer', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pretixbase.Organizer')),
-            ],
-        ),
-        migrations.CreateModel(
-            name='WebHookCall',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('datetime', models.DateTimeField(auto_now_add=True)),
-                ('target_url', models.URLField()),
-                ('is_retry', models.BooleanField(default=False)),
-                ('execution_time', models.FloatField(null=True)),
-                ('return_code', models.PositiveIntegerField(default=0)),
-                ('payload', models.TextField()),
-                ('response_body', models.TextField()),
-                ('webhook', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pretixapi.WebHook')),
-            ],
-        ),
-        migrations.CreateModel(
-            name='WebHookEventListener',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('action_type', models.CharField(max_length=255)),
-                ('webhook', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pretixapi.WebHook')),
-            ],
-        ),
-        migrations.AddField(
-            model_name='webhookcall',
-            name='success',
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AlterField(
-            model_name='webhook',
-            name='all_events',
-            field=models.BooleanField(default=True, verbose_name='All events (including newly created ones)'),
-        ),
-        migrations.AlterField(
-            model_name='webhook',
-            name='organizer',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='webhooks', to='pretixbase.Organizer'),
-        ),
-        migrations.AlterField(
-            model_name='webhookcall',
-            name='webhook',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='calls', to='pretixapi.WebHook'),
-        ),
-        migrations.AlterField(
-            model_name='webhookeventlistener',
-            name='webhook',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='listeners', to='pretixapi.WebHook'),
-        ),
-        migrations.AddField(
-            model_name='webhookcall',
-            name='action_type',
-            field=models.CharField(default='', max_length=255),
-            preserve_default=False,
-        ),
-    ]

src/pretix/api/models.py

@@ -11,13 +11,13 @@ from oauth2_provider.models import (
     AbstractAccessToken, AbstractApplication, AbstractGrant,
     AbstractRefreshToken,
 )
-from oauth2_provider.validators import URIValidator
+from oauth2_provider.validators import validate_uris
 
 
 class OAuthApplication(AbstractApplication):
     name = models.CharField(verbose_name=_("Application name"), max_length=255, blank=False)
     redirect_uris = models.TextField(
-        blank=False, validators=[URIValidator],
+        blank=False, validators=[validate_uris],
         verbose_name=_("Redirection URIs"),
         help_text=_("Allowed URIs list, space separated")
     )
@@ -68,41 +68,3 @@ class OAuthRefreshToken(AbstractRefreshToken):
         OAuthAccessToken, on_delete=models.SET_NULL, blank=True, null=True,
         related_name="refresh_token"
     )
-
-
-class WebHook(models.Model):
-    organizer = models.ForeignKey('pretixbase.Organizer', on_delete=models.CASCADE, related_name='webhooks')
-    enabled = models.BooleanField(default=True, verbose_name=_("Enable webhook"))
-    target_url = models.URLField(verbose_name=_("Target URL"))
-    all_events = models.BooleanField(default=True, verbose_name=_("All events (including newly created ones)"))
-    limit_events = models.ManyToManyField('pretixbase.Event', verbose_name=_("Limit to events"), blank=True)
-
-    @property
-    def action_types(self):
-        return [
-            l.action_type for l in self.listeners.all()
-        ]
-
-
-class WebHookEventListener(models.Model):
-    webhook = models.ForeignKey('WebHook', on_delete=models.CASCADE, related_name='listeners')
-    action_type = models.CharField(max_length=255)
-
-    class Meta:
-        ordering = ("action_type",)
-
-
-class WebHookCall(models.Model):
-    webhook = models.ForeignKey('WebHook', on_delete=models.CASCADE, related_name='calls')
-    datetime = models.DateTimeField(auto_now_add=True)
-    target_url = models.URLField()
-    action_type = models.CharField(max_length=255)
-    is_retry = models.BooleanField(default=False)
-    execution_time = models.FloatField(null=True)
-    return_code = models.PositiveIntegerField(default=0)
-    success = models.BooleanField(default=False)
-    payload = models.TextField()
-    response_body = models.TextField()
-
-    class Meta:
-        ordering = ("-datetime",)

src/pretix/api/serializers/cart.py

@@ -19,19 +19,18 @@ class CartPositionSerializer(I18nAwareModelSerializer):
 
     class Meta:
         model = CartPosition
-        fields = ('id', 'cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts',
-                  'attendee_email', 'voucher', 'addon_to', 'subevent', 'datetime', 'expires', 'includes_tax',
+        fields = ('id', 'cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
+                  'voucher', 'addon_to', 'subevent', 'datetime', 'expires', 'includes_tax',
                   'answers',)
 
 
 class CartPositionCreateSerializer(I18nAwareModelSerializer):
     answers = AnswerCreateSerializer(many=True, required=False)
     expires = serializers.DateTimeField(required=False)
-    attendee_name = serializers.CharField(required=False, allow_null=True)
 
     class Meta:
         model = CartPosition
-        fields = ('cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts', 'attendee_email',
+        fields = ('cart_id', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
                   'subevent', 'expires', 'includes_tax', 'answers',)
 
     def create(self, validated_data):
@@ -66,11 +65,6 @@ class CartPositionCreateSerializer(I18nAwareModelSerializer):
                             quota.name
                         )
                     )
-            attendee_name = validated_data.pop('attendee_name', '')
-            if attendee_name and not validated_data.get('attendee_name_parts'):
-                validated_data['attendee_name_parts'] = {
-                    '_legacy': attendee_name
-                }
             cp = CartPosition.objects.create(event=self.context['event'], **validated_data)
 
         for answ_data in answers_data:
@@ -124,8 +118,4 @@ class CartPositionCreateSerializer(I18nAwareModelSerializer):
                 raise ValidationError(
                     'You cannot specify a variation for this item.'
                 )
-        if data.get('attendee_name') and data.get('attendee_name_parts'):
-            raise ValidationError(
-                {'attendee_name': ['Do not specify attendee_name if you specified attendee_name_parts.']}
-            )
         return data

src/pretix/api/serializers/event.py

@@ -1,11 +1,9 @@
-from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.db import transaction
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext as _
 from django_countries.serializers import CountryFieldMixin
 from rest_framework.fields import Field
-from rest_framework.relations import SlugRelatedField
 
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.base.models import Event, TaxRule
@@ -48,7 +46,7 @@ class EventSerializer(I18nAwareModelSerializer):
 
     class Meta:
         model = Event
-        fields = ('name', 'slug', 'live', 'testmode', 'currency', 'date_from',
+        fields = ('name', 'slug', 'live', 'currency', 'date_from',
                   'date_to', 'date_admission', 'is_public', 'presale_start',
                   'presale_end', 'location', 'has_subevents', 'meta_data', 'plugins')
 
@@ -96,7 +94,7 @@ class EventSerializer(I18nAwareModelSerializer):
         from pretix.base.plugins import get_all_plugins
 
         plugins_available = {
-            p.module for p in get_all_plugins(self.instance)
+            p.module for p in get_all_plugins()
             if not p.name.startswith('.') and getattr(p, 'visible', True)
         }
 
@@ -109,7 +107,7 @@ class EventSerializer(I18nAwareModelSerializer):
     @transaction.atomic
     def create(self, validated_data):
         meta_data = validated_data.pop('meta_data', None)
-        plugins = validated_data.pop('plugins', settings.PRETIX_PLUGINS_DEFAULT.split(','))
+        plugins = validated_data.pop('plugins', None)
         event = super().create(validated_data)
 
         # Meta data
@@ -123,7 +121,6 @@ class EventSerializer(I18nAwareModelSerializer):
         # Plugins
         if plugins is not None:
             event.set_active_plugins(plugins)
-        event.save(update_fields=['plugins'])
 
         return event
 
@@ -193,13 +190,12 @@ class SubEventItemVariationSerializer(I18nAwareModelSerializer):
 class SubEventSerializer(I18nAwareModelSerializer):
     item_price_overrides = SubEventItemSerializer(source='subeventitem_set', many=True)
     variation_price_overrides = SubEventItemVariationSerializer(source='subeventitemvariation_set', many=True)
-    event = SlugRelatedField(slug_field='slug', read_only=True)
     meta_data = MetaDataField(source='*')
 
     class Meta:
         model = SubEvent
         fields = ('id', 'name', 'date_from', 'date_to', 'active', 'date_admission',
-                  'presale_start', 'presale_end', 'location', 'event',
+                  'presale_start', 'presale_end', 'location',
                   'item_price_overrides', 'variation_price_overrides', 'meta_data')
 
 

src/pretix/api/serializers/i18n.py

@@ -15,20 +15,13 @@ class I18nField(Field):
         super().__init__(**kwargs)
 
     def to_representation(self, value):
-        if hasattr(value, 'data'):
-            if isinstance(value.data, dict):
-                return value.data
-            elif value.data is None:
-                return None
-            else:
-                return {
-                    settings.LANGUAGE_CODE: str(value.data)
-                }
-        elif value is None:
+        if value is None or value.data is None:
             return None
+        if isinstance(value.data, dict):
+            return value.data
         else:
             return {
-                settings.LANGUAGE_CODE: str(value)
+                settings.LANGUAGE_CODE: str(value.data)
             }
 
     def to_internal_value(self, data):

src/pretix/api/serializers/item.py

@@ -74,12 +74,12 @@ class ItemSerializer(I18nAwareModelSerializer):
 
     class Meta:
         model = Item
-        fields = ('id', 'category', 'name', 'internal_name', 'active', 'sales_channels', 'description',
+        fields = ('id', 'category', 'name', 'internal_name', 'active', 'description',
                   'default_price', 'free_price', 'tax_rate', 'tax_rule', 'admission',
                   'position', 'picture', 'available_from', 'available_until',
                   'require_voucher', 'hide_without_voucher', 'allow_cancel',
                   'min_per_order', 'max_per_order', 'checkin_attention', 'has_variations',
-                  'variations', 'addons', 'original_price', 'require_approval', 'generate_tickets')
+                  'variations', 'addons', 'original_price')
         read_only_fields = ('has_variations', 'picture')
 
     def get_serializer_context(self):

src/pretix/api/serializers/order.py

@@ -7,19 +7,14 @@ from django.utils.translation import ugettext_lazy
 from django_countries.fields import Country
 from rest_framework import serializers
 from rest_framework.exceptions import ValidationError
-from rest_framework.relations import SlugRelatedField
 from rest_framework.reverse import reverse
 
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
-from pretix.base.channels import get_all_sales_channels
-from pretix.base.i18n import language
 from pretix.base.models import (
     Checkin, Invoice, InvoiceAddress, InvoiceLine, Order, OrderPosition,
     Question, QuestionAnswer,
 )
-from pretix.base.models.orders import (
-    CartPosition, OrderFee, OrderPayment, OrderRefund,
-)
+from pretix.base.models.orders import CartPosition, OrderFee
 from pretix.base.pdf import get_variables
 from pretix.base.signals import register_ticket_outputs
 
@@ -37,12 +32,11 @@ class CompatibleCountryField(serializers.Field):
 
 class InvoiceAddressSerializer(I18nAwareModelSerializer):
     country = CompatibleCountryField(source='*')
-    name = serializers.CharField(required=False)
 
     class Meta:
         model = InvoiceAddress
-        fields = ('last_modified', 'is_business', 'company', 'name', 'name_parts', 'street', 'zipcode', 'city', 'country',
-                  'vat_id', 'vat_id_validated', 'internal_reference')
+        fields = ('last_modified', 'is_business', 'company', 'name', 'street', 'zipcode', 'city', 'country', 'vat_id',
+                  'vat_id_validated', 'internal_reference')
         read_only_fields = ('last_modified', 'vat_id_validated')
 
     def __init__(self, *args, **kwargs):
@@ -51,15 +45,6 @@ class InvoiceAddressSerializer(I18nAwareModelSerializer):
             v.required = False
             v.allow_blank = True
 
-    def validate(self, data):
-        if data.get('name') and data.get('name_parts'):
-            raise ValidationError(
-                {'name': ['Do not specify name if you specified name_parts.']}
-            )
-        if data.get('name_parts') and '_scheme' not in data.get('name_parts'):
-            data['name_parts']['_scheme'] = self.context['request'].event.settings.name_scheme
-        return data
-
 
 class AnswerQuestionIdentifierField(serializers.Field):
     def to_representation(self, instance: QuestionAnswer):
@@ -89,8 +74,7 @@ class CheckinSerializer(I18nAwareModelSerializer):
 class OrderDownloadsField(serializers.Field):
     def to_representation(self, instance: Order):
         if instance.status != Order.STATUS_PAID:
-            if instance.status != Order.STATUS_PENDING or instance.require_approval or not instance.event.settings.ticket_download_pending:
-                return []
+            return []
 
         request = self.context['request']
         res = []
@@ -113,9 +97,10 @@ class OrderDownloadsField(serializers.Field):
 class PositionDownloadsField(serializers.Field):
     def to_representation(self, instance: OrderPosition):
         if instance.order.status != Order.STATUS_PAID:
-            if instance.order.status != Order.STATUS_PENDING or instance.order.require_approval or not instance.order.event.settings.ticket_download_pending:
-                return []
-        if not instance.generate_ticket:
+            return []
+        if instance.addon_to_id and not instance.order.event.settings.ticket_download_addons:
+            return []
+        if not instance.item.admission and not instance.order.event.settings.ticket_download_nonadm:
             return []
 
         request = self.context['request']
@@ -141,21 +126,13 @@ class PdfDataSerializer(serializers.Field):
         res = {}
 
         ev = instance.subevent or instance.order.event
-        with language(instance.order.locale):
-            # This needs to have some extra performance improvements to avoid creating hundreds of queries when
-            # we serialize a list.
 
-            if 'vars' not in self.context:
-                self.context['vars'] = get_variables(self.context['request'].event)
+        pdfvars = get_variables(instance.order.event)
+        for k, f in pdfvars.items():
+            res[k] = f['evaluate'](instance, instance.order, ev)
 
-            for k, f in self.context['vars'].items():
-                res[k] = f['evaluate'](instance, instance.order, ev)
-
-            if not hasattr(ev, '_cached_meta_data'):
-                ev._cached_meta_data = ev.meta_data
-
-            for k, v in ev._cached_meta_data.items():
-                res['meta:' + k] = v
+        for k, v in ev.meta_data.items():
+            res['meta:' + k] = v
 
         return res
 
@@ -169,9 +146,9 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
 
     class Meta:
         model = OrderPosition
-        fields = ('id', 'order', 'positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts',
-                  'attendee_email', 'voucher', 'tax_rate', 'tax_value', 'secret', 'addon_to', 'subevent', 'checkins',
-                  'downloads', 'answers', 'tax_rule', 'pseudonymization_id', 'pdf_data')
+        fields = ('id', 'order', 'positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
+                  'voucher', 'tax_rate', 'tax_value', 'secret', 'addon_to', 'subevent', 'checkins', 'downloads',
+                  'answers', 'tax_rule', 'pseudonymization_id', 'pdf_data')
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -179,61 +156,23 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
             self.fields.pop('pdf_data')
 
 
-class OrderPaymentTypeField(serializers.Field):
-    # TODO: Remove after pretix 2.2
-    def to_representation(self, instance: Order):
-        t = None
-        for p in instance.payments.all():
-            t = p.provider
-        return t
-
-
-class OrderPaymentDateField(serializers.DateField):
-    # TODO: Remove after pretix 2.2
-    def to_representation(self, instance: Order):
-        t = None
-        for p in instance.payments.all():
-            t = p.payment_date or t
-        if t:
-
-            return super().to_representation(t.date())
-
-
 class OrderFeeSerializer(I18nAwareModelSerializer):
     class Meta:
         model = OrderFee
         fields = ('fee_type', 'value', 'description', 'internal_type', 'tax_rate', 'tax_value', 'tax_rule')
 
 
-class OrderPaymentSerializer(I18nAwareModelSerializer):
-    class Meta:
-        model = OrderPayment
-        fields = ('local_id', 'state', 'amount', 'created', 'payment_date', 'provider')
-
-
-class OrderRefundSerializer(I18nAwareModelSerializer):
-    payment = SlugRelatedField(slug_field='local_id', read_only=True)
-
-    class Meta:
-        model = OrderRefund
-        fields = ('local_id', 'state', 'source', 'amount', 'payment', 'created', 'execution_date', 'provider')
-
-
 class OrderSerializer(I18nAwareModelSerializer):
     invoice_address = InvoiceAddressSerializer()
     positions = OrderPositionSerializer(many=True)
     fees = OrderFeeSerializer(many=True)
     downloads = OrderDownloadsField(source='*')
-    payments = OrderPaymentSerializer(many=True)
-    refunds = OrderRefundSerializer(many=True)
-    payment_date = OrderPaymentDateField(source='*')
-    payment_provider = OrderPaymentTypeField(source='*')
 
     class Meta:
         model = Order
-        fields = ('code', 'status', 'testmode', 'secret', 'email', 'locale', 'datetime', 'expires', 'payment_date',
+        fields = ('code', 'status', 'secret', 'email', 'locale', 'datetime', 'expires', 'payment_date',
                   'payment_provider', 'fees', 'total', 'comment', 'invoice_address', 'positions', 'downloads',
-                  'checkin_attention', 'last_modified', 'payments', 'refunds', 'require_approval', 'sales_channel')
+                  'checkin_attention', 'last_modified')
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -316,15 +255,14 @@ class OrderPositionCreateSerializer(I18nAwareModelSerializer):
     answers = AnswerCreateSerializer(many=True, required=False)
     addon_to = serializers.IntegerField(required=False, allow_null=True)
     secret = serializers.CharField(required=False)
-    attendee_name = serializers.CharField(required=False, allow_null=True)
 
     class Meta:
         model = OrderPosition
-        fields = ('positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts', 'attendee_email',
+        fields = ('positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
                   'secret', 'addon_to', 'subevent', 'answers')
 
     def validate_secret(self, secret):
-        if secret and OrderPosition.all.filter(order__event=self.context['event'], secret=secret).exists():
+        if secret and OrderPosition.objects.filter(order__event=self.context['event'], secret=secret).exists():
             raise ValidationError(
                 'You cannot assign a position secret that already exists.'
             )
@@ -371,12 +309,6 @@ class OrderPositionCreateSerializer(I18nAwareModelSerializer):
                 raise ValidationError(
                     {'variation': ['You cannot specify a variation for this item.']}
                 )
-        if data.get('attendee_name') and data.get('attendee_name_parts'):
-            raise ValidationError(
-                {'attendee_name': ['Do not specify attendee_name if you specified attendee_name_parts.']}
-            )
-        if data.get('attendee_name_parts') and '_scheme' not in data.get('attendee_name_parts'):
-            data['attendee_name_parts']['_scheme'] = self.context['request'].event.settings.name_scheme
         return data
 
 
@@ -413,7 +345,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
 
     class Meta:
         model = Order
-        fields = ('code', 'status', 'testmode', 'email', 'locale', 'payment_provider', 'fees', 'comment', 'sales_channel',
+        fields = ('code', 'status', 'email', 'locale', 'payment_provider', 'fees', 'comment',
                   'invoice_address', 'positions', 'checkin_attention', 'payment_info', 'consume_carts')
 
     def validate_payment_provider(self, pp):
@@ -421,11 +353,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             raise ValidationError('The given payment provider is not known.')
         return pp
 
-    def validate_sales_channel(self, channel):
-        if channel not in get_all_sales_channels():
-            raise ValidationError('Unknown sales channel.')
-        return channel
-
     def validate_code(self, code):
         if code and Order.objects.filter(event__organizer=self.context['event'].organizer, code=code).exists():
             raise ValidationError(
@@ -483,17 +410,8 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
     def create(self, validated_data):
         fees_data = validated_data.pop('fees') if 'fees' in validated_data else []
         positions_data = validated_data.pop('positions') if 'positions' in validated_data else []
-        payment_provider = validated_data.pop('payment_provider')
-        payment_info = validated_data.pop('payment_info', '{}')
-
         if 'invoice_address' in validated_data:
-            iadata = validated_data.pop('invoice_address')
-            name = iadata.pop('name', '')
-            if name and not iadata.get('name_parts'):
-                iadata['name_parts'] = {
-                    '_legacy': name
-                }
-            ia = InvoiceAddress(**iadata)
+            ia = InvoiceAddress(**validated_data.pop('invoice_address'))
         else:
             ia = None
 
@@ -545,51 +463,25 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             if any(errs):
                 raise ValidationError({'positions': errs})
 
-            if validated_data.get('locale', None) is None:
-                validated_data['locale'] = self.context['event'].settings.locale
             order = Order(event=self.context['event'], **validated_data)
-            order.set_expires(subevents=[p.get('subevent') for p in positions_data])
+            order.set_expires(subevents=[p['subevent'] for p in positions_data])
             order.total = sum([p['price'] for p in positions_data]) + sum([f['value'] for f in fees_data], Decimal('0.00'))
             order.meta_info = "{}"
-            order.save()
-
             if order.total == Decimal('0.00') and validated_data.get('status') != Order.STATUS_PAID:
+                order.payment_provider = 'free'
                 order.status = Order.STATUS_PAID
-                order.save()
-                order.payments.create(
-                    amount=order.total, provider='free', state=OrderPayment.PAYMENT_STATE_CONFIRMED,
-                    payment_date=now()
-                )
-            elif payment_provider == "free" and order.total != Decimal('0.00'):
+            elif order.payment_provider == "free" and order.total != Decimal('0.00'):
                 raise ValidationError('You cannot use the "free" payment provider for non-free orders.')
-            elif validated_data.get('status') == Order.STATUS_PAID:
-                order.payments.create(
-                    amount=order.total,
-                    provider=payment_provider,
-                    info=payment_info,
-                    payment_date=now(),
-                    state=OrderPayment.PAYMENT_STATE_CONFIRMED
-                )
-            elif payment_provider:
-                order.payments.create(
-                    amount=order.total,
-                    provider=payment_provider,
-                    info=payment_info,
-                    state=OrderPayment.PAYMENT_STATE_CREATED
-                )
-
+            if validated_data.get('status') == Order.STATUS_PAID:
+                order.payment_date = now()
+            order.save()
             if ia:
                 ia.order = order
                 ia.save()
             pos_map = {}
             for pos_data in positions_data:
-                answers_data = pos_data.pop('answers', [])
-                addon_to = pos_data.pop('addon_to', None)
-                attendee_name = pos_data.pop('attendee_name', '')
-                if attendee_name and not pos_data.get('attendee_name_parts'):
-                    pos_data['attendee_name_parts'] = {
-                        '_legacy': attendee_name
-                    }
+                answers_data = pos_data.pop('answers')
+                addon_to = pos_data.pop('addon_to')
                 pos = OrderPosition(**pos_data)
                 pos.order = order
                 pos._calculate_tax()
@@ -598,7 +490,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
                 pos.save()
                 pos_map[pos.positionid] = pos
                 for answ_data in answers_data:
-                    options = answ_data.pop('options', [])
+                    options = answ_data.pop('options')
                     answ = pos.answers.create(**answ_data)
                     answ.options.add(*options)
 
@@ -630,27 +522,3 @@ class InvoiceSerializer(I18nAwareModelSerializer):
                   'introductory_text', 'additional_text', 'payment_provider_text', 'footer_text', 'lines',
                   'foreign_currency_display', 'foreign_currency_rate', 'foreign_currency_rate_date',
                   'internal_reference')
-
-
-class OrderRefundCreateSerializer(I18nAwareModelSerializer):
-    payment = serializers.IntegerField(required=False, allow_null=True)
-    provider = serializers.CharField(required=True, allow_null=False, allow_blank=False)
-    info = CompatibleJSONField(required=False)
-
-    class Meta:
-        model = OrderRefund
-        fields = ('state', 'source', 'amount', 'payment', 'execution_date', 'provider', 'info')
-
-    def create(self, validated_data):
-        pid = validated_data.pop('payment', None)
-        if pid:
-            try:
-                p = self.context['order'].payments.get(local_id=pid)
-            except OrderPayment.DoesNotExist:
-                raise ValidationError('Unknown payment ID.')
-        else:
-            p = None
-
-        order = OrderRefund(order=self.context['order'], payment=p, **validated_data)
-        order.save()
-        return order

src/pretix/api/serializers/voucher.py

@@ -1,27 +1,7 @@
-from rest_framework import serializers
-from rest_framework.exceptions import ValidationError
-
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.base.models import Voucher
 
 
-class VoucherListSerializer(serializers.ListSerializer):
-    def create(self, validated_data):
-        codes = set()
-        errs = []
-        err = False
-        for voucher_data in validated_data:
-            if voucher_data['code'] in codes:
-                err = True
-                errs.append({'code': ['Duplicate voucher code in request.']})
-            else:
-                codes.add(voucher_data['code'])
-                errs.append({})
-        if err:
-            raise ValidationError(errs)
-        return super().create(validated_data)
-
-
 class VoucherSerializer(I18nAwareModelSerializer):
     class Meta:
         model = Voucher
@@ -29,7 +9,6 @@ class VoucherSerializer(I18nAwareModelSerializer):
                   'allow_ignore_quota', 'price_mode', 'value', 'item', 'variation', 'quota',
                   'tag', 'comment', 'subevent')
         read_only_fields = ('id', 'redeemed')
-        list_serializer_class = VoucherListSerializer
 
     def validate(self, data):
         data = super().validate(data)

src/pretix/api/serializers/waitinglist.py

@@ -8,7 +8,7 @@ class WaitingListSerializer(I18nAwareModelSerializer):
 
     class Meta:
         model = WaitingListEntry
-        fields = ('id', 'created', 'email', 'voucher', 'item', 'variation', 'locale', 'subevent', 'priority')
+        fields = ('id', 'created', 'email', 'voucher', 'item', 'variation', 'locale', 'subevent')
         read_only_fields = ('id', 'created', 'voucher')
 
     def validate(self, data):

src/pretix/api/serializers/webhooks.py

@@ -1,71 +0,0 @@
-from django.core.exceptions import ValidationError
-from rest_framework import serializers
-
-from pretix.api.models import WebHook
-from pretix.api.serializers.i18n import I18nAwareModelSerializer
-from pretix.api.webhooks import get_all_webhook_events
-from pretix.base.models import Event
-
-
-class EventRelatedField(serializers.SlugRelatedField):
-    def get_queryset(self):
-        return self.context['organizer'].events.all()
-
-
-class ActionTypesField(serializers.Field):
-    def to_representation(self, instance: WebHook):
-        return instance.action_types
-
-    def to_internal_value(self, data):
-        types = get_all_webhook_events()
-        for d in data:
-            if d not in types:
-                raise ValidationError('Invalid action type "%s".' % d)
-        return {'action_types': data}
-
-
-class WebHookSerializer(I18nAwareModelSerializer):
-    limit_events = EventRelatedField(
-        slug_field='slug',
-        queryset=Event.objects.none(),
-        many=True
-    )
-    action_types = ActionTypesField(source='*')
-
-    class Meta:
-        model = WebHook
-        fields = ('id', 'enabled', 'target_url', 'all_events', 'limit_events', 'action_types')
-
-    def validate(self, data):
-        data = super().validate(data)
-
-        full_data = self.to_internal_value(self.to_representation(self.instance)) if self.instance else {}
-        full_data.update(data)
-
-        for event in full_data.get('limit_events'):
-            if self.context['organizer'] != event.organizer:
-                raise ValidationError('One or more events do not belong to this organizer.')
-
-        if full_data.get('limit_events') and full_data.get('all_events'):
-            raise ValidationError('You can set either limit_events or all_events.')
-
-        return data
-
-    def create(self, validated_data):
-        action_types = validated_data.pop('action_types')
-        inst = super().create(validated_data)
-        for l in action_types:
-            inst.listeners.create(action_type=l)
-        return inst
-
-    def update(self, instance, validated_data):
-        action_types = validated_data.pop('action_types', None)
-        instance = super().update(instance, validated_data)
-        if action_types is not None:
-            current_listeners = set(instance.listeners.values_list('action_type', flat=True))
-            new_listeners = set(action_types)
-            for l in current_listeners - new_listeners:
-                instance.listeners.filter(action_type=l).delete()
-            for l in new_listeners - current_listeners:
-                instance.listeners.create(action_type=l)
-        return instance

src/pretix/api/signals.py

@@ -1,21 +0,0 @@
-from datetime import timedelta
-
-from django.dispatch import Signal, receiver
-from django.utils.timezone import now
-
-from pretix.api.models import WebHookCall
-from pretix.base.signals import periodic_task
-
-register_webhook_events = Signal(
-    providing_args=[]
-)
-"""
-This signal is sent out to get all known webhook events. Receivers should return an
-instance of a subclass of pretix.api.webhooks.WebhookEvent or a list of such
-instances.
-"""
-
-
-@receiver(periodic_task)
-def cleanup_webhook_logs(sender, **kwargs):
-    WebHookCall.objects.filter(datetime__lte=now() - timedelta(days=30)).delete()

src/pretix/api/urls.py

@@ -7,8 +7,7 @@ from rest_framework import routers
 from pretix.api.views import cart
 
 from .views import (
-    checkin, device, event, item, oauth, order, organizer, user, voucher,
-    waitinglist, webhooks,
+    checkin, event, item, oauth, order, organizer, voucher, waitinglist,
 )
 
 router = routers.DefaultRouter()
@@ -16,8 +15,6 @@ router.register(r'organizers', organizer.OrganizerViewSet)
 
 orga_router = routers.DefaultRouter()
 orga_router.register(r'events', event.EventViewSet)
-orga_router.register(r'subevents', event.SubEventViewSet)
-orga_router.register(r'webhooks', webhooks.WebHookViewSet)
 
 event_router = routers.DefaultRouter()
 event_router.register(r'subevents', event.SubEventViewSet)
@@ -45,10 +42,6 @@ item_router = routers.DefaultRouter()
 item_router.register(r'variations', item.ItemVariationViewSet)
 item_router.register(r'addons', item.ItemAddOnViewSet)
 
-order_router = routers.DefaultRouter()
-order_router.register(r'payments', order.PaymentViewSet)
-order_router.register(r'refunds', order.RefundViewSet)
-
 # Force import of all plugins to give them a chance to register URLs with the router
 for app in apps.get_app_configs():
     if hasattr(app, 'PretixPluginMeta'):
@@ -64,13 +57,7 @@ urlpatterns = [
         include(question_router.urls)),
     url(r'^organizers/(?P<organizer>[^/]+)/events/(?P<event>[^/]+)/checkinlists/(?P<list>[^/]+)/',
         include(checkinlist_router.urls)),
-    url(r'^organizers/(?P<organizer>[^/]+)/events/(?P<event>[^/]+)/orders/(?P<order>[^/]+)/', include(order_router.urls)),
     url(r"^oauth/authorize$", oauth.AuthorizationView.as_view(), name="authorize"),
     url(r"^oauth/token$", oauth.TokenView.as_view(), name="token"),
     url(r"^oauth/revoke_token$", oauth.RevokeTokenView.as_view(), name="revoke-token"),
-    url(r"^device/initialize$", device.InitializeView.as_view(), name="device.initialize"),
-    url(r"^device/update$", device.UpdateView.as_view(), name="device.update"),
-    url(r"^device/roll$", device.RollKeyView.as_view(), name="device.roll"),
-    url(r"^device/revoke$", device.RevokeKeyView.as_view(), name="device.revoke"),
-    url(r"^me$", user.MeView.as_view(), name="user.me"),
 ]

src/pretix/api/views/__init__.py

@@ -37,9 +37,6 @@ class ConditionalListView:
         if_unmodified_since = request.META.get('HTTP_IF_UNMODIFIED_SINCE')
         if if_unmodified_since:
             if_unmodified_since = parse_http_date_safe(if_unmodified_since)
-        if not hasattr(request, 'event'):
-            return super().list(request, **kwargs)
-
         lmd = request.event.logentry_set.filter(
             content_type__model=self.queryset.model._meta.model_name,
             content_type__app_label=self.queryset.model._meta.app_label,

src/pretix/api/views/checkin.py

@@ -1,7 +1,6 @@
 from django.core.exceptions import ValidationError
-from django.db.models import Count, F, Max, OuterRef, Prefetch, Q, Subquery
+from django.db.models import Count, F, Max, OuterRef, Prefetch, Subquery
 from django.db.models.functions import Coalesce
-from django.http import Http404
 from django.shortcuts import get_object_or_404
 from django.utils.functional import cached_property
 from django.utils.timezone import now
@@ -16,9 +15,7 @@ from pretix.api.serializers.item import QuestionSerializer
 from pretix.api.serializers.order import OrderPositionSerializer
 from pretix.api.views import RichOrderingFilter
 from pretix.api.views.order import OrderPositionFilter
-from pretix.base.models import (
-    Checkin, CheckinList, Event, Order, OrderPosition,
-)
+from pretix.base.models import Checkin, CheckinList, Order, OrderPosition
 from pretix.base.services.checkin import (
     CheckInError, RequiredQuestionsError, perform_checkin,
 )
@@ -35,7 +32,7 @@ class CheckinListViewSet(viewsets.ModelViewSet):
     serializer_class = CheckinListSerializer
     queryset = CheckinList.objects.none()
     filter_backends = (DjangoFilterBackend,)
-    filterset_class = CheckinListFilter
+    filter_class = CheckinListFilter
     permission = 'can_view_orders'
     write_permission = 'can_change_event_settings'
 
@@ -156,7 +153,7 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderPositionSerializer
     queryset = OrderPosition.objects.none()
     filter_backends = (DjangoFilterBackend, RichOrderingFilter)
-    ordering = ('attendee_name_cached', 'positionid')
+    ordering = ('attendee_name', 'positionid')
     ordering_fields = (
         'order__code', 'order__datetime', 'positionid', 'attendee_name',
         'last_checked_in', 'order__email',
@@ -164,11 +161,11 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
     ordering_custom = {
         'attendee_name': {
             '_order': F('display_name').asc(nulls_first=True),
-            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
+            'display_name': Coalesce('attendee_name', 'addon_to__attendee_name')
         },
         '-attendee_name': {
             '_order': F('display_name').desc(nulls_last=True),
-            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
+            'display_name': Coalesce('attendee_name', 'addon_to__attendee_name')
         },
         'last_checked_in': {
             '_order': FixedOrderBy(F('last_checked_in'), nulls_first=True),
@@ -178,16 +175,13 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
         },
     }
 
-    filterset_class = CheckinOrderPositionFilter
+    filter_class = CheckinOrderPositionFilter
     permission = 'can_view_orders'
     write_permission = 'can_change_orders'
 
     @cached_property
     def checkinlist(self):
-        try:
-            return get_object_or_404(CheckinList, event=self.request.event, pk=self.kwargs.get("list"))
-        except ValueError:
-            raise Http404()
+        return get_object_or_404(CheckinList, event=self.request.event, pk=self.kwargs.get("list"))
 
     def get_queryset(self):
         cqs = Checkin.objects.filter(
@@ -203,39 +197,12 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
             subevent=self.checkinlist.subevent
         ).annotate(
             last_checked_in=Subquery(cqs)
-        )
-        if self.request.query_params.get('pdf_data', 'false') == 'true':
-            qs = qs.prefetch_related(
-                Prefetch(
-                    lookup='checkins',
-                    queryset=Checkin.objects.filter(list_id=self.checkinlist.pk)
-                ),
-                'checkins', 'answers', 'answers__options', 'answers__question',
-                Prefetch('addons', OrderPosition.objects.select_related('item', 'variation')),
-                Prefetch('order', Order.objects.select_related('invoice_address').prefetch_related(
-                    Prefetch(
-                        'event',
-                        Event.objects.select_related('organizer')
-                    ),
-                    Prefetch(
-                        'positions',
-                        OrderPosition.objects.prefetch_related(
-                            'checkins', 'item', 'variation', 'answers', 'answers__options', 'answers__question',
-                        )
-                    )
-                ))
-            ).select_related(
-                'item', 'variation', 'item__category', 'addon_to'
+        ).prefetch_related(
+            Prefetch(
+                lookup='checkins',
+                queryset=Checkin.objects.filter(list_id=self.checkinlist.pk)
             )
-        else:
-            qs = qs.prefetch_related(
-                Prefetch(
-                    lookup='checkins',
-                    queryset=Checkin.objects.filter(list_id=self.checkinlist.pk)
-                ),
-                'answers', 'answers__options', 'answers__question',
-                Prefetch('addons', OrderPosition.objects.select_related('item', 'variation'))
-            ).select_related('item', 'variation', 'order', 'addon_to', 'order__invoice_address')
+        ).select_related('item', 'variation', 'order', 'addon_to')
 
         if not self.checkinlist.all_products:
             qs = qs.filter(item__in=self.checkinlist.limit_products.values_list('id', flat=True))
@@ -273,15 +240,11 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
                 ignore_unpaid=ignore_unpaid,
                 nonce=nonce,
                 datetime=dt,
-                questions_supported=self.request.data.get('questions_supported', True),
-                user=self.request.user,
-                auth=self.request.auth,
+                questions_supported=self.request.data.get('questions_supported', True)
             )
         except RequiredQuestionsError as e:
             return Response({
                 'status': 'incomplete',
-                'require_attention': op.item.checkin_attention or op.order.checkin_attention,
-                'position': OrderPositionSerializer(op, context=self.get_serializer_context()).data,
                 'questions': [
                     QuestionSerializer(q).data for q in e.questions
                 ]
@@ -289,21 +252,9 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
         except CheckInError as e:
             return Response({
                 'status': 'error',
-                'reason': e.code,
-                'require_attention': op.item.checkin_attention or op.order.checkin_attention,
-                'position': OrderPositionSerializer(op, context=self.get_serializer_context()).data
+                'reason': e.code
             }, status=400)
         else:
             return Response({
                 'status': 'ok',
-                'require_attention': op.item.checkin_attention or op.order.checkin_attention,
-                'position': OrderPositionSerializer(op, context=self.get_serializer_context()).data
             }, status=201)
-
-    def get_object(self):
-        queryset = self.filter_queryset(self.get_queryset())
-        if self.kwargs['pk'].isnumeric():
-            obj = get_object_or_404(queryset, Q(pk=self.kwargs['pk']) | Q(secret=self.kwargs['pk']))
-        else:
-            obj = get_object_or_404(queryset, secret=self.kwargs['pk'])
-        return obj

src/pretix/api/views/device.py

@@ -1,113 +0,0 @@
-import logging
-
-from django.utils.timezone import now
-from rest_framework import serializers
-from rest_framework.exceptions import ValidationError
-from rest_framework.response import Response
-from rest_framework.views import APIView
-
-from pretix.api.auth.device import DeviceTokenAuthentication
-from pretix.base.models import Device
-from pretix.base.models.devices import generate_api_token
-
-logger = logging.getLogger(__name__)
-
-
-class InitializationRequestSerializer(serializers.Serializer):
-    token = serializers.CharField(max_length=190)
-    hardware_brand = serializers.CharField(max_length=190)
-    hardware_model = serializers.CharField(max_length=190)
-    software_brand = serializers.CharField(max_length=190)
-    software_version = serializers.CharField(max_length=190)
-
-
-class UpdateRequestSerializer(serializers.Serializer):
-    hardware_brand = serializers.CharField(max_length=190)
-    hardware_model = serializers.CharField(max_length=190)
-    software_brand = serializers.CharField(max_length=190)
-    software_version = serializers.CharField(max_length=190)
-
-
-class DeviceSerializer(serializers.ModelSerializer):
-    organizer = serializers.SlugRelatedField(slug_field='slug', read_only=True)
-
-    class Meta:
-        model = Device
-        fields = [
-            'organizer', 'device_id', 'unique_serial', 'api_token',
-            'name'
-        ]
-
-
-class InitializeView(APIView):
-    authentication_classes = tuple()
-    permission_classes = tuple()
-
-    def post(self, request, format=None):
-        serializer = InitializationRequestSerializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-
-        try:
-            device = Device.objects.get(initialization_token=serializer.validated_data.get('token'))
-        except Device.DoesNotExist:
-            raise ValidationError({'token': ['Unknown initialization token.']})
-
-        if device.initialized:
-            raise ValidationError({'token': ['This initialization token has already been used.']})
-
-        device.initialized = now()
-        device.hardware_brand = serializer.validated_data.get('hardware_brand')
-        device.hardware_model = serializer.validated_data.get('hardware_model')
-        device.software_brand = serializer.validated_data.get('software_brand')
-        device.software_version = serializer.validated_data.get('software_version')
-        device.api_token = generate_api_token()
-        device.save()
-
-        device.log_action('pretix.device.initialized', data=serializer.validated_data, auth=device)
-
-        serializer = DeviceSerializer(device)
-        return Response(serializer.data)
-
-
-class UpdateView(APIView):
-    authentication_classes = (DeviceTokenAuthentication,)
-
-    def post(self, request, format=None):
-        serializer = UpdateRequestSerializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        device = request.auth
-        device.hardware_brand = serializer.validated_data.get('hardware_brand')
-        device.hardware_model = serializer.validated_data.get('hardware_model')
-        device.software_brand = serializer.validated_data.get('software_brand')
-        device.software_version = serializer.validated_data.get('software_version')
-        device.save()
-        device.log_action('pretix.device.updated', data=serializer.validated_data, auth=device)
-
-        serializer = DeviceSerializer(device)
-        return Response(serializer.data)
-
-
-class RollKeyView(APIView):
-    authentication_classes = (DeviceTokenAuthentication,)
-
-    def post(self, request, format=None):
-        device = request.auth
-        device.api_token = generate_api_token()
-        device.save()
-        device.log_action('pretix.device.keyroll', auth=device)
-
-        serializer = DeviceSerializer(device)
-        return Response(serializer.data)
-
-
-class RevokeKeyView(APIView):
-    authentication_classes = (DeviceTokenAuthentication,)
-
-    def post(self, request, format=None):
-        device = request.auth
-        device.api_token = None
-        device.save()
-        device.log_action('pretix.device.revoked', auth=device)
-
-        serializer = DeviceSerializer(device)
-        return Response(serializer.data)

src/pretix/api/views/event.py

@@ -1,7 +1,5 @@
-import django_filters
 from django.db import transaction
-from django.db.models import ProtectedError, Q
-from django.utils.timezone import now
+from django.db.models import ProtectedError
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import filters, viewsets
 from rest_framework.exceptions import PermissionDenied
@@ -12,79 +10,20 @@ from pretix.api.serializers.event import (
     TaxRuleSerializer,
 )
 from pretix.api.views import ConditionalListView
-from pretix.base.models import (
-    Device, Event, ItemCategory, TaxRule, TeamAPIToken,
-)
+from pretix.base.models import Event, ItemCategory, TaxRule
 from pretix.base.models.event import SubEvent
 from pretix.helpers.dicts import merge_dicts
 
 
-class EventFilter(FilterSet):
-    is_past = django_filters.rest_framework.BooleanFilter(method='is_past_qs')
-    is_future = django_filters.rest_framework.BooleanFilter(method='is_future_qs')
-    ends_after = django_filters.rest_framework.IsoDateTimeFilter(method='ends_after_qs')
-
-    class Meta:
-        model = Event
-        fields = ['is_public', 'live', 'has_subevents']
-
-    def ends_after_qs(self, queryset, name, value):
-        expr = (
-            Q(has_subevents=False) &
-            Q(
-                Q(Q(date_to__isnull=True) & Q(date_from__gte=value))
-                | Q(Q(date_to__isnull=False) & Q(date_to__gte=value))
-            )
-        )
-        return queryset.filter(expr)
-
-    def is_past_qs(self, queryset, name, value):
-        expr = (
-            Q(has_subevents=False) &
-            Q(
-                Q(Q(date_to__isnull=True) & Q(date_from__lt=now()))
-                | Q(Q(date_to__isnull=False) & Q(date_to__lt=now()))
-            )
-        )
-        if value:
-            return queryset.filter(expr)
-        else:
-            return queryset.exclude(expr)
-
-    def is_future_qs(self, queryset, name, value):
-        expr = (
-            Q(has_subevents=False) &
-            Q(
-                Q(Q(date_to__isnull=True) & Q(date_from__gte=now()))
-                | Q(Q(date_to__isnull=False) & Q(date_to__gte=now()))
-            )
-        )
-        if value:
-            return queryset.filter(expr)
-        else:
-            return queryset.exclude(expr)
-
-
 class EventViewSet(viewsets.ModelViewSet):
     serializer_class = EventSerializer
     queryset = Event.objects.none()
     lookup_field = 'slug'
     lookup_url_kwarg = 'event'
     permission_classes = (EventCRUDPermission,)
-    filter_backends = (DjangoFilterBackend, filters.OrderingFilter)
-    filterset_class = EventFilter
 
     def get_queryset(self):
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            qs = self.request.auth.get_events_with_any_permission()
-        elif self.request.user.is_authenticated:
-            qs = self.request.user.get_events_with_any_permission(self.request).filter(
-                organizer=self.request.organizer
-            )
-
-        return qs.prefetch_related(
-            'meta_values', 'meta_values__property'
-        )
+        return self.request.organizer.events.prefetch_related('meta_values', 'meta_values__property')
 
     def perform_update(self, serializer):
         current_live_value = serializer.instance.live
@@ -181,62 +120,19 @@ class CloneEventViewSet(viewsets.ModelViewSet):
 
 
 class SubEventFilter(FilterSet):
-    is_past = django_filters.rest_framework.BooleanFilter(method='is_past_qs')
-    is_future = django_filters.rest_framework.BooleanFilter(method='is_future_qs')
-    ends_after = django_filters.rest_framework.IsoDateTimeFilter(method='ends_after_qs')
-
     class Meta:
         model = SubEvent
-        fields = ['active', 'event__live']
-
-    def ends_after_qs(self, queryset, name, value):
-        expr = Q(
-            Q(Q(date_to__isnull=True) & Q(date_from__gte=value))
-            | Q(Q(date_to__isnull=False) & Q(date_to__gte=value))
-        )
-        return queryset.filter(expr)
-
-    def is_past_qs(self, queryset, name, value):
-        expr = Q(
-            Q(Q(date_to__isnull=True) & Q(date_from__lt=now()))
-            | Q(Q(date_to__isnull=False) & Q(date_to__lt=now()))
-        )
-        if value:
-            return queryset.filter(expr)
-        else:
-            return queryset.exclude(expr)
-
-    def is_future_qs(self, queryset, name, value):
-        expr = Q(
-            Q(Q(date_to__isnull=True) & Q(date_from__gte=now()))
-            | Q(Q(date_to__isnull=False) & Q(date_to__gte=now()))
-        )
-        if value:
-            return queryset.filter(expr)
-        else:
-            return queryset.exclude(expr)
+        fields = ['active']
 
 
 class SubEventViewSet(ConditionalListView, viewsets.ReadOnlyModelViewSet):
     serializer_class = SubEventSerializer
     queryset = ItemCategory.objects.none()
     filter_backends = (DjangoFilterBackend, filters.OrderingFilter)
-    filterset_class = SubEventFilter
+    filter_class = SubEventFilter
 
     def get_queryset(self):
-        if getattr(self.request, 'event', None):
-            qs = self.request.event.subevents
-        elif isinstance(self.request.auth, (TeamAPIToken, Device)):
-            qs = SubEvent.objects.filter(
-                event__organizer=self.request.organizer,
-                event__in=self.request.auth.get_events_with_any_permission()
-            )
-        elif self.request.user.is_authenticated:
-            qs = SubEvent.objects.filter(
-                event__organizer=self.request.organizer,
-                event__in=self.request.user.get_events_with_any_permission()
-            )
-        return qs.prefetch_related(
+        return self.request.event.subevents.prefetch_related(
             'subeventitem_set', 'subeventitemvariation_set'
         )
 

src/pretix/api/views/item.py

@@ -41,8 +41,8 @@ class ItemViewSet(ConditionalListView, viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
-    filterset_class = ItemFilter
-    permission = None
+    filter_class = ItemFilter
+    permission = 'can_change_items'
     write_permission = 'can_change_items'
 
     def get_queryset(self):
@@ -83,7 +83,6 @@ class ItemViewSet(ConditionalListView, viewsets.ModelViewSet):
             user=self.request.user,
             auth=self.request.auth,
         )
-        self.get_object().cartposition_set.all().delete()
         super().perform_destroy(instance)
 
 
@@ -93,7 +92,7 @@ class ItemVariationViewSet(viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter,)
     ordering_fields = ('id', 'position')
     ordering = ('id',)
-    permission = None
+    permission = 'can_change_items'
     write_permission = 'can_change_items'
 
     def get_queryset(self):
@@ -155,7 +154,7 @@ class ItemAddOnViewSet(viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter,)
     ordering_fields = ('id', 'position')
     ordering = ('id',)
-    permission = None
+    permission = 'can_change_items'
     write_permission = 'can_change_items'
 
     def get_queryset(self):
@@ -208,10 +207,10 @@ class ItemCategoryViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = ItemCategorySerializer
     queryset = ItemCategory.objects.none()
     filter_backends = (DjangoFilterBackend, OrderingFilter)
-    filterset_class = ItemCategoryFilter
+    filter_class = ItemCategoryFilter
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
-    permission = None
+    permission = 'can_change_items'
     write_permission = 'can_change_items'
 
     def get_queryset(self):
@@ -262,11 +261,10 @@ class QuestionViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = QuestionSerializer
     queryset = Question.objects.none()
     filter_backends = (DjangoFilterBackend, OrderingFilter)
-    filterset_class = QuestionFilter
+    filter_class = QuestionFilter
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
-    permission = None
-    write_permission = 'can_change_items'
+    permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.questions.prefetch_related('options').all()
@@ -309,7 +307,7 @@ class QuestionOptionViewSet(viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter,)
     ordering_fields = ('id', 'position')
     ordering = ('position',)
-    permission = None
+    permission = 'can_change_items'
     write_permission = 'can_change_items'
 
     def get_queryset(self):
@@ -361,10 +359,10 @@ class QuotaViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = QuotaSerializer
     queryset = Quota.objects.none()
     filter_backends = (DjangoFilterBackend, OrderingFilter,)
-    filterset_class = QuotaFilter
+    filter_class = QuotaFilter
     ordering_fields = ('id', 'size')
     ordering = ('id',)
-    permission = None
+    permission = 'can_change_items'
     write_permission = 'can_change_items'
 
     def get_queryset(self):

src/pretix/api/views/order.py

@@ -1,66 +1,63 @@
 import datetime
-from decimal import Decimal
 
 import django_filters
 import pytz
 from django.db import transaction
-from django.db.models import F, Prefetch, Q
-from django.db.models.functions import Coalesce, Concat
+from django.db.models import Q
+from django.db.models.functions import Concat
 from django.http import FileResponse
-from django.shortcuts import get_object_or_404
 from django.utils.timezone import make_aware, now
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
-from rest_framework import mixins, serializers, status, viewsets
+from rest_framework import serializers, status, viewsets
 from rest_framework.decorators import detail_route
 from rest_framework.exceptions import (
     APIException, NotFound, PermissionDenied, ValidationError,
 )
 from rest_framework.filters import OrderingFilter
-from rest_framework.mixins import CreateModelMixin, DestroyModelMixin
+from rest_framework.mixins import CreateModelMixin
 from rest_framework.response import Response
 
 from pretix.api.models import OAuthAccessToken
 from pretix.api.serializers.order import (
-    InvoiceSerializer, OrderCreateSerializer, OrderPaymentSerializer,
-    OrderPositionSerializer, OrderRefundCreateSerializer,
-    OrderRefundSerializer, OrderSerializer,
+    InvoiceSerializer, OrderCreateSerializer, OrderPositionSerializer,
+    OrderSerializer,
 )
 from pretix.base.models import (
-    CachedCombinedTicket, CachedTicket, Device, Event, Invoice, Order,
-    OrderPayment, OrderPosition, OrderRefund, Quota, TeamAPIToken,
+    Invoice, Order, OrderPosition, Quota, TeamAPIToken,
 )
-from pretix.base.payment import PaymentException
 from pretix.base.services.invoices import (
     generate_cancellation, generate_invoice, invoice_pdf, invoice_qualified,
     regenerate_invoice,
 )
 from pretix.base.services.mail import SendMailException
 from pretix.base.services.orders import (
-    OrderChangeManager, OrderError, approve_order, cancel_order, deny_order,
-    extend_order, mark_order_expired, mark_order_refunded,
+    OrderError, cancel_order, extend_order, mark_order_expired,
+    mark_order_paid, mark_order_refunded,
+)
+from pretix.base.services.tickets import (
+    get_cachedticket_for_order, get_cachedticket_for_position,
 )
-from pretix.base.services.tickets import generate
 from pretix.base.signals import order_placed, register_ticket_outputs
 
 
 class OrderFilter(FilterSet):
-    email = django_filters.CharFilter(field_name='email', lookup_expr='iexact')
-    code = django_filters.CharFilter(field_name='code', lookup_expr='iexact')
-    status = django_filters.CharFilter(field_name='status', lookup_expr='iexact')
-    modified_since = django_filters.IsoDateTimeFilter(field_name='last_modified', lookup_expr='gte')
+    email = django_filters.CharFilter(name='email', lookup_expr='iexact')
+    code = django_filters.CharFilter(name='code', lookup_expr='iexact')
+    status = django_filters.CharFilter(name='status', lookup_expr='iexact')
+    modified_since = django_filters.IsoDateTimeFilter(name='last_modified', lookup_expr='gte')
 
     class Meta:
         model = Order
-        fields = ['code', 'status', 'email', 'locale', 'testmode', 'require_approval']
+        fields = ['code', 'status', 'email', 'locale']
 
 
-class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelViewSet):
+class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderSerializer
     queryset = Order.objects.none()
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('datetime',)
-    ordering_fields = ('datetime', 'code', 'status', 'last_modified')
-    filterset_class = OrderFilter
+    ordering_fields = ('datetime', 'code', 'status')
+    filter_class = OrderFilter
     lookup_field = 'code'
     permission = 'can_view_orders'
     write_permission = 'can_change_orders'
@@ -71,35 +68,13 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
         return ctx
 
     def get_queryset(self):
-        qs = self.request.event.orders.prefetch_related(
-            'fees', 'payments', 'refunds', 'refunds__payment'
+        return self.request.event.orders.prefetch_related(
+            'positions', 'positions__checkins', 'positions__item', 'positions__answers', 'positions__answers__options',
+            'positions__answers__question', 'fees'
         ).select_related(
             'invoice_address'
         )
 
-        if self.request.query_params.get('pdf_data', 'false') == 'true':
-            qs = qs.prefetch_related(
-                Prefetch(
-                    'positions',
-                    OrderPosition.objects.all().prefetch_related(
-                        'checkins', 'item', 'variation', 'answers', 'answers__options', 'answers__question',
-                        'item__category', 'addon_to',
-                        Prefetch('addons', OrderPosition.objects.select_related('item', 'variation'))
-                    )
-                )
-            )
-        else:
-            qs = qs.prefetch_related(
-                Prefetch(
-                    'positions',
-                    OrderPosition.objects.all().prefetch_related(
-                        'checkins', 'item', 'variation', 'answers', 'answers__options', 'answers__question',
-                    )
-                )
-            )
-
-        return qs
-
     def _get_output_provider(self, identifier):
         responses = register_ticket_outputs.send(self.request.event)
         for receiver, response in responses:
@@ -130,11 +105,9 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
         if order.status != Order.STATUS_PAID:
             raise PermissionDenied("Downloads are not available for unpaid orders.")
 
-        ct = CachedCombinedTicket.objects.filter(
-            order=order, provider=provider.identifier, file__isnull=False
-        ).last()
-        if not ct or not ct.file:
-            generate.apply_async(args=('order', order.pk, provider.identifier))
+        ct = get_cachedticket_for_order(order, provider.identifier)
+
+        if not ct.file:
             raise RetryException()
         else:
             resp = FileResponse(ct.file.file, content_type=ct.type)
@@ -149,33 +122,14 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
         order = self.get_object()
 
         if order.status in (Order.STATUS_PENDING, Order.STATUS_EXPIRED):
-
-            ps = order.pending_sum
             try:
-                p = order.payments.get(
-                    state__in=(OrderPayment.PAYMENT_STATE_PENDING, OrderPayment.PAYMENT_STATE_CREATED),
-                    provider='manual',
-                    amount=ps
+                mark_order_paid(
+                    order, manual=True,
+                    user=request.user if request.user.is_authenticated else None,
+                    auth=request.auth,
                 )
-            except OrderPayment.DoesNotExist:
-                order.payments.filter(state__in=(OrderPayment.PAYMENT_STATE_PENDING,
-                                                 OrderPayment.PAYMENT_STATE_CREATED)) \
-                    .update(state=OrderPayment.PAYMENT_STATE_CANCELED)
-                p = order.payments.create(
-                    state=OrderPayment.PAYMENT_STATE_CREATED,
-                    provider='manual',
-                    amount=ps,
-                    fee=None
-                )
-
-            try:
-                p.confirm(auth=self.request.auth,
-                          user=self.request.user if request.user.is_authenticated else None,
-                          count_waitinglist=False)
             except Quota.QuotaExceededException as e:
                 return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-            except PaymentException as e:
-                return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
             except SendMailException:
                 pass
 
@@ -188,12 +142,6 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
     @detail_route(methods=['POST'])
     def mark_canceled(self, request, **kwargs):
         send_mail = request.data.get('send_email', True)
-        cancellation_fee = request.data.get('cancellation_fee', None)
-        if cancellation_fee:
-            try:
-                cancellation_fee = float(Decimal(cancellation_fee))
-            except:
-                cancellation_fee = None
 
         order = self.get_object()
         if not order.cancel_allowed():
@@ -202,57 +150,13 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
                 status=status.HTTP_400_BAD_REQUEST
             )
 
-        try:
-            cancel_order(
-                order,
-                user=request.user if request.user.is_authenticated else None,
-                api_token=request.auth if isinstance(request.auth, TeamAPIToken) else None,
-                device=request.auth if isinstance(request.auth, Device) else None,
-                oauth_application=request.auth.application if isinstance(request.auth, OAuthAccessToken) else None,
-                send_mail=send_mail,
-                cancellation_fee=cancellation_fee
-            )
-        except OrderError as e:
-            return Response(
-                {'detail': str(e)},
-                status=status.HTTP_400_BAD_REQUEST
-            )
-        return self.retrieve(request, [], **kwargs)
-
-    @detail_route(methods=['POST'])
-    def approve(self, request, **kwargs):
-        send_mail = request.data.get('send_email', True)
-
-        order = self.get_object()
-        try:
-            approve_order(
-                order,
-                user=request.user if request.user.is_authenticated else None,
-                auth=request.auth if isinstance(request.auth, (Device, TeamAPIToken, OAuthAccessToken)) else None,
-                send_mail=send_mail,
-            )
-        except Quota.QuotaExceededException as e:
-            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-        except OrderError as e:
-            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-        return self.retrieve(request, [], **kwargs)
-
-    @detail_route(methods=['POST'])
-    def deny(self, request, **kwargs):
-        send_mail = request.data.get('send_email', True)
-        comment = request.data.get('comment', '')
-
-        order = self.get_object()
-        try:
-            deny_order(
-                order,
-                user=request.user if request.user.is_authenticated else None,
-                auth=request.auth if isinstance(request.auth, (Device, TeamAPIToken, OAuthAccessToken)) else None,
-                send_mail=send_mail,
-                comment=comment,
-            )
-        except OrderError as e:
-            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        cancel_order(
+            order,
+            user=request.user if request.user.is_authenticated else None,
+            api_token=request.auth if isinstance(request.auth, TeamAPIToken) else None,
+            oauth_application=request.auth.application if isinstance(request.auth, OAuthAccessToken) else None,
+            send_mail=send_mail
+        )
         return self.retrieve(request, [], **kwargs)
 
     @detail_route(methods=['POST'])
@@ -266,7 +170,8 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
             )
 
         order.status = Order.STATUS_PENDING
-        order.save(update_fields=['status'])
+        order.payment_manual = True
+        order.save()
         order.log_action(
             'pretix.event.order.unpaid',
             user=request.user if request.user.is_authenticated else None,
@@ -304,7 +209,7 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
         mark_order_refunded(
             order,
             user=request.user if request.user.is_authenticated else None,
-            auth=(request.auth if isinstance(request.auth, (TeamAPIToken, OAuthAccessToken, Device)) else None),
+            api_token=(request.auth if isinstance(request.auth, TeamAPIToken) else None),
         )
         return self.retrieve(request, [], **kwargs)
 
@@ -378,16 +283,9 @@ class OrderViewSet(DestroyModelMixin, CreateModelMixin, viewsets.ReadOnlyModelVi
     def perform_create(self, serializer):
         serializer.save()
 
-    def perform_destroy(self, instance):
-        if not instance.testmode:
-            raise PermissionDenied('Only test mode orders can be deleted.')
-
-        with transaction.atomic():
-            self.get_object().gracefully_delete(user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
-
 
 class OrderPositionFilter(FilterSet):
-    order = django_filters.CharFilter(field_name='order', lookup_expr='code__iexact')
+    order = django_filters.CharFilter(name='order', lookup_expr='code__iexact')
     has_checkin = django_filters.rest_framework.BooleanFilter(method='has_checkin_qs')
     attendee_name = django_filters.CharFilter(method='attendee_name_qs')
     search = django_filters.CharFilter(method='search_qs')
@@ -395,18 +293,17 @@ class OrderPositionFilter(FilterSet):
     def search_qs(self, queryset, name, value):
         return queryset.filter(
             Q(secret__istartswith=value)
-            | Q(attendee_name_cached__icontains=value)
-            | Q(addon_to__attendee_name_cached__icontains=value)
+            | Q(attendee_name__icontains=value)
+            | Q(addon_to__attendee_name__icontains=value)
             | Q(order__code__istartswith=value)
-            | Q(order__invoice_address__name_cached__icontains=value)
-            | Q(order__email__icontains=value)
+            | Q(order__invoice_address__name__icontains=value)
         )
 
     def has_checkin_qs(self, queryset, name, value):
         return queryset.filter(checkins__isnull=not value)
 
     def attendee_name_qs(self, queryset, name, value):
-        return queryset.filter(Q(attendee_name_cached__iexact=value) | Q(addon_to__attendee_name_cached__iexact=value))
+        return queryset.filter(Q(attendee_name__iexact=value) | Q(addon_to__attendee_name__iexact=value))
 
     class Meta:
         model = OrderPosition
@@ -416,61 +313,25 @@ class OrderPositionFilter(FilterSet):
             'secret': ['exact'],
             'order__status': ['exact', 'in'],
             'addon_to': ['exact', 'in'],
-            'subevent': ['exact', 'in'],
-            'pseudonymization_id': ['exact'],
-            'voucher__code': ['exact'],
-            'voucher': ['exact'],
+            'subevent': ['exact', 'in']
         }
 
 
-class OrderPositionViewSet(mixins.DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
+class OrderPositionViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderPositionSerializer
     queryset = OrderPosition.objects.none()
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('order__datetime', 'positionid')
     ordering_fields = ('order__code', 'order__datetime', 'positionid', 'attendee_name', 'order__status',)
-    filterset_class = OrderPositionFilter
+    filter_class = OrderPositionFilter
     permission = 'can_view_orders'
-    write_permission = 'can_change_orders'
-    ordering_custom = {
-        'attendee_name': {
-            '_order': F('display_name').asc(nulls_first=True),
-            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
-        },
-        '-attendee_name': {
-            '_order': F('display_name').asc(nulls_last=True),
-            'display_name': Coalesce('attendee_name_cached', 'addon_to__attendee_name_cached')
-        },
-    }
 
     def get_queryset(self):
-        qs = OrderPosition.objects.filter(order__event=self.request.event)
-        if self.request.query_params.get('pdf_data', 'false') == 'true':
-            qs = qs.prefetch_related(
-                'checkins', 'answers', 'answers__options', 'answers__question',
-                Prefetch('addons', OrderPosition.objects.select_related('item', 'variation')),
-                Prefetch('order', Order.objects.select_related('invoice_address').prefetch_related(
-                    Prefetch(
-                        'event',
-                        Event.objects.select_related('organizer')
-                    ),
-                    Prefetch(
-                        'positions',
-                        OrderPosition.objects.prefetch_related(
-                            'checkins', 'item', 'variation', 'answers', 'answers__options', 'answers__question',
-                        )
-                    )
-                ))
-            ).select_related(
-                'item', 'variation', 'item__category', 'addon_to'
-            )
-        else:
-            qs = qs.prefetch_related(
-                'checkins', 'answers', 'answers__options', 'answers__question'
-            ).select_related(
-                'item', 'order', 'order__event', 'order__event__organizer'
-            )
-        return qs
+        return OrderPosition.objects.filter(order__event=self.request.event).prefetch_related(
+            'checkins', 'answers', 'answers__options', 'answers__question'
+        ).select_related(
+            'item', 'order', 'order__event', 'order__event__organizer'
+        )
 
     def _get_output_provider(self, identifier):
         responses = register_ticket_outputs.send(self.request.event)
@@ -487,14 +348,14 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, viewsets.ReadOnlyModelViewS
 
         if pos.order.status != Order.STATUS_PAID:
             raise PermissionDenied("Downloads are not available for unpaid orders.")
-        if not pos.generate_ticket:
-            raise PermissionDenied("Downloads are not enabled for this product.")
+        if pos.addon_to_id and not request.event.settings.ticket_download_addons:
+            raise PermissionDenied("Downloads are not enabled for add-on products.")
+        if not pos.item.admission and not request.event.settings.ticket_download_nonadm:
+            raise PermissionDenied("Downloads are not enabled for non-admission products.")
 
-        ct = CachedTicket.objects.filter(
-            order_position=pos, provider=provider.identifier, file__isnull=False
-        ).last()
-        if not ct or not ct.file:
-            generate.apply_async(args=('orderposition', pos.pk, provider.identifier))
+        ct = get_cachedticket_for_position(pos, provider.identifier)
+
+        if not ct.file:
             raise RetryException()
         else:
             resp = FileResponse(ct.file.file, content_type=ct.type)
@@ -504,242 +365,11 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, viewsets.ReadOnlyModelViewS
             )
             return resp
 
-    def perform_destroy(self, instance):
-        try:
-            ocm = OrderChangeManager(
-                instance.order,
-                user=self.request.user if self.request.user.is_authenticated else None,
-                auth=self.request.auth,
-                notify=False
-            )
-            ocm.cancel(instance)
-            ocm.commit()
-        except OrderError as e:
-            raise ValidationError(str(e))
-        except Quota.QuotaExceededException as e:
-            raise ValidationError(str(e))
-
-
-class PaymentViewSet(viewsets.ReadOnlyModelViewSet):
-    serializer_class = OrderPaymentSerializer
-    queryset = OrderPayment.objects.none()
-    permission = 'can_view_orders'
-    write_permission = 'can_change_orders'
-    lookup_field = 'local_id'
-
-    def get_queryset(self):
-        order = get_object_or_404(Order, code=self.kwargs['order'], event=self.request.event)
-        return order.payments.all()
-
-    @detail_route(methods=['POST'])
-    def confirm(self, request, **kwargs):
-        payment = self.get_object()
-        force = request.data.get('force', False)
-
-        if payment.state not in (OrderPayment.PAYMENT_STATE_PENDING, OrderPayment.PAYMENT_STATE_CREATED):
-            return Response({'detail': 'Invalid state of payment'}, status=status.HTTP_400_BAD_REQUEST)
-
-        try:
-            payment.confirm(user=self.request.user if self.request.user.is_authenticated else None,
-                            auth=self.request.auth,
-                            count_waitinglist=False,
-                            force=force)
-        except Quota.QuotaExceededException as e:
-            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-        except PaymentException as e:
-            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
-        except SendMailException:
-            pass
-        return self.retrieve(request, [], **kwargs)
-
-    @detail_route(methods=['POST'])
-    def refund(self, request, **kwargs):
-        payment = self.get_object()
-        amount = serializers.DecimalField(max_digits=10, decimal_places=2).to_internal_value(
-            request.data.get('amount', str(payment.amount))
-        )
-        if 'mark_refunded' in request.data:
-            mark_refunded = request.data.get('mark_refunded', False)
-        else:
-            mark_refunded = request.data.get('mark_canceled', False)
-
-        if payment.state != OrderPayment.PAYMENT_STATE_CONFIRMED:
-            return Response({'detail': 'Invalid state of payment.'}, status=status.HTTP_400_BAD_REQUEST)
-
-        full_refund_possible = payment.payment_provider.payment_refund_supported(payment)
-        partial_refund_possible = payment.payment_provider.payment_partial_refund_supported(payment)
-        available_amount = payment.amount - payment.refunded_amount
-
-        if amount <= 0:
-            return Response({'amount': ['Invalid refund amount.']}, status=status.HTTP_400_BAD_REQUEST)
-        if amount > available_amount:
-            return Response(
-                {'amount': ['Invalid refund amount, only {} are available to refund.'.format(available_amount)]},
-                status=status.HTTP_400_BAD_REQUEST)
-        if amount != payment.amount and not partial_refund_possible:
-            return Response({'amount': ['Partial refund not available for this payment method.']},
-                            status=status.HTTP_400_BAD_REQUEST)
-        if amount == payment.amount and not full_refund_possible:
-            return Response({'amount': ['Full refund not available for this payment method.']},
-                            status=status.HTTP_400_BAD_REQUEST)
-        r = payment.order.refunds.create(
-            payment=payment,
-            source=OrderRefund.REFUND_SOURCE_ADMIN,
-            state=OrderRefund.REFUND_STATE_CREATED,
-            amount=amount,
-            provider=payment.provider
-        )
-
-        try:
-            r.payment_provider.execute_refund(r)
-        except PaymentException as e:
-            r.state = OrderRefund.REFUND_STATE_FAILED
-            r.save()
-            return Response({'detail': 'External error: {}'.format(str(e))},
-                            status=status.HTTP_400_BAD_REQUEST)
-        else:
-            payment.order.log_action('pretix.event.order.refund.created', {
-                'local_id': r.local_id,
-                'provider': r.provider,
-            }, user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
-            if payment.order.pending_sum > 0:
-                if mark_refunded:
-                    mark_order_refunded(payment.order,
-                                        user=self.request.user if self.request.user.is_authenticated else None,
-                                        auth=self.request.auth)
-                else:
-                    payment.order.status = Order.STATUS_PENDING
-                    payment.order.set_expires(
-                        now(),
-                        payment.order.event.subevents.filter(
-                            id__in=payment.order.positions.values_list('subevent_id', flat=True))
-                    )
-                    payment.order.save(update_fields=['status', 'expires'])
-            return Response(OrderRefundSerializer(r).data, status=status.HTTP_200_OK)
-
-    @detail_route(methods=['POST'])
-    def cancel(self, request, **kwargs):
-        payment = self.get_object()
-
-        if payment.state not in (OrderPayment.PAYMENT_STATE_PENDING, OrderPayment.PAYMENT_STATE_CREATED):
-            return Response({'detail': 'Invalid state of payment'}, status=status.HTTP_400_BAD_REQUEST)
-
-        with transaction.atomic():
-            payment.state = OrderPayment.PAYMENT_STATE_CANCELED
-            payment.save()
-            payment.order.log_action('pretix.event.order.payment.canceled', {
-                'local_id': payment.local_id,
-                'provider': payment.provider,
-            }, user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
-        return self.retrieve(request, [], **kwargs)
-
-
-class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
-    serializer_class = OrderRefundSerializer
-    queryset = OrderRefund.objects.none()
-    permission = 'can_view_orders'
-    write_permission = 'can_change_orders'
-    lookup_field = 'local_id'
-
-    def get_queryset(self):
-        order = get_object_or_404(Order, code=self.kwargs['order'], event=self.request.event)
-        return order.refunds.all()
-
-    @detail_route(methods=['POST'])
-    def cancel(self, request, **kwargs):
-        refund = self.get_object()
-
-        if refund.state not in (OrderRefund.REFUND_STATE_CREATED, OrderRefund.REFUND_STATE_TRANSIT,
-                                OrderRefund.REFUND_STATE_EXTERNAL):
-            return Response({'detail': 'Invalid state of refund'}, status=status.HTTP_400_BAD_REQUEST)
-
-        with transaction.atomic():
-            refund.state = OrderRefund.REFUND_STATE_CANCELED
-            refund.save()
-            refund.order.log_action('pretix.event.order.refund.canceled', {
-                'local_id': refund.local_id,
-                'provider': refund.provider,
-            }, user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
-        return self.retrieve(request, [], **kwargs)
-
-    @detail_route(methods=['POST'])
-    def process(self, request, **kwargs):
-        refund = self.get_object()
-
-        if refund.state != OrderRefund.REFUND_STATE_EXTERNAL:
-            return Response({'detail': 'Invalid state of refund'}, status=status.HTTP_400_BAD_REQUEST)
-
-        refund.done(user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
-        if 'mark_refunded' in request.data:
-            mark_refunded = request.data.get('mark_refunded', False)
-        else:
-            mark_refunded = request.data.get('mark_canceled', False)
-        if mark_refunded:
-            mark_order_refunded(refund.order, user=self.request.user if self.request.user.is_authenticated else None,
-                                auth=self.request.auth)
-        elif not (refund.order.status == Order.STATUS_PAID and refund.order.pending_sum <= 0):
-            refund.order.status = Order.STATUS_PENDING
-            refund.order.set_expires(
-                now(),
-                refund.order.event.subevents.filter(
-                    id__in=refund.order.positions.values_list('subevent_id', flat=True))
-            )
-            refund.order.save(update_fields=['status', 'expires'])
-        return self.retrieve(request, [], **kwargs)
-
-    @detail_route(methods=['POST'])
-    def done(self, request, **kwargs):
-        refund = self.get_object()
-
-        if refund.state not in (OrderRefund.REFUND_STATE_CREATED, OrderRefund.REFUND_STATE_TRANSIT):
-            return Response({'detail': 'Invalid state of refund'}, status=status.HTTP_400_BAD_REQUEST)
-
-        refund.done(user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)
-        return self.retrieve(request, [], **kwargs)
-
-    def get_serializer_context(self):
-        ctx = super().get_serializer_context()
-        ctx['order'] = get_object_or_404(Order, code=self.kwargs['order'], event=self.request.event)
-        return ctx
-
-    def create(self, request, *args, **kwargs):
-        if 'mark_refunded' in request.data:
-            mark_refunded = request.data.pop('mark_refunded', False)
-        else:
-            mark_refunded = request.data.pop('mark_canceled', False)
-        serializer = OrderRefundCreateSerializer(data=request.data, context=self.get_serializer_context())
-        serializer.is_valid(raise_exception=True)
-        with transaction.atomic():
-            self.perform_create(serializer)
-            r = serializer.instance
-            serializer = OrderRefundSerializer(r, context=serializer.context)
-
-            r.order.log_action(
-                'pretix.event.order.refund.created', {
-                    'local_id': r.local_id,
-                    'provider': r.provider,
-                },
-                user=request.user if request.user.is_authenticated else None,
-                auth=request.auth
-            )
-            if mark_refunded:
-                mark_order_refunded(
-                    r.order,
-                    user=request.user if request.user.is_authenticated else None,
-                    auth=(request.auth if request.auth else None),
-                )
-
-        headers = self.get_success_headers(serializer.data)
-        return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
-
-    def perform_create(self, serializer):
-        serializer.save()
-
 
 class InvoiceFilter(FilterSet):
     refers = django_filters.CharFilter(method='refers_qs')
     number = django_filters.CharFilter(method='nr_qs')
-    order = django_filters.CharFilter(field_name='order', lookup_expr='code__iexact')
+    order = django_filters.CharFilter(name='order', lookup_expr='code__iexact')
 
     def refers_qs(self, queryset, name, value):
         return queryset.annotate(
@@ -766,7 +396,7 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('nr',)
     ordering_fields = ('nr', 'date')
-    filterset_class = InvoiceFilter
+    filter_class = InvoiceFilter
     permission = 'can_view_orders'
     lookup_url_kwarg = 'number'
     lookup_field = 'nr'
@@ -823,7 +453,7 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
             raise PermissionDenied('The invoice file is no longer stored on the server.')
         else:
             c = generate_cancellation(inv)
-            if inv.order.status != Order.STATUS_CANCELED:
+            if inv.order.status not in (Order.STATUS_CANCELED, Order.STATUS_REFUNDED):
                 inv = generate_invoice(inv.order)
             else:
                 inv = c

src/pretix/api/views/organizer.py

@@ -12,7 +12,7 @@ class OrganizerViewSet(viewsets.ReadOnlyModelViewSet):
     lookup_url_kwarg = 'organizer'
 
     def get_queryset(self):
-        if self.request.user.is_authenticated:
+        if self.request.user.is_authenticated():
             if self.request.user.has_active_staff_session(self.request.session.session_key):
                 return Organizer.objects.all()
             elif isinstance(self.request.auth, OAuthAccessToken):
@@ -23,7 +23,5 @@ class OrganizerViewSet(viewsets.ReadOnlyModelViewSet):
                 )
             else:
                 return Organizer.objects.filter(pk__in=self.request.user.teams.values_list('organizer', flat=True))
-        elif hasattr(self.request.auth, 'organizer_id'):
-            return Organizer.objects.filter(pk=self.request.auth.organizer_id)
         else:
             return Organizer.objects.filter(pk=self.request.auth.team.organizer_id)

src/pretix/api/views/user.py

@@ -1,16 +0,0 @@
-from oauth2_provider.contrib.rest_framework import OAuth2Authentication
-from rest_framework.authentication import SessionAuthentication
-from rest_framework.response import Response
-from rest_framework.views import APIView
-
-
-class MeView(APIView):
-    authentication_classes = (SessionAuthentication, OAuth2Authentication)
-
-    def get(self, request, format=None):
-        return Response({
-            'email': request.user.email,
-            'fullname': request.user.fullname,
-            'locale': request.user.locale,
-            'timezone': request.user.timezone
-        })

src/pretix/api/views/voucher.py

@@ -1,16 +1,11 @@
-import contextlib
-
-from django.db import transaction
 from django.db.models import F, Q
 from django.utils.timezone import now
 from django_filters.rest_framework import (
     BooleanFilter, DjangoFilterBackend, FilterSet,
 )
-from rest_framework import status, viewsets
-from rest_framework.decorators import list_route
+from rest_framework import viewsets
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import OrderingFilter
-from rest_framework.response import Response
 
 from pretix.api.serializers.voucher import VoucherSerializer
 from pretix.base.models import Voucher
@@ -39,36 +34,15 @@ class VoucherViewSet(viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('id',)
     ordering_fields = ('id', 'code', 'max_usages', 'valid_until', 'value')
-    filterset_class = VoucherFilter
+    filter_class = VoucherFilter
     permission = 'can_view_vouchers'
     write_permission = 'can_change_vouchers'
 
     def get_queryset(self):
         return self.request.event.vouchers.all()
 
-    def _predict_quota_check(self, data, instance):
-        # This method predicts if Voucher.clean_quota_needs_checking
-        # *migh* later require a quota check. It is only approximate
-        # and returns True a little too often. The point is to avoid
-        # locks when we know we won't need them.
-        if 'allow_ignore_quota' in data and data.get('allow_ignore_quota'):
-            return False
-        if instance and 'allow_ignore_quota' not in data and instance.allow_ignore_quota:
-            return False
-
-        if 'block_quota' in data and not data.get('block_quota'):
-            return False
-        if instance and 'block_quota' not in data and not instance.block_quota:
-            return False
-
-        return True
-
     def create(self, request, *args, **kwargs):
-        if self._predict_quota_check(request.data, None):
-            lockfn = request.event.lock
-        else:
-            lockfn = contextlib.suppress  # noop context manager
-        with lockfn():
+        with request.event.lock():
             return super().create(request, *args, **kwargs)
 
     def perform_create(self, serializer):
@@ -86,11 +60,7 @@ class VoucherViewSet(viewsets.ModelViewSet):
         return ctx
 
     def update(self, request, *args, **kwargs):
-        if self._predict_quota_check(request.data, self.get_object()):
-            lockfn = request.event.lock
-        else:
-            lockfn = contextlib.suppress  # noop context manager
-        with lockfn():
+        with request.event.lock():
             return super().update(request, *args, **kwargs)
 
     def perform_update(self, serializer):
@@ -112,24 +82,3 @@ class VoucherViewSet(viewsets.ModelViewSet):
             auth=self.request.auth,
         )
         super().perform_destroy(instance)
-
-    @list_route(methods=['POST'])
-    def batch_create(self, request, *args, **kwargs):
-        if any(self._predict_quota_check(d, None) for d in request.data):
-            lockfn = request.event.lock
-        else:
-            lockfn = contextlib.suppress  # noop context manager
-        with lockfn():
-            serializer = self.get_serializer(data=request.data, many=True)
-            serializer.is_valid(raise_exception=True)
-            with transaction.atomic():
-                serializer.save(event=self.request.event)
-                for i, v in enumerate(serializer.instance):
-                    v.log_action(
-                        'pretix.voucher.added',
-                        user=self.request.user,
-                        auth=self.request.auth,
-                        data=self.request.data[i]
-                    )
-        headers = self.get_success_headers(serializer.data)
-        return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)

src/pretix/api/views/waitinglist.py

@@ -28,7 +28,7 @@ class WaitingListViewSet(viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('created',)
     ordering_fields = ('id', 'created', 'email', 'item')
-    filterset_class = WaitingListFilter
+    filter_class = WaitingListFilter
     permission = 'can_view_orders'
     write_permission = 'can_change_orders'
 

src/pretix/api/views/webhooks.py

@@ -1,49 +0,0 @@
-from rest_framework import viewsets
-
-from pretix.api.models import WebHook
-from pretix.api.serializers.webhooks import WebHookSerializer
-from pretix.helpers.dicts import merge_dicts
-
-
-class WebHookViewSet(viewsets.ModelViewSet):
-    serializer_class = WebHookSerializer
-    queryset = WebHook.objects.none()
-    permission = 'can_change_organizer_settings'
-    write_permission = 'can_change_organizer_settings'
-
-    def get_queryset(self):
-        return self.request.organizer.webhooks.prefetch_related('listeners')
-
-    def get_serializer_context(self):
-        ctx = super().get_serializer_context()
-        ctx['organizer'] = self.request.organizer
-        return ctx
-
-    def perform_create(self, serializer):
-        inst = serializer.save(organizer=self.request.organizer)
-        self.request.organizer.log_action(
-            'pretix.webhook.created',
-            user=self.request.user,
-            auth=self.request.auth,
-            data=merge_dicts(self.request.data, {'id': inst.pk})
-        )
-
-    def perform_update(self, serializer):
-        inst = serializer.save(organizer=self.request.organizer)
-        self.request.organizer.log_action(
-            'pretix.webhook.changed',
-            user=self.request.user,
-            auth=self.request.auth,
-            data=merge_dicts(self.request.data, {'id': serializer.instance.pk})
-        )
-        return inst
-
-    def perform_destroy(self, instance):
-        self.request.organizer.log_action(
-            'pretix.webhook.changed',
-            user=self.request.user,
-            auth=self.request.auth,
-            data={'id': instance.pk, 'enabled': False}
-        )
-        instance.enabled = False
-        instance.save(update_fields=['enabled'])

src/pretix/api/webhooks.py

@@ -1,253 +0,0 @@
-import json
-import logging
-import time
-from collections import OrderedDict
-
-import requests
-from celery.exceptions import MaxRetriesExceededError
-from django.db.models import Exists, OuterRef, Q
-from django.dispatch import receiver
-from django.utils.translation import ugettext_lazy as _
-from requests import RequestException
-
-from pretix.api.models import WebHook, WebHookCall, WebHookEventListener
-from pretix.api.signals import register_webhook_events
-from pretix.base.models import LogEntry
-from pretix.base.services.tasks import ProfiledTask, TransactionAwareTask
-from pretix.celery_app import app
-
-logger = logging.getLogger(__name__)
-_ALL_EVENTS = None
-
-
-class WebhookEvent:
-    def __init__(self):
-        pass
-
-    def __repr__(self):
-        return '<WebhookEvent: {}>'.format(self.action_type)
-
-    @property
-    def action_type(self) -> str:
-        """
-        The action_type string that this notification handles, for example
-        ``"pretix.event.order.paid"``. Only one notification type should be registered
-        per action type.
-        """
-        raise NotImplementedError()  # NOQA
-
-    @property
-    def verbose_name(self) -> str:
-        """
-        A human-readable name of this notification type.
-        """
-        raise NotImplementedError()  # NOQA
-
-    def build_payload(self, logentry: LogEntry) -> dict:
-        """
-        This is the main function that you should override. It is supposed to turn a log entry
-        object into a dictionary that can be used as the webhook payload.
-        """
-        raise NotImplementedError()  # NOQA
-
-
-def get_all_webhook_events():
-    global _ALL_EVENTS
-
-    if _ALL_EVENTS:
-        return _ALL_EVENTS
-
-    types = OrderedDict()
-    for recv, ret in register_webhook_events.send(None):
-        if isinstance(ret, (list, tuple)):
-            for r in ret:
-                types[r.action_type] = r
-        else:
-            types[ret.action_type] = ret
-    _ALL_EVENTS = types
-    return types
-
-
-class ParametrizedOrderWebhookEvent(WebhookEvent):
-    def __init__(self, action_type, verbose_name):
-        self._action_type = action_type
-        self._verbose_name = verbose_name
-        super().__init__()
-
-    @property
-    def action_type(self):
-        return self._action_type
-
-    @property
-    def verbose_name(self):
-        return self._verbose_name
-
-    def build_payload(self, logentry: LogEntry):
-        order = logentry.content_object
-
-        return {
-            'notification_id': logentry.pk,
-            'organizer': order.event.organizer.slug,
-            'event': order.event.slug,
-            'code': order.code,
-            'action': logentry.action_type,
-        }
-
-
-class ParametrizedOrderPositionWebhookEvent(ParametrizedOrderWebhookEvent):
-
-    def build_payload(self, logentry: LogEntry):
-        d = super().build_payload(logentry)
-        d['orderposition_id'] = logentry.parsed_data.get('position')
-        d['orderposition_positionid'] = logentry.parsed_data.get('positionid')
-        d['checkin_list'] = logentry.parsed_data.get('list')
-        d['first_checkin'] = logentry.parsed_data.get('first_checkin')
-        return d
-
-
-@receiver(register_webhook_events, dispatch_uid="base_register_default_webhook_events")
-def register_default_webhook_events(sender, **kwargs):
-    return (
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.placed',
-            _('New order placed'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.placed.require_approval',
-            _('New order requires approval'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.paid',
-            _('Order marked as paid'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.canceled',
-            _('Order canceled'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.expired',
-            _('Order expired'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.modified',
-            _('Order information changed'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.contact.changed',
-            _('Order contact address changed'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.changed.*',
-            _('Order changed'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.refund.created.externally',
-            _('External refund of payment'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.approved',
-            _('Order approved'),
-        ),
-        ParametrizedOrderWebhookEvent(
-            'pretix.event.order.denied',
-            _('Order denied'),
-        ),
-        ParametrizedOrderPositionWebhookEvent(
-            'pretix.event.checkin',
-            _('Ticket checked in'),
-        ),
-        ParametrizedOrderPositionWebhookEvent(
-            'pretix.event.checkin.reverted',
-            _('Ticket check-in reverted'),
-        ),
-    )
-
-
-@app.task(base=TransactionAwareTask)
-def notify_webhooks(logentry_id: int):
-    logentry = LogEntry.all.get(id=logentry_id)
-
-    if not logentry.organizer:
-        return  # We need to know the organizer
-
-    types = get_all_webhook_events()
-    notification_type = None
-    typepath = logentry.action_type
-    while not notification_type and '.' in typepath:
-        notification_type = types.get(typepath + ('.*' if typepath != logentry.action_type else ''))
-        typepath = typepath.rsplit('.', 1)[0]
-
-    if not notification_type:
-        return  # Ignore, no webhooks for this event type
-
-    # All webhooks that registered for this notification
-    event_listener = WebHookEventListener.objects.filter(
-        webhook=OuterRef('pk'),
-        action_type=notification_type.action_type
-    )
-
-    webhooks = WebHook.objects.annotate(has_el=Exists(event_listener)).filter(
-        organizer=logentry.organizer,
-        has_el=True,
-        enabled=True
-    )
-    if logentry.event_id:
-        webhooks = webhooks.filter(
-            Q(all_events=True) | Q(limit_events__pk=logentry.event_id)
-        )
-
-    for wh in webhooks:
-        send_webhook.apply_async(args=(logentry_id, notification_type.action_type, wh.pk))
-
-
-@app.task(base=ProfiledTask, bind=True, max_retries=9)
-def send_webhook(self, logentry_id: int, action_type: str, webhook_id: int):
-    # 9 retries with 2**(2*x) timing is roughly 72 hours
-    logentry = LogEntry.all.get(id=logentry_id)
-    webhook = WebHook.objects.get(id=webhook_id)
-
-    types = get_all_webhook_events()
-    event_type = types.get(action_type)
-    if not event_type or not webhook.enabled:
-        return  # Ignore, e.g. plugin not installed
-
-    payload = event_type.build_payload(logentry)
-    t = time.time()
-
-    try:
-        try:
-            resp = requests.post(
-                webhook.target_url,
-                json=payload,
-                allow_redirects=False
-            )
-            WebHookCall.objects.create(
-                webhook=webhook,
-                action_type=logentry.action_type,
-                target_url=webhook.target_url,
-                is_retry=self.request.retries > 0,
-                execution_time=time.time() - t,
-                return_code=resp.status_code,
-                payload=json.dumps(payload),
-                response_body=resp.text[:1024 * 1024],
-                success=200 <= resp.status_code <= 299
-            )
-            if resp.status_code == 410:
-                webhook.enabled = False
-                webhook.save()
-            elif resp.status_code > 299:
-                raise self.retry(countdown=2 ** (self.request.retries * 2))
-        except RequestException as e:
-            WebHookCall.objects.create(
-                webhook=webhook,
-                action_type=logentry.action_type,
-                target_url=webhook.target_url,
-                is_retry=self.request.retries > 0,
-                execution_time=time.time() - t,
-                return_code=0,
-                payload=json.dumps(payload),
-                response_body=str(e)[:1024 * 1024]
-            )
-            raise self.retry(countdown=2 ** (self.request.retries * 2))
-    except MaxRetriesExceededError:
-        pass

src/pretix/base/__init__.py

@@ -12,7 +12,6 @@ class PretixBaseConfig(AppConfig):
         from . import exporters  # NOQA
         from . import invoice  # NOQA
         from . import notifications  # NOQA
-        from . import email  # NOQA
         from .services import auth, export, mail, tickets, cart, orders, invoices, cleanup, update_check, quotas, notifications  # NOQA
 
         try:

src/pretix/base/channels.py

@@ -1,66 +0,0 @@
-import logging
-from collections import OrderedDict
-
-from django.dispatch import receiver
-from django.utils.translation import ugettext_lazy as _
-
-from pretix.base.signals import register_sales_channels
-
-logger = logging.getLogger(__name__)
-_ALL_CHANNELS = None
-
-
-class SalesChannel:
-    def __repr__(self):
-        return '<SalesChannel: {}>'.format(self.identifier)
-
-    @property
-    def identifier(self) -> str:
-        """
-        The internal identifier of this sales channel.
-        """
-        raise NotImplementedError()  # NOQA
-
-    @property
-    def verbose_name(self) -> str:
-        """
-        A human-readable name of this sales channel.
-        """
-        raise NotImplementedError()  # NOQA
-
-    @property
-    def icon(self) -> str:
-        """
-        The name of a Font Awesome icon to represent this channel
-        """
-        return "circle"
-
-
-def get_all_sales_channels():
-    global _ALL_CHANNELS
-
-    if _ALL_CHANNELS:
-        return _ALL_CHANNELS
-
-    types = OrderedDict()
-    for recv, ret in register_sales_channels.send(None):
-        if isinstance(ret, (list, tuple)):
-            for r in ret:
-                types[r.identifier] = r
-        else:
-            types[ret.identifier] = ret
-    _ALL_CHANNELS = types
-    return types
-
-
-class WebshopSalesChannel(SalesChannel):
-    identifier = "web"
-    verbose_name = _('Online shop')
-    icon = "globe"
-
-
-@receiver(register_sales_channels, dispatch_uid="base_register_default_sales_channels")
-def base_sales_channels(sender, **kwargs):
-    return (
-        WebshopSalesChannel(),
-    )

src/pretix/base/email.py

@@ -1,18 +1,7 @@
 import logging
-from smtplib import SMTPResponseException
+from smtplib import SMTPRecipientsRefused, SMTPSenderRefused
 
-import bleach
-import markdown
-from django.conf import settings
 from django.core.mail.backends.smtp import EmailBackend
-from django.dispatch import receiver
-from django.template.loader import get_template
-from django.utils.translation import ugettext_lazy as _
-from inlinestyler.utils import inline_css
-
-from pretix.base.models import Event, Order
-from pretix.base.signals import register_html_mail_renderers
-from pretix.base.templatetags.rich_text import markdown_compile
 
 logger = logging.getLogger('pretix.base.email')
 
@@ -23,113 +12,15 @@ class CustomSMTPBackend(EmailBackend):
         try:
             self.open()
             self.connection.ehlo_or_helo_if_needed()
+            self.connection.rcpt("test@example.org")
             (code, resp) = self.connection.mail(from_addr, [])
             if code != 250:
                 logger.warn('Error testing mail settings, code %d, resp: %s' % (code, resp))
-                raise SMTPResponseException(code, resp)
-            (code, resp) = self.connection.rcpt('testdummy@pretix.eu')
+                raise SMTPSenderRefused(code, resp, from_addr)
+            senderrs = {}
+            (code, resp) = self.connection.rcpt('test@example.com')
             if (code != 250) and (code != 251):
                 logger.warn('Error testing mail settings, code %d, resp: %s' % (code, resp))
-                raise SMTPResponseException(code, resp)
+                raise SMTPRecipientsRefused(senderrs)
         finally:
             self.close()
-
-
-class BaseHTMLMailRenderer:
-    """
-    This is the base class for all HTML e-mail renderers.
-    """
-
-    def __init__(self, event: Event):
-        self.event = event
-
-    def __str__(self):
-        return self.identifier
-
-    def render(self, plain_body: str, plain_signature: str, subject: str, order: Order=None) -> str:
-        """
-        This method should generate the HTML part of the email.
-
-        :param plain_body: The body of the email in plain text.
-        :param plain_signature: The signature with event organizer contact details in plain text.
-        :param subject: The email subject.
-        :param order: The order if this email is connected to one, otherwise ``None``.
-        :return: An HTML string
-        """
-        raise NotImplementedError()
-
-    @property
-    def verbose_name(self) -> str:
-        """
-        A human-readable name for this renderer. This should be short but self-explanatory.
-        """
-        raise NotImplementedError()  # NOQA
-
-    @property
-    def identifier(self) -> str:
-        """
-        A short and unique identifier for this renderer.
-        This should only contain lowercase letters and in most cases will be the same as your package name or prefixed
-        with your package name.
-        """
-        raise NotImplementedError()  # NOQA
-
-    @property
-    def thumbnail_filename(self) -> str:
-        """
-        A file name discoverable in the static file storage that contains a preview of your renderer. This should
-        be with aspect resolution 4:3.
-        """
-        raise NotImplementedError()  # NOQA
-
-    @property
-    def is_available(self) -> bool:
-        """
-        This renderer will only be available if this returns ``True``. You can use this to limit this renderer
-        to certain events. Defaults to ``True``.
-        """
-        return True
-
-
-class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
-
-    @property
-    def template_name(self):
-        raise NotImplementedError()
-
-    def render(self, plain_body: str, plain_signature: str, subject: str, order: Order) -> str:
-        body_md = bleach.linkify(markdown_compile(plain_body))
-        htmlctx = {
-            'site': settings.PRETIX_INSTANCE_NAME,
-            'site_url': settings.SITE_URL,
-            'body': body_md,
-            'subject': str(subject),
-            'color': '#8E44B3'
-        }
-        if self.event:
-            htmlctx['event'] = self.event
-            htmlctx['color'] = self.event.settings.primary_color
-
-        if plain_signature:
-            signature_md = plain_signature.replace('\n', '<br>\n')
-            signature_md = bleach.linkify(bleach.clean(markdown.markdown(signature_md), tags=bleach.ALLOWED_TAGS + ['p', 'br']))
-            htmlctx['signature'] = signature_md
-
-        if order:
-            htmlctx['order'] = order
-
-        tpl = get_template(self.template_name)
-        body_html = inline_css(tpl.render(htmlctx))
-        return body_html
-
-
-class ClassicMailRenderer(TemplateBasedMailRenderer):
-    verbose_name = _('pretix default')
-    identifier = 'classic'
-    thumbnail_filename = 'pretixbase/email/thumb.png'
-    template_name = 'pretixbase/email/plainwrapper.html'
-
-
-@receiver(register_html_mail_renderers, dispatch_uid="pretixbase_email_renderers")
-def base_renderers(sender, **kwargs):
-    return [ClassicMailRenderer]

src/pretix/base/exporter.py

@@ -1,14 +1,5 @@
-import io
-import tempfile
-from collections import OrderedDict
 from typing import Tuple
 
-from defusedcsv import csv
-from django import forms
-from django.utils.translation import ugettext, ugettext_lazy as _
-from openpyxl import Workbook
-from openpyxl.cell.cell import KNOWN_TYPES
-
 
 class BaseExporter:
     """
@@ -64,7 +55,7 @@ class BaseExporter:
         """
         return {}
 
-    def render(self, form_data: dict) -> Tuple[str, str, bytes]:
+    def render(self, form_data: dict) -> Tuple[str, str, str]:
         """
         Render the exported file and return a tuple consisting of a filename, a file type
         and file content.
@@ -78,138 +69,3 @@ class BaseExporter:
         tasks.
         """
         raise NotImplementedError()  # NOQA
-
-
-class ListExporter(BaseExporter):
-
-    @property
-    def export_form_fields(self) -> dict:
-        ff = OrderedDict(
-            [
-                ('_format',
-                 forms.ChoiceField(
-                     label=_('Export format'),
-                     choices=(
-                         ('xlsx', _('Excel (.xlsx)')),
-                         ('default', _('CSV (with commas)')),
-                         ('excel', _('CSV (Excel-style)')),
-                         ('semicolon', _('CSV (with semicolons)')),
-                     ),
-                 )),
-            ]
-        )
-        ff.update(self.additional_form_fields)
-        return ff
-
-    @property
-    def additional_form_fields(self) -> dict:
-        return {}
-
-    def iterate_list(self, form_data):
-        raise NotImplementedError()  # noqa
-
-    def get_filename(self):
-        return 'export.csv'
-
-    def _render_csv(self, form_data, **kwargs):
-        output = io.StringIO()
-        writer = csv.writer(output, **kwargs)
-        for line in self.iterate_list(form_data):
-            writer.writerow(line)
-        return self.get_filename() + '.csv', 'text/csv', output.getvalue().encode("utf-8")
-
-    def _render_xlsx(self, form_data):
-        wb = Workbook()
-        ws = wb.get_active_sheet()
-        try:
-            ws.title = str(self.verbose_name)
-        except:
-            pass
-        for i, line in enumerate(self.iterate_list(form_data)):
-            for j, val in enumerate(line):
-                ws.cell(row=i + 1, column=j + 1).value = str(val) if not isinstance(val, KNOWN_TYPES) else val
-
-        with tempfile.NamedTemporaryFile(suffix='.xlsx') as f:
-            wb.save(f.name)
-            f.seek(0)
-            return self.get_filename() + '.xlsx', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', f.read()
-
-    def render(self, form_data: dict) -> Tuple[str, str, bytes]:
-        if form_data.get('_format') == 'xlsx':
-            return self._render_xlsx(form_data)
-        elif form_data.get('_format') == 'default':
-            return self._render_csv(form_data, quoting=csv.QUOTE_NONNUMERIC, delimiter=',')
-        elif form_data.get('_format') == 'csv-excel':
-            return self._render_csv(form_data, dialect='excel')
-        elif form_data.get('_format') == 'semicolon':
-            return self._render_csv(form_data, dialect='excel', delimiter=';')
-
-
-class MultiSheetListExporter(ListExporter):
-
-    @property
-    def sheets(self):
-        raise NotImplementedError()
-
-    @property
-    def export_form_fields(self) -> dict:
-        choices = [
-            ('xlsx', _('Combined Excel (.xlsx)')),
-        ]
-        for s, l in self.sheets:
-            choices += [
-                (s + ':default', str(l) + ' – ' + ugettext('CSV (with commas)')),
-                (s + ':excel', str(l) + ' – ' + ugettext('CSV (Excel-style)')),
-                (s + ':semicolon', str(l) + ' – ' + ugettext('CSV (with semicolons)')),
-            ]
-        ff = OrderedDict(
-            [
-                ('_format',
-                 forms.ChoiceField(
-                     label=_('Export format'),
-                     choices=choices,
-                 )),
-            ]
-        )
-        ff.update(self.additional_form_fields)
-        return ff
-
-    def iterate_list(self, form_data):
-        pass
-
-    def iterate_sheet(self, form_data, sheet):
-        raise NotImplementedError()  # noqa
-
-    def _render_sheet_csv(self, form_data, sheet, **kwargs):
-        output = io.StringIO()
-        writer = csv.writer(output, **kwargs)
-        for line in self.iterate_sheet(form_data, sheet):
-            writer.writerow(line)
-        return self.get_filename() + '.csv', 'text/csv', output.getvalue().encode("utf-8")
-
-    def _render_xlsx(self, form_data):
-        wb = Workbook()
-        ws = wb.get_active_sheet()
-        wb.remove(ws)
-        for s, l in self.sheets:
-            ws = wb.create_sheet(str(l))
-            for i, line in enumerate(self.iterate_sheet(form_data, sheet=s)):
-                for j, val in enumerate(line):
-                    ws.cell(row=i + 1, column=j + 1).value = str(val) if not isinstance(val, KNOWN_TYPES) else val
-
-        with tempfile.NamedTemporaryFile(suffix='.xlsx') as f:
-            wb.save(f.name)
-            f.seek(0)
-            return self.get_filename() + '.xlsx', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', f.read()
-
-    def render(self, form_data: dict) -> Tuple[str, str, bytes]:
-        if form_data.get('_format') == 'xlsx':
-            return self._render_xlsx(form_data)
-        elif ':' in form_data.get('_format'):
-            sheet, f = form_data.get('_format').split(':')
-            if f == 'default':
-                return self._render_sheet_csv(form_data, sheet, quoting=csv.QUOTE_NONNUMERIC, delimiter=',')
-            elif f == 'excel':
-                return self._render_sheet_csv(form_data, sheet, dialect='excel')
-            elif f == 'semicolon':
-                return self._render_sheet_csv(form_data, sheet, dialect='excel', delimiter=';')

src/pretix/base/exporters/invoices.py

@@ -5,12 +5,9 @@ from zipfile import ZipFile
 
 import dateutil.parser
 from django import forms
-from django.db.models import Exists, OuterRef, Q
 from django.dispatch import receiver
 from django.utils.translation import ugettext_lazy as _
 
-from pretix.base.models import OrderPayment
-
 from ..exporter import BaseExporter
 from ..services.invoices import invoice_pdf_task
 from ..signals import register_data_exporters
@@ -24,14 +21,7 @@ class InvoiceExporter(BaseExporter):
         qs = self.event.invoices.filter(shredded=False)
 
         if form_data.get('payment_provider'):
-            qs = qs.annotate(
-                has_payment_with_provider=Exists(
-                    OrderPayment.objects.filter(
-                        Q(order=OuterRef('order_id')) & Q(provider=form_data.get('payment_provider'))
-                    )
-                )
-            )
-            qs = qs.filter(has_payment_with_provider=1)
+            qs = qs.filter(order__payment_provider=form_data.get('payment_provider'))
 
         if form_data.get('date_from'):
             date_value = form_data.get('date_from')
@@ -94,10 +84,10 @@ class InvoiceExporter(BaseExporter):
                          (k, v.verbose_name) for k, v in self.event.get_payment_providers().items()
                      ],
                      required=False,
-                     help_text=_('Only include invoices for orders that have at least one payment attempt '
-                                 'with this payment provider. '
-                                 'Note that this might include some invoices of orders which in the end have been '
-                                 'fully or partially paid with a different provider.')
+                     help_text=_('Only include invoices for orders that are currently set to this payment provider. '
+                                 'Note that this might include some invoices of other payment providers or misses '
+                                 'some invoices if the payment provider of an order has been changed and a new invoice '
+                                 'has been generated.')
                  )),
             ]
         )

src/pretix/base/exporters/json.py

@@ -10,7 +10,7 @@ from ..signals import register_data_exporters
 
 class JSONExporter(BaseExporter):
     identifier = 'json'
-    verbose_name = 'Order data (JSON)'
+    verbose_name = 'JSON'
 
     def render(self, form_data):
         jo = {

src/pretix/base/exporters/orderlist.py

@@ -1,37 +1,28 @@
+import io
 from collections import OrderedDict
 from decimal import Decimal
 
 import pytz
+from defusedcsv import csv
 from django import forms
-from django.db.models import DateTimeField, F, Max, OuterRef, Subquery, Sum
+from django.db.models import Sum
 from django.dispatch import receiver
-from django.utils.formats import date_format, localize
+from django.utils.formats import localize
 from django.utils.translation import ugettext as _, ugettext_lazy
 
-from pretix.base.models import (
-    InvoiceAddress, InvoiceLine, Order, OrderPosition,
-)
-from pretix.base.models.orders import OrderFee, OrderPayment, OrderRefund
-from pretix.base.settings import PERSON_NAME_SCHEMES
+from pretix.base.models import InvoiceAddress, Order, OrderPosition
+from pretix.base.models.orders import OrderFee
 
-from ..exporter import ListExporter, MultiSheetListExporter
+from ..exporter import BaseExporter
 from ..signals import register_data_exporters
 
 
-class OrderListExporter(MultiSheetListExporter):
-    identifier = 'orderlist'
-    verbose_name = ugettext_lazy('Order data')
+class OrderListExporter(BaseExporter):
+    identifier = 'orderlistcsv'
+    verbose_name = ugettext_lazy('List of orders (CSV)')
 
     @property
-    def sheets(self):
-        return (
-            ('orders', _('Orders')),
-            ('positions', _('Order positions')),
-            ('fees', _('Order fees')),
-        )
-
-    @property
-    def additional_form_fields(self):
+    def export_form_fields(self):
         return OrderedDict(
             [
                 ('paid_only',
@@ -59,45 +50,20 @@ class OrderListExporter(MultiSheetListExporter):
         tax_rates = sorted(tax_rates)
         return tax_rates
 
-    def iterate_sheet(self, form_data, sheet):
-        if sheet == 'orders':
-            return self.iterate_orders(form_data)
-        elif sheet == 'positions':
-            return self.iterate_positions(form_data)
-        elif sheet == 'fees':
-            return self.iterate_fees(form_data)
-
-    def iterate_orders(self, form_data: dict):
+    def render(self, form_data: dict):
+        output = io.StringIO()
         tz = pytz.timezone(self.event.settings.timezone)
+        writer = csv.writer(output, quoting=csv.QUOTE_NONNUMERIC, delimiter=",")
 
-        p_date = OrderPayment.objects.filter(
-            order=OuterRef('pk'),
-            state__in=(OrderPayment.PAYMENT_STATE_CONFIRMED, OrderPayment.PAYMENT_STATE_REFUNDED),
-            payment_date__isnull=False
-        ).values('order').annotate(
-            m=Max('payment_date')
-        ).values(
-            'm'
-        ).order_by()
-
-        qs = self.event.orders.annotate(
-            payment_date=Subquery(p_date, output_field=DateTimeField())
-        ).select_related('invoice_address').prefetch_related('invoices')
+        qs = self.event.orders.all().select_related('invoice_address').prefetch_related('invoices')
         if form_data['paid_only']:
             qs = qs.filter(status=Order.STATUS_PAID)
         tax_rates = self._get_all_tax_rates(qs)
 
         headers = [
             _('Order code'), _('Order total'), _('Status'), _('Email'), _('Order date'),
-            _('Company'), _('Name'),
-        ]
-        name_scheme = PERSON_NAME_SCHEMES[self.event.settings.name_scheme]
-        if len(name_scheme['fields']) > 1:
-            for k, label, w in name_scheme['fields']:
-                headers.append(label)
-        headers += [
-            _('Address'), _('ZIP code'), _('City'), _('Country'), _('VAT ID'),
-            _('Date of last payment'), _('Fees'), _('Order locale')
+            _('Company'), _('Name'), _('Address'), _('ZIP code'), _('City'), _('Country'), _('VAT ID'),
+            _('Payment date'), _('Payment type'), _('Fees'), _('Order locale')
         ]
 
         for tr in tax_rates:
@@ -109,7 +75,12 @@ class OrderListExporter(MultiSheetListExporter):
 
         headers.append(_('Invoice numbers'))
 
-        yield headers
+        writer.writerow(headers)
+
+        provider_names = {
+            k: v.verbose_name
+            for k, v in self.event.get_payment_providers().items()
+        }
 
         full_fee_sum_cache = {
             o['order__id']: o['grosssum'] for o in
@@ -140,33 +111,25 @@ class OrderListExporter(MultiSheetListExporter):
                 row += [
                     order.invoice_address.company,
                     order.invoice_address.name,
-                ]
-                if len(name_scheme['fields']) > 1:
-                    for k, label, w in name_scheme['fields']:
-                        row.append(
-                            order.invoice_address.name_parts.get(k, '')
-                        )
-                row += [
                     order.invoice_address.street,
                     order.invoice_address.zipcode,
                     order.invoice_address.city,
-                    order.invoice_address.country if order.invoice_address.country else
-                    order.invoice_address.country_old,
+                    order.invoice_address.country if order.invoice_address.country else order.invoice_address.country_old,
                     order.invoice_address.vat_id,
                 ]
             except InvoiceAddress.DoesNotExist:
-                row += [''] * (7 + (len(name_scheme['fields']) if len(name_scheme['fields']) > 1 else 0))
+                row += ['', '', '', '', '', '', '']
 
             row += [
                 order.payment_date.astimezone(tz).strftime('%Y-%m-%d') if order.payment_date else '',
+                provider_names.get(order.payment_provider, order.payment_provider),
                 localize(full_fee_sum_cache.get(order.id) or Decimal('0.00')),
                 order.locale,
             ]
 
             for tr in tax_rates:
                 taxrate_values = sum_cache.get((order.id, tr), {'grosssum': Decimal('0.00'), 'taxsum': Decimal('0.00')})
-                fee_taxrate_values = fee_sum_cache.get((order.id, tr),
-                                                       {'grosssum': Decimal('0.00'), 'taxsum': Decimal('0.00')})
+                fee_taxrate_values = fee_sum_cache.get((order.id, tr), {'grosssum': Decimal('0.00'), 'taxsum': Decimal('0.00')})
 
                 row += [
                     localize(taxrate_values['grosssum'] + fee_taxrate_values['grosssum']),
@@ -176,268 +139,24 @@ class OrderListExporter(MultiSheetListExporter):
                 ]
 
             row.append(', '.join([i.number for i in order.invoices.all()]))
-            yield row
+            writer.writerow(row)
 
-    def iterate_fees(self, form_data: dict):
-        tz = pytz.timezone(self.event.settings.timezone)
-
-        qs = OrderFee.objects.filter(
-            order__event=self.event,
-        ).select_related('order', 'order__invoice_address', 'tax_rule')
-        if form_data['paid_only']:
-            qs = qs.filter(order__status=Order.STATUS_PAID)
-
-        headers = [
-            _('Order code'),
-            _('Status'),
-            _('Email'),
-            _('Order date'),
-            _('Fee type'),
-            _('Description'),
-            _('Price'),
-            _('Tax rate'),
-            _('Tax rule'),
-            _('Tax value'),
-            _('Company'),
-            _('Invoice address name'),
-        ]
-        name_scheme = PERSON_NAME_SCHEMES[self.event.settings.name_scheme]
-        if len(name_scheme['fields']) > 1:
-            for k, label, w in name_scheme['fields']:
-                headers.append(_('Invoice address name') + ': ' + str(label))
-        headers += [
-            _('Address'), _('ZIP code'), _('City'), _('Country'), _('VAT ID'),
-        ]
-
-        yield headers
-
-        for op in qs.order_by('order__datetime'):
-            order = op.order
-            row = [
-                order.code,
-                order.get_status_display(),
-                order.email,
-                order.datetime.astimezone(tz).strftime('%Y-%m-%d'),
-                op.get_fee_type_display(),
-                op.description,
-                op.value,
-                op.tax_rate,
-                str(op.tax_rule) if op.tax_rule else '',
-                op.tax_value,
-            ]
-            try:
-                row += [
-                    order.invoice_address.company,
-                    order.invoice_address.name,
-                ]
-                if len(name_scheme['fields']) > 1:
-                    for k, label, w in name_scheme['fields']:
-                        row.append(
-                            order.invoice_address.name_parts.get(k, '')
-                        )
-                row += [
-                    order.invoice_address.street,
-                    order.invoice_address.zipcode,
-                    order.invoice_address.city,
-                    order.invoice_address.country if order.invoice_address.country else
-                    order.invoice_address.country_old,
-                    order.invoice_address.vat_id,
-                ]
-            except InvoiceAddress.DoesNotExist:
-                row += [''] * (7 + (len(name_scheme['fields']) if len(name_scheme['fields']) > 1 else 0))
-            yield row
-
-    def iterate_positions(self, form_data: dict):
-        tz = pytz.timezone(self.event.settings.timezone)
-
-        qs = OrderPosition.objects.filter(
-            order__event=self.event,
-        ).select_related(
-            'order', 'order__invoice_address', 'item', 'variation',
-            'voucher', 'tax_rule'
-        ).prefetch_related(
-            'answers', 'answers__question'
-        )
-        if form_data['paid_only']:
-            qs = qs.filter(order__status=Order.STATUS_PAID)
-
-        headers = [
-            _('Order code'),
-            _('Position ID'),
-            _('Status'),
-            _('Email'),
-            _('Order date'),
-            _('Product'),
-            _('Variation'),
-            _('Price'),
-            _('Tax rate'),
-            _('Tax rule'),
-            _('Tax value'),
-            _('Attendee name'),
-        ]
-        name_scheme = PERSON_NAME_SCHEMES[self.event.settings.name_scheme]
-        if len(name_scheme['fields']) > 1:
-            for k, label, w in name_scheme['fields']:
-                headers.append(_('Attendee name') + ': ' + str(label))
-        headers += [
-            _('Attendee email'),
-            _('Voucher'),
-            _('Pseudonymization ID'),
-        ]
-        questions = list(self.event.questions.all())
-        for q in questions:
-            headers.append(str(q.question))
-        headers += [
-            _('Company'),
-            _('Invoice address name'),
-        ]
-        if len(name_scheme['fields']) > 1:
-            for k, label, w in name_scheme['fields']:
-                headers.append(_('Invoice address name') + ': ' + str(label))
-        headers += [
-            _('Address'), _('ZIP code'), _('City'), _('Country'), _('VAT ID'),
-        ]
-
-        yield headers
-
-        for op in qs.order_by('order__datetime', 'positionid'):
-            order = op.order
-            row = [
-                order.code,
-                op.positionid,
-                order.get_status_display(),
-                order.email,
-                order.datetime.astimezone(tz).strftime('%Y-%m-%d'),
-                str(op.item),
-                str(op.variation) if op.variation else '',
-                op.price,
-                op.tax_rate,
-                str(op.tax_rule) if op.tax_rule else '',
-                op.tax_value,
-                op.attendee_name,
-            ]
-            if len(name_scheme['fields']) > 1:
-                for k, label, w in name_scheme['fields']:
-                    row.append(
-                        op.attendee_name_parts.get(k, '')
-                    )
-            row += [
-                op.attendee_email,
-                op.voucher.code if op.voucher else '',
-                op.pseudonymization_id,
-            ]
-            acache = {}
-            for a in op.answers.all():
-                acache[a.question_id] = str(a)
-            for q in questions:
-                row.append(acache.get(q.pk, ''))
-            try:
-                row += [
-                    order.invoice_address.company,
-                    order.invoice_address.name,
-                ]
-                if len(name_scheme['fields']) > 1:
-                    for k, label, w in name_scheme['fields']:
-                        row.append(
-                            order.invoice_address.name_parts.get(k, '')
-                        )
-                row += [
-                    order.invoice_address.street,
-                    order.invoice_address.zipcode,
-                    order.invoice_address.city,
-                    order.invoice_address.country if order.invoice_address.country else
-                    order.invoice_address.country_old,
-                    order.invoice_address.vat_id,
-                ]
-            except InvoiceAddress.DoesNotExist:
-                row += [''] * (7 + (len(name_scheme['fields']) if len(name_scheme['fields']) > 1 else 0))
-            yield row
-
-    def get_filename(self):
-        return '{}_orders'.format(self.event.slug)
+        return '{}_orders.csv'.format(self.event.slug), 'text/csv', output.getvalue().encode("utf-8")
 
 
-class PaymentListExporter(ListExporter):
-    identifier = 'paymentlist'
-    verbose_name = ugettext_lazy('Order payments and refunds')
+class QuotaListExporter(BaseExporter):
+    identifier = 'quotalistcsv'
+    verbose_name = ugettext_lazy('Quota availabilities (CSV)')
 
-    @property
-    def additional_form_fields(self):
-        return OrderedDict(
-            [
-                ('successful_only',
-                 forms.BooleanField(
-                     label=_('Only successful payments'),
-                     initial=True,
-                     required=False
-                 )),
-            ]
-        )
+    def render(self, form_data: dict):
+        output = io.StringIO()
+        writer = csv.writer(output, quoting=csv.QUOTE_NONNUMERIC, delimiter=",")
 
-    def iterate_list(self, form_data):
-        tz = pytz.timezone(self.event.settings.timezone)
-
-        provider_names = {
-            k: v.verbose_name
-            for k, v in self.event.get_payment_providers().items()
-        }
-
-        payments = OrderPayment.objects.filter(
-            order__event=self.event,
-        ).order_by('created')
-        refunds = OrderRefund.objects.filter(
-            order__event=self.event
-        ).order_by('created')
-
-        if form_data['successful_only']:
-            payments = payments.filter(
-                state__in=(OrderPayment.PAYMENT_STATE_CONFIRMED, OrderPayment.PAYMENT_STATE_REFUNDED),
-            )
-            refunds = refunds.filter(
-                state=OrderRefund.REFUND_STATE_DONE,
-            )
-
-        objs = sorted(list(payments) + list(refunds), key=lambda o: o.created)
-
-        headers = [
-            _('Order'), _('Payment ID'), _('Creation date'), _('Completion date'), _('Status'),
-            _('Status code'), _('Amount'), _('Payment method')
-        ]
-        yield headers
-
-        for obj in objs:
-            if isinstance(obj, OrderPayment) and obj.payment_date:
-                d2 = obj.payment_date.astimezone(tz).date().strftime('%Y-%m-%d')
-            elif isinstance(obj, OrderRefund) and obj.execution_date:
-                d2 = obj.execution_date.astimezone(tz).date().strftime('%Y-%m-%d')
-            else:
-                d2 = ''
-            row = [
-                obj.order.code,
-                obj.full_id,
-                obj.created.astimezone(tz).date().strftime('%Y-%m-%d'),
-                d2,
-                obj.get_state_display(),
-                obj.state,
-                localize(obj.amount * (-1 if isinstance(obj, OrderRefund) else 1)),
-                provider_names.get(obj.provider, obj.provider)
-            ]
-            yield row
-
-    def get_filename(self):
-        return '{}_payments'.format(self.event.slug)
-
-
-class QuotaListExporter(ListExporter):
-    identifier = 'quotalist'
-    verbose_name = ugettext_lazy('Quota availabilities')
-
-    def iterate_list(self, form_data):
         headers = [
             _('Quota name'), _('Total quota'), _('Paid orders'), _('Pending orders'), _('Blocking vouchers'),
             _('Current user\'s carts'), _('Waiting list'), _('Current availability')
         ]
-        yield headers
+        writer.writerow(headers)
 
         for quota in self.event.quotas.all():
             avail = quota.availability()
@@ -451,180 +170,9 @@ class QuotaListExporter(ListExporter):
                 quota.count_waiting_list_pending(),
                 _('Infinite') if avail[1] is None else avail[1]
             ]
-            yield row
+            writer.writerow(row)
 
-    def get_filename(self):
-        return '{}_quotas'.format(self.event.slug)
-
-
-class InvoiceDataExporter(MultiSheetListExporter):
-    identifier = 'invoicedata'
-    verbose_name = ugettext_lazy('Invoice data')
-
-    @property
-    def sheets(self):
-        return (
-            ('invoices', _('Invoices')),
-            ('lines', _('Invoice lines')),
-        )
-
-    def iterate_sheet(self, form_data, sheet):
-        if sheet == 'invoices':
-            yield [
-                _('Invoice number'),
-                _('Date'),
-                _('Order code'),
-                _('E-mail address'),
-                _('Invoice type'),
-                _('Cancellation of'),
-                _('Language'),
-                _('Invoice sender:') + ' ' + _('Name'),
-                _('Invoice sender:') + ' ' + _('Address'),
-                _('Invoice sender:') + ' ' + _('ZIP code'),
-                _('Invoice sender:') + ' ' + _('City'),
-                _('Invoice sender:') + ' ' + _('Country'),
-                _('Invoice sender:') + ' ' + _('Tax ID'),
-                _('Invoice sender:') + ' ' + _('VAT ID'),
-                _('Invoice recipient:') + ' ' + _('Company'),
-                _('Invoice recipient:') + ' ' + _('Name'),
-                _('Invoice recipient:') + ' ' + _('Street address'),
-                _('Invoice recipient:') + ' ' + _('ZIP code'),
-                _('Invoice recipient:') + ' ' + _('City'),
-                _('Invoice recipient:') + ' ' + _('Country'),
-                _('Invoice recipient:') + ' ' + _('VAT ID'),
-                _('Invoice recipient:') + ' ' + _('Beneficiary'),
-                _('Invoice recipient:') + ' ' + _('Internal reference'),
-                _('Reverse charge'),
-                _('Shown foreign currency'),
-                _('Foreign currency rate'),
-                _('Total value (with taxes)'),
-                _('Total value (without taxes)'),
-            ]
-            qs = self.event.invoices.order_by('full_invoice_no').select_related(
-                'order', 'refers'
-            ).annotate(
-                total_gross=Subquery(
-                    InvoiceLine.objects.filter(
-                        invoice=OuterRef('pk')
-                    ).order_by().values('invoice').annotate(
-                        s=Sum('gross_value')
-                    ).values('s')
-                ),
-                total_net=Subquery(
-                    InvoiceLine.objects.filter(
-                        invoice=OuterRef('pk')
-                    ).order_by().values('invoice').annotate(
-                        s=Sum(F('gross_value') - F('tax_value'))
-                    ).values('s')
-                )
-            )
-            for i in qs:
-                yield [
-                    i.full_invoice_no,
-                    date_format(i.date, "SHORT_DATE_FORMAT"),
-                    i.order.code,
-                    i.order.email,
-                    _('Cancellation') if i.is_cancellation else _('Invoice'),
-                    i.refers.full_invoice_no if i.refers else '',
-                    i.locale,
-                    i.invoice_from_name,
-                    i.invoice_from,
-                    i.invoice_from_zipcode,
-                    i.invoice_from_city,
-                    i.invoice_from_country,
-                    i.invoice_from_tax_id,
-                    i.invoice_from_vat_id,
-                    i.invoice_to_company,
-                    i.invoice_to_name,
-                    i.invoice_to_street or i.invoice_to,
-                    i.invoice_to_zipcode,
-                    i.invoice_to_city,
-                    i.invoice_to_country,
-                    i.invoice_to_vat_id,
-                    i.invoice_to_beneficiary,
-                    i.internal_reference,
-                    _('Yes') if i.reverse_charge else _('No'),
-                    i.foreign_currency_display,
-                    i.foreign_currency_rate,
-                    i.total_gross if i.total_gross else Decimal('0.00'),
-                    Decimal(i.total_net if i.total_net else '0.00').quantize(Decimal('0.01')),
-                ]
-        elif sheet == 'lines':
-            yield [
-                _('Invoice number'),
-                _('Line number'),
-                _('Description'),
-                _('Gross price'),
-                _('Net price'),
-                _('Tax value'),
-                _('Tax rate'),
-                _('Tax name'),
-                _('Event start date'),
-
-                _('Date'),
-                _('Order code'),
-                _('E-mail address'),
-                _('Invoice type'),
-                _('Cancellation of'),
-                _('Invoice sender:') + ' ' + _('Name'),
-                _('Invoice sender:') + ' ' + _('Address'),
-                _('Invoice sender:') + ' ' + _('ZIP code'),
-                _('Invoice sender:') + ' ' + _('City'),
-                _('Invoice sender:') + ' ' + _('Country'),
-                _('Invoice sender:') + ' ' + _('Tax ID'),
-                _('Invoice sender:') + ' ' + _('VAT ID'),
-                _('Invoice recipient:') + ' ' + _('Company'),
-                _('Invoice recipient:') + ' ' + _('Name'),
-                _('Invoice recipient:') + ' ' + _('Street address'),
-                _('Invoice recipient:') + ' ' + _('ZIP code'),
-                _('Invoice recipient:') + ' ' + _('City'),
-                _('Invoice recipient:') + ' ' + _('Country'),
-                _('Invoice recipient:') + ' ' + _('VAT ID'),
-                _('Invoice recipient:') + ' ' + _('Beneficiary'),
-                _('Invoice recipient:') + ' ' + _('Internal reference'),
-            ]
-            qs = InvoiceLine.objects.filter(
-                invoice__event=self.event
-            ).order_by('invoice__full_invoice_no', 'position').select_related(
-                'invoice', 'invoice__order', 'invoice__refers'
-            )
-            for l in qs:
-                i = l.invoice
-                yield [
-                    i.full_invoice_no,
-                    l.position + 1,
-                    l.description.replace("<br />", " - "),
-                    l.gross_value,
-                    l.net_value,
-                    l.tax_value,
-                    l.tax_rate,
-                    l.tax_name,
-                    date_format(l.event_date_from, "SHORT_DATE_FORMAT") if l.event_date_from else "",
-                    date_format(i.date, "SHORT_DATE_FORMAT"),
-                    i.order.code,
-                    i.order.email,
-                    _('Cancellation') if i.is_cancellation else _('Invoice'),
-                    i.refers.full_invoice_no if i.refers else '',
-                    i.invoice_from_name,
-                    i.invoice_from,
-                    i.invoice_from_zipcode,
-                    i.invoice_from_city,
-                    i.invoice_from_country,
-                    i.invoice_from_tax_id,
-                    i.invoice_from_vat_id,
-                    i.invoice_to_company,
-                    i.invoice_to_name,
-                    i.invoice_to_street or i.invoice_to,
-                    i.invoice_to_zipcode,
-                    i.invoice_to_city,
-                    i.invoice_to_country,
-                    i.invoice_to_vat_id,
-                    i.invoice_to_beneficiary,
-                    i.internal_reference,
-                ]
-
-    def get_filename(self):
-        return '{}_invoices'.format(self.event.slug)
+        return '{}_quotas.csv'.format(self.event.slug), 'text/csv', output.getvalue().encode("utf-8")
 
 
 @receiver(register_data_exporters, dispatch_uid="exporter_orderlist")
@@ -632,16 +180,6 @@ def register_orderlist_exporter(sender, **kwargs):
     return OrderListExporter
 
 
-@receiver(register_data_exporters, dispatch_uid="exporter_paymentlist")
-def register_paymentlist_exporter(sender, **kwargs):
-    return PaymentListExporter
-
-
 @receiver(register_data_exporters, dispatch_uid="exporter_quotalist")
 def register_quotalist_exporter(sender, **kwargs):
     return QuotaListExporter
-
-
-@receiver(register_data_exporters, dispatch_uid="exporter_invoicedata")
-def register_invoicedata_exporter(sender, **kwargs):
-    return InvoiceDataExporter

src/pretix/base/forms/__init__.py

@@ -1,11 +1,9 @@
 import logging
 
 import i18nfield.forms
-from django import forms
 from django.forms.models import ModelFormMetaclass
 from django.utils import six
 from django.utils.crypto import get_random_string
-from formtools.wizard.views import SessionWizardView
 from hierarkey.forms import HierarkeyForm
 
 from pretix.base.models import Event
@@ -59,7 +57,7 @@ class SettingsForm(i18nfield.forms.I18nFormMixin, HierarkeyForm):
         kwargs['locales'] = self.locales
         kwargs['initial'] = self.obj.settings.freeze()
         super().__init__(*args, **kwargs)
-        for k, f in self.fields.items():
+        for f in self.fields.values():
             if isinstance(f, (RelativeDateTimeField, RelativeDateField)):
                 f.set_event(self.obj)
 
@@ -73,29 +71,3 @@ class SettingsForm(i18nfield.forms.I18nFormMixin, HierarkeyForm):
             fname = '%s/%s.%s.%s' % (self.obj.slug, name, nonce, name.split('.')[-1])
         # TODO: make sure pub is always correct
         return 'pub/' + fname
-
-
-class PrefixForm(forms.Form):
-    prefix = forms.CharField(widget=forms.HiddenInput)
-
-
-class SafeSessionWizardView(SessionWizardView):
-    def get_prefix(self, request, *args, **kwargs):
-        if hasattr(request, '_session_wizard_prefix'):
-            return request._session_wizard_prefix
-        prefix_form = PrefixForm(self.request.POST, prefix=super().get_prefix(request, *args, **kwargs))
-        if not prefix_form.is_valid():
-            request._session_wizard_prefix = get_random_string(length=24)
-        else:
-            request._session_wizard_prefix = prefix_form.cleaned_data['prefix']
-        return request._session_wizard_prefix
-
-    def get_context_data(self, form, **kwargs):
-        context = super().get_context_data(form=form, **kwargs)
-        context['wizard']['prefix_form'] = PrefixForm(
-            prefix=super().get_prefix(self.request),
-            initial={
-                'prefix': self.get_prefix(self.request)
-            }
-        )
-        return context

src/pretix/base/forms/auth.py

@@ -39,7 +39,7 @@ class LoginForm(forms.Form):
         password = self.cleaned_data.get('password')
 
         if email and password:
-            self.user_cache = authenticate(request=self.request, email=email.lower(), password=password)
+            self.user_cache = authenticate(email=email.lower(), password=password)
             if self.user_cache is None:
                 raise forms.ValidationError(
                     self.error_messages['invalid_login'],
@@ -120,7 +120,7 @@ class RegistrationForm(forms.Form):
 
     def clean_email(self):
         email = self.cleaned_data['email']
-        if User.objects.filter(email__iexact=email).exists():
+        if User.objects.filter(email=email).exists():
             raise forms.ValidationError(
                 self.error_messages['duplicate_email'],
                 code='duplicate_email'
@@ -180,4 +180,12 @@ class PasswordForgotForm(forms.Form):
         super().__init__(*args, **kwargs)
 
     def clean_email(self):
-        return self.cleaned_data['email']
+        email = self.cleaned_data['email']
+        try:
+            self.cleaned_data['user'] = User.objects.get(email=email)
+            return email
+        except User.DoesNotExist:
+            raise forms.ValidationError(
+                _("We are unable to find a user matching the data you provided."),
+                code='unknown_user'
+            )

src/pretix/base/forms/questions.py

@@ -1,4 +1,3 @@
-import copy
 import logging
 from decimal import Decimal
 
@@ -9,7 +8,6 @@ import vat_moss.id
 from django import forms
 from django.contrib import messages
 from django.core.exceptions import ValidationError
-from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
 
 from pretix.base.forms.widgets import (
@@ -18,112 +16,12 @@ from pretix.base.forms.widgets import (
 )
 from pretix.base.models import InvoiceAddress, Question
 from pretix.base.models.tax import EU_COUNTRIES
-from pretix.base.settings import PERSON_NAME_SCHEMES
-from pretix.base.templatetags.rich_text import rich_text
-from pretix.control.forms import SplitDateTimeField
 from pretix.helpers.i18n import get_format_without_seconds
 from pretix.presale.signals import question_form_fields
 
 logger = logging.getLogger(__name__)
 
 
-class NamePartsWidget(forms.MultiWidget):
-    widget = forms.TextInput
-
-    def __init__(self, scheme: dict, field: forms.Field, attrs=None):
-        widgets = []
-        self.scheme = scheme
-        self.field = field
-        for fname, label, size in self.scheme['fields']:
-            a = copy.copy(attrs) or {}
-            a['data-fname'] = fname
-            widgets.append(self.widget(attrs=a))
-        super().__init__(widgets, attrs)
-
-    def decompress(self, value):
-        if value is None:
-            return None
-        data = []
-        for i, field in enumerate(self.scheme['fields']):
-            fname, label, size = field
-            data.append(value.get(fname, ""))
-        if '_legacy' in value and not data[-1]:
-            data[-1] = value.get('_legacy', '')
-        return data
-
-    def render(self, name: str, value, attrs=None, renderer=None) -> str:
-        if not isinstance(value, list):
-            value = self.decompress(value)
-        output = []
-        final_attrs = self.build_attrs(attrs or dict())
-        if 'required' in final_attrs:
-            del final_attrs['required']
-        id_ = final_attrs.get('id', None)
-        for i, widget in enumerate(self.widgets):
-            try:
-                widget_value = value[i]
-            except (IndexError, TypeError):
-                widget_value = None
-            if id_:
-                final_attrs = dict(
-                    final_attrs,
-                    id='%s_%s' % (id_, i),
-                    title=self.scheme['fields'][i][1],
-                    placeholder=self.scheme['fields'][i][1],
-                )
-                final_attrs['data-size'] = self.scheme['fields'][i][2]
-            output.append(widget.render(name + '_%s' % i, widget_value, final_attrs, renderer=renderer))
-        return mark_safe(self.format_output(output))
-
-    def format_output(self, rendered_widgets) -> str:
-        return '<div class="nameparts-form-group">%s</div>' % ''.join(rendered_widgets)
-
-
-class NamePartsFormField(forms.MultiValueField):
-    widget = NamePartsWidget
-
-    def compress(self, data_list) -> dict:
-        data = {}
-        data['_scheme'] = self.scheme_name
-        for i, value in enumerate(data_list):
-            data[self.scheme['fields'][i][0]] = value or ''
-        return data
-
-    def __init__(self, *args, **kwargs):
-        fields = []
-        defaults = {
-            'widget': self.widget,
-            'max_length': kwargs.pop('max_length', None),
-        }
-        self.scheme_name = kwargs.pop('scheme')
-        self.scheme = PERSON_NAME_SCHEMES.get(self.scheme_name)
-        self.one_required = kwargs.get('required', True)
-        require_all_fields = kwargs.pop('require_all_fields', False)
-        kwargs['required'] = False
-        kwargs['widget'] = (kwargs.get('widget') or self.widget)(
-            scheme=self.scheme, field=self, **kwargs.pop('widget_kwargs', {})
-        )
-        defaults.update(**kwargs)
-        for fname, label, size in self.scheme['fields']:
-            defaults['label'] = label
-            field = forms.CharField(**defaults)
-            field.part_name = fname
-            fields.append(field)
-        super().__init__(
-            fields=fields, require_all_fields=False, *args, **kwargs
-        )
-        self.require_all_fields = require_all_fields
-        self.required = self.one_required
-
-    def clean(self, value) -> dict:
-        value = super().clean(value)
-        if self.one_required and (not value or not any(v for v in value)):
-            raise forms.ValidationError(self.error_messages['required'], code='required')
-        if self.require_all_fields and not all(v for v in value):
-            raise forms.ValidationError(self.error_messages['incomplete'], code='required')
-        return value
-
-
 class BaseQuestionsForm(forms.Form):
     """
     This form class is responsible for asking order-related questions. This includes
@@ -148,12 +46,10 @@ class BaseQuestionsForm(forms.Form):
         super().__init__(*args, **kwargs)
 
         if item.admission and event.settings.attendee_names_asked:
-            self.fields['attendee_name_parts'] = NamePartsFormField(
-                max_length=255,
-                required=event.settings.attendee_names_required,
-                scheme=event.settings.name_scheme,
+            self.fields['attendee_name'] = forms.CharField(
+                max_length=255, required=event.settings.attendee_names_required,
                 label=_('Attendee name'),
-                initial=(cartpos.attendee_name_parts if cartpos else orderpos.attendee_name_parts),
+                initial=(cartpos.attendee_name if cartpos else orderpos.attendee_name),
             )
         if item.admission and event.settings.attendee_emails_asked:
             self.fields['attendee_email'] = forms.EmailField(
@@ -170,7 +66,6 @@ class BaseQuestionsForm(forms.Form):
             else:
                 initial = None
             tz = pytz.timezone(event.settings.timezone)
-            help_text = rich_text(q.help_text)
             if q.type == Question.TYPE_BOOLEAN:
                 if q.required:
                     # For some reason, django-bootstrap3 does not set the required attribute
@@ -186,7 +81,7 @@ class BaseQuestionsForm(forms.Form):
 
                 field = forms.BooleanField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     initial=initialbool, widget=widget,
                 )
             elif q.type == Question.TYPE_NUMBER:
@@ -199,13 +94,13 @@ class BaseQuestionsForm(forms.Form):
             elif q.type == Question.TYPE_STRING:
                 field = forms.CharField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     initial=initial.answer if initial else None,
                 )
             elif q.type == Question.TYPE_TEXT:
                 field = forms.CharField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     widget=forms.Textarea,
                     initial=initial.answer if initial else None,
                 )
@@ -213,7 +108,7 @@ class BaseQuestionsForm(forms.Form):
                 field = forms.ModelChoiceField(
                     queryset=q.options,
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     widget=forms.Select,
                     empty_label='',
                     initial=initial.options.first() if initial else None,
@@ -222,35 +117,35 @@ class BaseQuestionsForm(forms.Form):
                 field = forms.ModelMultipleChoiceField(
                     queryset=q.options,
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     widget=forms.CheckboxSelectMultiple,
                     initial=initial.options.all() if initial else None,
                 )
             elif q.type == Question.TYPE_FILE:
                 field = forms.FileField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     initial=initial.file if initial else None,
                     widget=UploadedFileWidget(position=pos, event=event, answer=initial),
                 )
             elif q.type == Question.TYPE_DATE:
                 field = forms.DateField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     initial=dateutil.parser.parse(initial.answer).date() if initial and initial.answer else None,
                     widget=DatePickerWidget(),
                 )
             elif q.type == Question.TYPE_TIME:
                 field = forms.TimeField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     initial=dateutil.parser.parse(initial.answer).time() if initial and initial.answer else None,
                     widget=TimePickerWidget(time_format=get_format_without_seconds('TIME_INPUT_FORMATS')),
                 )
             elif q.type == Question.TYPE_DATETIME:
-                field = SplitDateTimeField(
+                field = forms.SplitDateTimeField(
                     label=q.question, required=q.required,
-                    help_text=help_text,
+                    help_text=q.help_text,
                     initial=dateutil.parser.parse(initial.answer).astimezone(tz) if initial and initial.answer else None,
                     widget=SplitDateTimePickerWidget(time_format=get_format_without_seconds('TIME_INPUT_FORMATS')),
                 )
@@ -274,13 +169,13 @@ class BaseInvoiceAddressForm(forms.ModelForm):
 
     class Meta:
         model = InvoiceAddress
-        fields = ('is_business', 'company', 'name_parts', 'street', 'zipcode', 'city', 'country', 'vat_id',
-                  'internal_reference', 'beneficiary')
+        fields = ('is_business', 'company', 'name', 'street', 'zipcode', 'city', 'country', 'vat_id',
+                  'internal_reference')
         widgets = {
             'is_business': BusinessBooleanRadio,
             'street': forms.Textarea(attrs={'rows': 2, 'placeholder': _('Street and Number')}),
-            'beneficiary': forms.Textarea(attrs={'rows': 3}),
             'company': forms.TextInput(attrs={'data-display-dependency': '#id_is_business_1'}),
+            'name': forms.TextInput(attrs={}),
             'vat_id': forms.TextInput(attrs={'data-display-dependency': '#id_is_business_1'}),
             'internal_reference': forms.TextInput,
         }
@@ -292,58 +187,30 @@ class BaseInvoiceAddressForm(forms.ModelForm):
         self.event = event = kwargs.pop('event')
         self.request = kwargs.pop('request', None)
         self.validate_vat_id = kwargs.pop('validate_vat_id')
-        self.all_optional = kwargs.pop('all_optional', False)
         super().__init__(*args, **kwargs)
         if not event.settings.invoice_address_vatid:
             del self.fields['vat_id']
-
-        if not event.settings.invoice_address_required or self.all_optional:
+        if not event.settings.invoice_address_required:
             for k, f in self.fields.items():
                 f.required = False
                 f.widget.is_required = False
                 if 'required' in f.widget.attrs:
                     del f.widget.attrs['required']
-        elif event.settings.invoice_address_company_required and not self.all_optional:
-            self.initial['is_business'] = True
 
-            self.fields['is_business'].widget = BusinessBooleanRadio(require_business=True)
-            self.fields['company'].required = True
-            self.fields['company'].widget.is_required = True
-            self.fields['company'].widget.attrs['required'] = 'required'
-            del self.fields['company'].widget.attrs['data-display-dependency']
-            if 'vat_id' in self.fields:
-                del self.fields['vat_id'].widget.attrs['data-display-dependency']
-
-        self.fields['name_parts'] = NamePartsFormField(
-            max_length=255,
-            required=event.settings.invoice_name_required and not self.all_optional,
-            scheme=event.settings.name_scheme,
-            label=_('Name'),
-            initial=(self.instance.name_parts if self.instance else self.instance.name_parts),
-        )
-        if event.settings.invoice_address_required and not event.settings.invoice_address_company_required and not self.all_optional:
-            self.fields['name_parts'].widget.attrs['data-required-if'] = '#id_is_business_0'
-            self.fields['name_parts'].widget.attrs['data-no-required-attr'] = '1'
+            if event.settings.invoice_name_required:
+                self.fields['name'].required = True
+        else:
             self.fields['company'].widget.attrs['data-required-if'] = '#id_is_business_1'
-
-        if not event.settings.invoice_address_beneficiary:
-            del self.fields['beneficiary']
+            self.fields['name'].widget.attrs['data-required-if'] = '#id_is_business_0'
 
     def clean(self):
         data = self.cleaned_data
-        if not data.get('is_business'):
-            data['company'] = ''
-        if self.event.settings.invoice_address_required:
-            if data.get('is_business') and not data.get('company'):
-                raise ValidationError(_('You need to provide a company name.'))
-            if not data.get('is_business') and not data.get('name_parts'):
-                raise ValidationError(_('You need to provide your name.'))
+        if not data.get('name') and not data.get('company') and self.event.settings.invoice_address_required:
+            raise ValidationError(_('You need to provide either a company name or your name.'))
 
         if 'vat_id' in self.changed_data or not data.get('vat_id'):
             self.instance.vat_id_validated = False
 
-        self.instance.name_parts = data.get('name_parts')
-
         if self.validate_vat_id and self.instance.vat_id_validated and 'vat_id' not in self.changed_data:
             pass
         elif self.validate_vat_id and data.get('is_business') and data.get('country') in EU_COUNTRIES and data.get('vat_id'):
@@ -355,7 +222,7 @@ class BaseInvoiceAddressForm(forms.ModelForm):
                     country_code, normalized_id, company_name = result
                     self.instance.vat_id_validated = True
                     self.instance.vat_id = normalized_id
-            except (vat_moss.errors.InvalidError, ValueError):
+            except vat_moss.errors.InvalidError:
                 raise ValidationError(_('This VAT ID is not valid. Please re-check your input.'))
             except vat_moss.errors.WebServiceUnavailableError:
                 logger.exception('VAT ID checking failed for country {}'.format(data.get('country')))

src/pretix/base/forms/user.py

@@ -69,7 +69,7 @@ class UserSettingsForm(forms.ModelForm):
 
     def clean_email(self):
         email = self.cleaned_data['email']
-        if User.objects.filter(Q(email__iexact=email) & ~Q(pk=self.instance.pk)).exists():
+        if User.objects.filter(Q(email=email) & ~Q(pk=self.instance.pk)).exists():
             raise forms.ValidationError(
                 self.error_messages['duplicate_identifier'],
                 code='duplicate_identifier',

src/pretix/base/forms/widgets.py

@@ -2,7 +2,6 @@ import os
 
 from django import forms
 from django.utils.formats import get_format
-from django.utils.functional import lazy
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _
 
@@ -90,25 +89,17 @@ class SplitDateTimePickerWidget(forms.SplitDateTimeWidget):
         time_attrs = dict(attrs)
         date_attrs.setdefault('class', 'form-control splitdatetimepart')
         time_attrs.setdefault('class', 'form-control splitdatetimepart')
-        date_attrs.setdefault('autocomplete', 'off')
-        time_attrs.setdefault('autocomplete', 'off')
         date_attrs['class'] += ' datepickerfield'
         time_attrs['class'] += ' timepickerfield'
 
-        def date_placeholder():
-            df = date_format or get_format('DATE_INPUT_FORMATS')[0]
-            return now().replace(
-                year=2000, month=12, day=31, hour=18, minute=0, second=0, microsecond=0
-            ).strftime(df)
-
-        def time_placeholder():
-            tf = time_format or get_format('TIME_INPUT_FORMATS')[0]
-            return now().replace(
-                year=2000, month=1, day=1, hour=0, minute=0, second=0, microsecond=0
-            ).strftime(tf)
-
-        date_attrs['placeholder'] = lazy(date_placeholder, str)
-        time_attrs['placeholder'] = lazy(time_placeholder, str)
+        df = date_format or get_format('DATE_INPUT_FORMATS')[0]
+        date_attrs['placeholder'] = now().replace(
+            year=2000, month=12, day=31, hour=18, minute=0, second=0, microsecond=0
+        ).strftime(df)
+        tf = time_format or get_format('TIME_INPUT_FORMATS')[0]
+        time_attrs['placeholder'] = now().replace(
+            year=2000, month=1, day=1, hour=0, minute=0, second=0, microsecond=0
+        ).strftime(tf)
 
         widgets = (
             forms.DateInput(attrs=date_attrs, format=date_format),
@@ -119,22 +110,14 @@ class SplitDateTimePickerWidget(forms.SplitDateTimeWidget):
 
 
 class BusinessBooleanRadio(forms.RadioSelect):
-    def __init__(self, require_business=False, attrs=None):
-        self.require_business = require_business
-        if self.require_business:
-            choices = (
-                ('business', _('Business customer')),
-            )
-        else:
-            choices = (
-                ('individual', _('Individual customer')),
-                ('business', _('Business customer')),
-            )
+    def __init__(self, attrs=None):
+        choices = (
+            ('individual', _('Individual customer')),
+            ('business', _('Business customer')),
+        )
         super().__init__(attrs, choices)
 
     def format_value(self, value):
-        if self.require_business:
-            return 'business'
         try:
             return {True: 'business', False: 'individual'}[value]
         except KeyError:
@@ -142,8 +125,6 @@ class BusinessBooleanRadio(forms.RadioSelect):
 
     def value_from_datadict(self, data, files, name):
         value = data.get(name)
-        if self.require_business:
-            return True
         return {
             'business': True,
             True: True,

src/pretix/base/invoice.py

@@ -4,12 +4,11 @@ from decimal import Decimal
 from io import BytesIO
 from typing import Tuple
 
-import bleach
 import vat_moss.exchange_rates
 from django.contrib.staticfiles import finders
 from django.dispatch import receiver
 from django.utils.formats import date_format, localize
-from django.utils.translation import pgettext, ugettext
+from django.utils.translation import pgettext
 from PIL.Image import BICUBIC
 from reportlab.lib import pagesizes
 from reportlab.lib.enums import TA_LEFT
@@ -32,31 +31,6 @@ from pretix.base.templatetags.money import money_filter
 logger = logging.getLogger(__name__)
 
 
-class NumberedCanvas(Canvas):
-    def __init__(self, *args, **kwargs):
-        self.font_regular = kwargs.pop('font_regular')
-        super().__init__(*args, **kwargs)
-        self._saved_page_states = []
-
-    def showPage(self):
-        self._saved_page_states.append(dict(self.__dict__))
-        self._startPage()
-
-    def save(self):
-        num_pages = len(self._saved_page_states)
-        for state in self._saved_page_states:
-            self.__dict__.update(state)
-            self.draw_page_number(num_pages)
-            Canvas.showPage(self)
-        Canvas.save(self)
-
-    def draw_page_number(self, page_count):
-        self.saveState()
-        self.setFont(self.font_regular, 8)
-        self.drawRightString(self._pagesize[0] - 20 * mm, 10 * mm, pgettext("invoice", "Page %d of %d") % (self._pageNumber, page_count,))
-        self.restoreState()
-
-
 class BaseInvoiceRenderer:
     """
     This is the base class for all invoice renderers.
@@ -105,9 +79,6 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer):
     top_margin = 20 * mm
     bottom_margin = 15 * mm
     doc_template_class = BaseDocTemplate
-    canvas_class = Canvas
-    font_regular = 'OpenSans'
-    font_bold = 'OpenSansBd'
 
     def _init(self):
         """
@@ -121,10 +92,10 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer):
         Get a stylesheet. By default, this contains the "Normal" and "Heading1" styles.
         """
         stylesheet = StyleSheet1()
-        stylesheet.add(ParagraphStyle(name='Normal', fontName=self.font_regular, fontSize=10, leading=12))
-        stylesheet.add(ParagraphStyle(name='Heading1', fontName=self.font_bold, fontSize=15, leading=15 * 1.2))
-        stylesheet.add(ParagraphStyle(name='FineprintHeading', fontName=self.font_bold, fontSize=8, leading=12))
-        stylesheet.add(ParagraphStyle(name='Fineprint', fontName=self.font_regular, fontSize=8, leading=10))
+        stylesheet.add(ParagraphStyle(name='Normal', fontName='OpenSans', fontSize=10, leading=12))
+        stylesheet.add(ParagraphStyle(name='Heading1', fontName='OpenSansBd', fontSize=15, leading=15 * 1.2))
+        stylesheet.add(ParagraphStyle(name='FineprintHeading', fontName='OpenSansBd', fontSize=8, leading=12))
+        stylesheet.add(ParagraphStyle(name='Fineprint', fontName='OpenSans', fontSize=8, leading=10))
         return stylesheet
 
     def _register_fonts(self):
@@ -200,7 +171,7 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer):
             )
         ])
         story = self._get_story(doc)
-        doc.build(story, canvasmaker=self.canvas_class)
+        doc.build(story)
         return doc
 
     def generate(self, invoice: Invoice):
@@ -213,130 +184,103 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer):
 
 class ThumbnailingImageReader(ImageReader):
     def resize(self, width, height, dpi):
-        if width is None:
-            width = height * self._image.size[0] / self._image.size[1]
-        if height is None:
-            height = width * self._image.size[1] / self._image.size[0]
         self._image.thumbnail(
             size=(int(width * dpi / 72), int(height * dpi / 72)),
             resample=BICUBIC
         )
-        self._data = None
-        return width, height
-
-    def _jpeg_fh(self):
-        # Bypass a reportlab-internal optimization that falls back to the original
-        # file handle if the file is a JPEG, and therefore does not respect the
-        # (smaller) size of the modified image.
-        return None
 
 
 class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
     identifier = 'classic'
     verbose_name = pgettext('invoice', 'Classic renderer (pretix 1.0)')
 
-    def canvas_class(self, *args, **kwargs):
-        kwargs['font_regular'] = self.font_regular
-        return NumberedCanvas(*args, **kwargs)
-
     def _on_other_page(self, canvas: Canvas, doc):
         canvas.saveState()
-        canvas.setFont(self.font_regular, 8)
+        canvas.setFont('OpenSans', 8)
+        canvas.drawRightString(self.pagesize[0] - 20 * mm, 10 * mm, pgettext("invoice", "Page %d") % (doc.page,))
 
         for i, line in enumerate(self.invoice.footer_text.split('\n')[::-1]):
             canvas.drawCentredString(self.pagesize[0] / 2, 25 + (3.5 * i) * mm, line.strip())
 
         canvas.restoreState()
 
-    def _draw_invoice_to(self, canvas):
-        p = Paragraph(self.invoice.invoice_to.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
-        p.wrapOn(canvas, 85 * mm, 50 * mm)
-        p_size = p.wrap(85 * mm, 50 * mm)
-        p.drawOn(canvas, 25 * mm, (297 - 52) * mm - p_size[1])
-
-    def _draw_invoice_from(self, canvas):
-        p = Paragraph(self.invoice.full_invoice_from.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
-        p.wrapOn(canvas, 70 * mm, 50 * mm)
-        p_size = p.wrap(70 * mm, 50 * mm)
-        p.drawOn(canvas, 25 * mm, (297 - 17) * mm - p_size[1])
-
     def _on_first_page(self, canvas: Canvas, doc):
         canvas.setCreator('pretix.eu')
         canvas.setTitle(pgettext('invoice', 'Invoice {num}').format(num=self.invoice.number))
 
         canvas.saveState()
-        canvas.setFont(self.font_regular, 8)
-
-        if self.invoice.order.testmode:
-            canvas.saveState()
-            canvas.setFont('OpenSansBd', 30)
-            canvas.setFillColorRGB(32, 0, 0)
-            canvas.drawRightString(self.pagesize[0] - 20 * mm, (297 - 100) * mm, ugettext('TEST MODE'))
-            canvas.restoreState()
+        canvas.setFont('OpenSans', 8)
+        canvas.drawRightString(self.pagesize[0] - 20 * mm, 10 * mm, pgettext("invoice", "Page %d") % (doc.page,))
 
         for i, line in enumerate(self.invoice.footer_text.split('\n')[::-1]):
             canvas.drawCentredString(self.pagesize[0] / 2, 25 + (3.5 * i) * mm, line.strip())
 
         textobject = canvas.beginText(25 * mm, (297 - 15) * mm)
-        textobject.setFont(self.font_bold, 8)
+        textobject.setFont('OpenSansBd', 8)
         textobject.textLine(pgettext('invoice', 'Invoice from').upper())
         canvas.drawText(textobject)
 
-        self._draw_invoice_from(canvas)
+        p = Paragraph(self.invoice.invoice_from.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
+        p.wrapOn(canvas, 70 * mm, 50 * mm)
+        p_size = p.wrap(70 * mm, 50 * mm)
+        p.drawOn(canvas, 25 * mm, (297 - 17) * mm - p_size[1])
 
         textobject = canvas.beginText(25 * mm, (297 - 50) * mm)
-        textobject.setFont(self.font_bold, 8)
+        textobject.setFont('OpenSansBd', 8)
         textobject.textLine(pgettext('invoice', 'Invoice to').upper())
         canvas.drawText(textobject)
 
-        self._draw_invoice_to(canvas)
+        p = Paragraph(self.invoice.invoice_to.strip().replace('\n', '<br />\n'), style=self.stylesheet['Normal'])
+        p.wrapOn(canvas, 85 * mm, 50 * mm)
+        p_size = p.wrap(85 * mm, 50 * mm)
+        p.drawOn(canvas, 25 * mm, (297 - 52) * mm - p_size[1])
 
         textobject = canvas.beginText(125 * mm, (297 - 38) * mm)
-        textobject.setFont(self.font_bold, 8)
+        textobject.setFont('OpenSansBd', 8)
         textobject.textLine(pgettext('invoice', 'Order code').upper())
         textobject.moveCursor(0, 5)
-        textobject.setFont(self.font_regular, 10)
+        textobject.setFont('OpenSans', 10)
         textobject.textLine(self.invoice.order.full_code)
         canvas.drawText(textobject)
 
         textobject = canvas.beginText(125 * mm, (297 - 50) * mm)
-        textobject.setFont(self.font_bold, 8)
+        textobject.setFont('OpenSansBd', 8)
         if self.invoice.is_cancellation:
             textobject.textLine(pgettext('invoice', 'Cancellation number').upper())
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_regular, 10)
+            textobject.setFont('OpenSans', 10)
             textobject.textLine(self.invoice.number)
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_bold, 8)
+            textobject.setFont('OpenSansBd', 8)
             textobject.textLine(pgettext('invoice', 'Original invoice').upper())
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_regular, 10)
+            textobject.setFont('OpenSans', 10)
             textobject.textLine(self.invoice.refers.number)
         else:
             textobject.textLine(pgettext('invoice', 'Invoice number').upper())
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_regular, 10)
+            textobject.setFont('OpenSans', 10)
             textobject.textLine(self.invoice.number)
         textobject.moveCursor(0, 5)
 
         if self.invoice.is_cancellation:
-            textobject.setFont(self.font_bold, 8)
+            textobject.setFont('OpenSansBd', 8)
             textobject.textLine(pgettext('invoice', 'Cancellation date').upper())
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_regular, 10)
+            textobject.setFont('OpenSans', 10)
             textobject.textLine(date_format(self.invoice.date, "DATE_FORMAT"))
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_bold, 8)
+            textobject.setFont('OpenSansBd', 8)
             textobject.textLine(pgettext('invoice', 'Original invoice date').upper())
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_regular, 10)
+            textobject.setFont('OpenSans', 10)
             textobject.textLine(date_format(self.invoice.refers.date, "DATE_FORMAT"))
             textobject.moveCursor(0, 5)
         else:
-            textobject.setFont(self.font_bold, 8)
+            textobject.setFont('OpenSansBd', 8)
             textobject.textLine(pgettext('invoice', 'Invoice date').upper())
             textobject.moveCursor(0, 5)
-            textobject.setFont(self.font_regular, 10)
+            textobject.setFont('OpenSans', 10)
             textobject.textLine(date_format(self.invoice.date, "DATE_FORMAT"))
             textobject.moveCursor(0, 5)
 
@@ -368,7 +312,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
             return txt
 
         if not self.invoice.event.has_subevents:
-            if self.invoice.event.settings.show_date_to and self.invoice.event.date_to:
+            if self.invoice.event.settings.show_date_to:
                 p_str = (
                     shorten(self.invoice.event.name) + '\n' + pgettext('invoice', '{from_date}\nuntil {to_date}').format(
                         from_date=self.invoice.event.get_date_from_display(),
@@ -387,7 +331,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
         p.drawOn(canvas, 125 * mm, (297 - 17) * mm - p_size[1])
 
         textobject = canvas.beginText(125 * mm, (297 - 15) * mm)
-        textobject.setFont(self.font_bold, 8)
+        textobject.setFont('OpenSansBd', 8)
         textobject.textLine(pgettext('invoice', 'Event').upper())
         canvas.drawText(textobject)
 
@@ -424,14 +368,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
 
         if self.invoice.internal_reference:
             story.append(Paragraph(
-                pgettext('invoice', 'Customer reference: {reference}').format(reference=self.invoice.internal_reference),
-                self.stylesheet['Normal']
-            ))
-
-        if self.invoice.invoice_to_beneficiary:
-            story.append(Paragraph(
-                pgettext('invoice', 'Beneficiary') + ':<br />' +
-                bleach.clean(self.invoice.invoice_to_beneficiary, tags=[]).replace("\n", "<br />\n"),
+                pgettext('invoice', 'Your reference: {reference}').format(reference=self.invoice.internal_reference),
                 self.stylesheet['Normal']
             ))
 
@@ -445,8 +382,8 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
         tstyledata = [
             ('ALIGN', (1, 0), (-1, -1), 'RIGHT'),
             ('VALIGN', (0, 0), (-1, -1), 'TOP'),
-            ('FONTNAME', (0, 0), (-1, 0), self.font_bold),
-            ('FONTNAME', (0, -1), (-1, -1), self.font_bold),
+            ('FONTNAME', (0, 0), (-1, 0), 'OpenSansBd'),
+            ('FONTNAME', (0, -1), (-1, -1), 'OpenSansBd'),
             ('LEFTPADDING', (0, 0), (0, -1), 0),
             ('RIGHTPADDING', (-1, 0), (-1, -1), 0),
         ]
@@ -514,7 +451,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
             ('LEFTPADDING', (0, 0), (0, -1), 0),
             ('RIGHTPADDING', (-1, 0), (-1, -1), 0),
             ('FONTSIZE', (0, 0), (-1, -1), 8),
-            ('FONTNAME', (0, 0), (-1, -1), self.font_regular),
+            ('FONTNAME', (0, 0), (-1, -1), 'OpenSans'),
         ]
         thead = [
             pgettext('invoice', 'Tax rate'),

src/pretix/base/management/commands/rebuild.py

@@ -8,10 +8,10 @@ class Command(BaseCommand):
     help = "Rebuild static files and language files"
 
     def handle(self, *args, **options):
-        call_command('compilemessages', verbosity=1)
-        call_command('compilejsi18n', verbosity=1)
+        call_command('compilemessages', verbosity=1, interactive=False)
+        call_command('compilejsi18n', verbosity=1, interactive=False)
         call_command('collectstatic', verbosity=1, interactive=False)
-        call_command('compress', verbosity=1)
+        call_command('compress', verbosity=1, interactive=False)
         try:
             gs = GlobalSettingsObject()
             del gs.settings.update_check_last

src/pretix/base/middleware.py

@@ -3,8 +3,8 @@ from urllib.parse import urlsplit
 
 import pytz
 from django.conf import settings
+from django.core.urlresolvers import get_script_prefix
 from django.http import HttpRequest, HttpResponse
-from django.urls import get_script_prefix
 from django.utils import timezone, translation
 from django.utils.cache import patch_vary_headers
 from django.utils.deprecation import MiddlewareMixin
@@ -129,22 +129,13 @@ def get_language_from_request(request: HttpRequest) -> str:
     if _supported is None:
         _supported = OrderedDict(settings.LANGUAGES)
 
-    if request.path.startswith(get_script_prefix() + 'control'):
-        return (
-            get_language_from_user_settings(request)
-            or get_language_from_session_or_cookie(request)
-            or get_language_from_browser(request)
-            or get_language_from_event(request)
-            or get_default_language()
-        )
-    else:
-        return (
-            get_language_from_session_or_cookie(request)
-            or get_language_from_user_settings(request)
-            or get_language_from_browser(request)
-            or get_language_from_event(request)
-            or get_default_language()
-        )
+    return (
+        get_language_from_user_settings(request)
+        or get_language_from_session_or_cookie(request)
+        or get_language_from_browser(request)
+        or get_language_from_event(request)
+        or get_default_language()
+    )
 
 
 def _parse_csp(header):
@@ -198,7 +189,6 @@ class SecurityMiddleware(MiddlewareMixin):
             'connect-src': ["{dynamic}", "{media}", "https://checkout.stripe.com"],
             'img-src': ["{static}", "{media}", "data:", "https://*.stripe.com"],
             'font-src': ["{static}"],
-            'media-src': ["{static}", "data:"],
             # form-action is not only used to match on form actions, but also on URLs
             # form-actions redirect to. In the context of e.g. payment providers or
             # single-sign-on this can be nearly anything so we cannot really restrict

src/pretix/base/migrations/0001_initial.py

@@ -28,8 +28,7 @@ class Migration(migrations.Migration):
                 ('password', models.CharField(verbose_name='password', max_length=128)),
                 ('last_login', models.DateTimeField(verbose_name='last login', blank=True, null=True)),
                 ('is_superuser', models.BooleanField(verbose_name='superuser status', default=False, help_text='Designates that this user has all permissions without explicitly assigning them.')),
-                ('email', models.EmailField(max_length=191, blank=True, unique=True, verbose_name='E-mail', null=True,
-                                            db_index=True)),
+                ('email', models.EmailField(max_length=254, blank=True, unique=True, verbose_name='E-mail', null=True, db_index=True)),
                 ('givenname', models.CharField(verbose_name='Given name', max_length=255, blank=True, null=True)),
                 ('familyname', models.CharField(verbose_name='Family name', max_length=255, blank=True, null=True)),
                 ('is_active', models.BooleanField(verbose_name='Is active', default=True)),

src/pretix/base/migrations/0077_auto_20171124_1629_squashed_0088_auto_20180328_1217.py

@@ -1,424 +0,0 @@
-# Generated by Django 2.0.8 on 2018-09-11 14:50
-
-import django.core.validators
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-from django.db.models import F
-from django.db.models.functions import Concat
-from django.utils.crypto import get_random_string
-from django.utils.translation import ugettext as _
-
-import pretix.base.models.auth
-import pretix.base.validators
-from pretix.base.i18n import language
-
-
-def create_checkin_lists(apps, schema_editor):
-    Event = apps.get_model('pretixbase', 'Event')
-    Checkin = apps.get_model('pretixbase', 'Checkin')
-    EventSettingsStore = apps.get_model('pretixbase', 'Event_SettingsStore')
-    for e in Event.objects.all():
-        locale = EventSettingsStore.objects.filter(object=e, key='locale').first()
-        if locale:
-            locale = locale.value
-        else:
-            locale = settings.LANGUAGE_CODE
-
-        if e.has_subevents:
-            for se in e.subevents.all():
-                with language(locale):
-                    cl = e.checkin_lists.create(name=se.name, subevent=se, all_products=True)
-                Checkin.objects.filter(position__subevent=se, position__order__event=e).update(list=cl)
-        else:
-            with language(locale):
-                cl = e.checkin_lists.create(name=_('Default list'), all_products=True)
-            Checkin.objects.filter(position__order__event=e).update(list=cl)
-
-
-def set_full_invoice_no(app, schema_editor):
-    Invoice = app.get_model('pretixbase', 'Invoice')
-    Invoice.objects.all().update(
-        full_invoice_no=Concat(F('prefix'), F('invoice_no'))
-    )
-
-
-def set_position(apps, schema_editor):
-    Question = apps.get_model('pretixbase', 'Question')
-    for q in Question.objects.all():
-        for i, option in enumerate(q.options.all()):
-            option.position = i
-            option.save()
-
-
-def set_is_staff(apps, schema_editor):
-    User = apps.get_model('pretixbase', 'User')
-    User.objects.filter(is_superuser=True).update(is_staff=True)
-
-
-def set_identifiers(apps, schema_editor):
-    Question = apps.get_model('pretixbase', 'Question')
-    QuestionOption = apps.get_model('pretixbase', 'QuestionOption')
-
-    for q in Question.objects.select_related('event'):
-        if not q.identifier:
-            charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789')
-            while True:
-                code = get_random_string(length=8, allowed_chars=charset)
-                if not Question.objects.filter(event=q.event, identifier=code).exists():
-                    q.identifier = code
-                    q.save()
-                    break
-
-    for q in QuestionOption.objects.select_related('question', 'question__event'):
-        if not q.identifier:
-            charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789')
-            while True:
-                code = get_random_string(length=8, allowed_chars=charset)
-                if not QuestionOption.objects.filter(question__event=q.question.event, identifier=code).exists():
-                    q.identifier = code
-                    q.save()
-                    break
-
-
-class Migration(migrations.Migration):
-    replaces = [('pretixbase', '0077_auto_20171124_1629'), ('pretixbase', '0078_auto_20171206_1603'),
-                ('pretixbase', '0079_auto_20180115_0855'), ('pretixbase', '0080_question_ask_during_checkin'),
-                ('pretixbase', '0081_auto_20180220_1031'), ('pretixbase', '0082_auto_20180222_0938'),
-                ('pretixbase', '0083_auto_20180228_2102'), ('pretixbase', '0084_questionoption_position'),
-                ('pretixbase', '0085_auto_20180312_1119'), ('pretixbase', '0086_auto_20180320_1219'),
-                ('pretixbase', '0087_auto_20180317_1952'), ('pretixbase', '0088_auto_20180328_1217')]
-
-    dependencies = [
-        ('pretixbase', '0076_orderfee_squashed_0082_invoiceaddress_internal_reference'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='event',
-            name='slug',
-            field=models.SlugField(
-                help_text='Should be short, only contain lowercase letters, numbers, dots, and dashes, and must be '
-                          'unique among your events. We recommend some kind of abbreviation or a date with less than '
-                          '10 characters that can be easily remembered, but you can also choose to use a random '
-                          'value. This will be used in URLs, order codes, invoice numbers, and bank transfer '
-                          'references.',
-                validators=[django.core.validators.RegexValidator(
-                    message='The slug may only contain letters, numbers, dots and dashes.', regex='^[a-zA-Z0-9.-]+$'),
-                    pretix.base.validators.EventSlugBlacklistValidator()], verbose_name='Short form'),
-        ),
-        migrations.AlterField(
-            model_name='eventmetaproperty',
-            name='name',
-            field=models.CharField(db_index=True,
-                                   help_text='Can not contain spaces or special characters except underscores',
-                                   max_length=50, validators=[django.core.validators.RegexValidator(
-                    message='The property name may only contain letters, numbers and underscores.',
-                    regex='^[a-zA-Z0-9_]+$')], verbose_name='Name'),
-        ),
-        migrations.AlterField(
-            model_name='organizer',
-            name='slug',
-            field=models.SlugField(
-                help_text='Should be short, only contain lowercase letters, numbers, dots, and dashes. Every slug can '
-                          'only be used once. This is being used in URLs to refer to your organizer accounts and your'
-                          ' events.',
-                validators=[django.core.validators.RegexValidator(
-                    message='The slug may only contain letters, numbers, dots and dashes.', regex='^[a-zA-Z0-9.-]+$'),
-                    pretix.base.validators.OrganizerSlugBlacklistValidator()], verbose_name='Short form'),
-        ),
-        migrations.CreateModel(
-            name='CheckinList',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('name', models.CharField(max_length=190)),
-                ('all_products',
-                 models.BooleanField(default=True, verbose_name='All products (including newly created ones)')),
-                ('event', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='checkin_lists',
-                                            to='pretixbase.Event')),
-                ('subevent', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE,
-                                               to='pretixbase.SubEvent', verbose_name='Date')),
-                ('limit_products',
-                 models.ManyToManyField(blank=True, to='pretixbase.Item', verbose_name='Limit to products')),
-            ],
-        ),
-        migrations.AddField(
-            model_name='checkin',
-            name='list',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT,
-                                    related_name='checkins', to='pretixbase.CheckinList'),
-        ),
-        migrations.RunPython(
-            code=create_checkin_lists,
-            reverse_code=django.db.migrations.operations.special.RunPython.noop,
-        ),
-        migrations.AlterField(
-            model_name='checkin',
-            name='list',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='checkins',
-                                    to='pretixbase.CheckinList'),
-        ),
-        migrations.CreateModel(
-            name='NotificationSetting',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('action_type', models.CharField(max_length=255)),
-                ('method', models.CharField(choices=[('mail', 'E-mail')], max_length=255)),
-                ('event', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE,
-                                            to='pretixbase.Event')),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
-                ('enabled', models.BooleanField(default=True)),
-            ],
-        ),
-        migrations.AlterUniqueTogether(
-            name='notificationsetting',
-            unique_together={('user', 'action_type', 'event', 'method')},
-        ),
-        migrations.AddField(
-            model_name='logentry',
-            name='visible',
-            field=models.BooleanField(default=True),
-        ),
-        migrations.AlterField(
-            model_name='notificationsetting',
-            name='event',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE,
-                                    related_name='notification_settings', to='pretixbase.Event'),
-        ),
-        migrations.AlterField(
-            model_name='notificationsetting',
-            name='user',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='notification_settings',
-                                    to=settings.AUTH_USER_MODEL),
-        ),
-        migrations.AddField(
-            model_name='user',
-            name='notifications_send',
-            field=models.BooleanField(default=True, help_text='If turned off, you will not get any notifications.',
-                                      verbose_name='Receive notifications according to my settings below'),
-        ),
-        migrations.AddField(
-            model_name='user',
-            name='notifications_token',
-            field=models.CharField(default=pretix.base.models.auth.generate_notifications_token, max_length=255),
-        ),
-        migrations.AddField(
-            model_name='invoice',
-            name='full_invoice_no',
-            field=models.CharField(db_index=True, default='', max_length=190),
-            preserve_default=False,
-        ),
-        migrations.AlterField(
-            model_name='question',
-            name='type',
-            field=models.CharField(
-                choices=[('N', 'Number'), ('S', 'Text (one line)'), ('T', 'Multiline text'), ('B', 'Yes/No'),
-                         ('C', 'Choose one from a list'), ('M', 'Choose multiple from a list'), ('F', 'File upload'),
-                         ('D', 'Date'), ('H', 'Time'), ('W', 'Date and time')], max_length=5,
-                verbose_name='Question type'),
-        ),
-        migrations.RunPython(
-            code=set_full_invoice_no,
-            reverse_code=django.db.migrations.operations.special.RunPython.noop,
-        ),
-        migrations.AddField(
-            model_name='question',
-            name='ask_during_checkin',
-            field=models.BooleanField(default=False,
-                                      help_text='This will only work if you handle your check-in with pretixdroid 1.8 '
-                                                'or '
-                                                'newer or pretixdesk 0.2 or newer.',
-                                      verbose_name='Ask during check-in instead of in the ticket buying process'),
-        ),
-        migrations.AddField(
-            model_name='checkinlist',
-            name='include_pending',
-            field=models.BooleanField(default=False,
-                                      help_text='With this option, people will be able to check in even if the order '
-                                                'have '
-                                                'not been paid. This only works with pretixdesk 0.3.0 or newer or '
-                                                'pretixdroid 1.9 or newer.',
-                                      verbose_name='Include pending orders'),
-        ),
-        migrations.AlterField(
-            model_name='event',
-            name='presale_end',
-            field=models.DateTimeField(blank=True,
-                                       help_text='Optional. No products will be sold after this date. If you do not '
-                                                 'set '
-                                                 'this value, the presale will end after the end date of your event.',
-                                       null=True, verbose_name='End of presale'),
-        ),
-        migrations.AlterField(
-            model_name='logentry',
-            name='event',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL,
-                                    to='pretixbase.Event'),
-        ),
-        migrations.AlterField(
-            model_name='subevent',
-            name='presale_end',
-            field=models.DateTimeField(blank=True,
-                                       help_text='Optional. No products will be sold after this date. If you do not '
-                                                 'set '
-                                                 'this value, the presale will end after the end date of your event.',
-                                       null=True, verbose_name='End of presale'),
-        ),
-        migrations.AlterField(
-            model_name='user',
-            name='require_2fa',
-            field=models.BooleanField(default=False, verbose_name='Two-factor authentification is required to log in'),
-        ),
-        migrations.AddField(
-            model_name='order',
-            name='checkin_attention',
-            field=models.BooleanField(default=False,
-                                      help_text='If you set this, the check-in app will show a visible warning that '
-                                                'tickets of this order require special attention. This will not show '
-                                                'any '
-                                                'details or custom message, so you need to brief your check-in staff '
-                                                'how '
-                                                'to handle these cases.',
-                                      verbose_name='Requires special attention'),
-        ),
-        migrations.AddField(
-            model_name='taxrule',
-            name='custom_rules',
-            field=models.TextField(blank=True, null=True),
-        ),
-        migrations.AlterField(
-            model_name='orderfee',
-            name='fee_type',
-            field=models.CharField(
-                choices=[('payment', 'Payment fee'), ('shipping', 'Shipping fee'), ('service', 'Service fee'),
-                         ('other', 'Other fees')], max_length=100),
-        ),
-        migrations.AlterModelOptions(
-            name='questionoption',
-            options={'ordering': ('position', 'id'), 'verbose_name': 'Question option',
-                     'verbose_name_plural': 'Question options'},
-        ),
-        migrations.AddField(
-            model_name='questionoption',
-            name='position',
-            field=models.IntegerField(default=0),
-        ),
-        migrations.AlterField(
-            model_name='question',
-            name='position',
-            field=models.PositiveIntegerField(default=0, verbose_name='Position'),
-        ),
-        migrations.RunPython(
-            code=set_position,
-            reverse_code=django.db.migrations.operations.special.RunPython.noop,
-        ),
-        migrations.AddField(
-            model_name='question',
-            name='identifier',
-            field=models.CharField(default='', max_length=190),
-            preserve_default=False,
-        ),
-        migrations.AddField(
-            model_name='questionoption',
-            name='identifier',
-            field=models.CharField(default='', max_length=190),
-            preserve_default=False,
-        ),
-        migrations.AlterField(
-            model_name='user',
-            name='locale',
-            field=models.CharField(
-                choices=[('en', 'English'), ('de', 'German'), ('de-informal', 'German (informal)'), ('nl', 'Dutch'),
-                         ('da', 'Danish'), ('pt-br', 'Portuguese (Brazil)')], default='en', max_length=50,
-                verbose_name='Language'),
-        ),
-        migrations.RunPython(
-            code=set_identifiers,
-            reverse_code=django.db.migrations.operations.special.RunPython.noop,
-        ),
-        migrations.AlterField(
-            model_name='cachedcombinedticket',
-            name='file',
-            field=models.FileField(blank=True, max_length=255, null=True,
-                                   upload_to=pretix.base.models.orders.cachedcombinedticket_name),
-        ),
-        migrations.AlterField(
-            model_name='cachedticket',
-            name='file',
-            field=models.FileField(blank=True, max_length=255, null=True,
-                                   upload_to=pretix.base.models.orders.cachedticket_name),
-        ),
-        migrations.AlterField(
-            model_name='invoice',
-            name='file',
-            field=models.FileField(blank=True, max_length=255, null=True,
-                                   upload_to=pretix.base.models.invoices.invoice_filename),
-        ),
-        migrations.AlterField(
-            model_name='question',
-            name='identifier',
-            field=models.CharField(
-                help_text='You can enter any value here to make it easier to match the data with other sources. If '
-                          'you do '
-                          'not input one, we will generate one automatically.',
-                max_length=190, verbose_name='Internal identifier'),
-        ),
-        migrations.AlterField(
-            model_name='questionanswer',
-            name='file',
-            field=models.FileField(blank=True, max_length=255, null=True,
-                                   upload_to=pretix.base.models.orders.answerfile_name),
-        ),
-        migrations.RunPython(
-            code=set_is_staff,
-            reverse_code=django.db.migrations.operations.special.RunPython.noop,
-        ),
-        migrations.RemoveField(
-            model_name='user',
-            name='is_superuser',
-        ),
-        migrations.CreateModel(
-            name='StaffSession',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('date_start', models.DateTimeField(auto_now_add=True)),
-                ('date_end', models.DateTimeField(blank=True, null=True)),
-                ('session_key', models.CharField(max_length=255)),
-                ('comment', models.TextField()),
-            ],
-        ),
-        migrations.CreateModel(
-            name='StaffSessionAuditLog',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('datetime', models.DateTimeField(auto_now_add=True)),
-                ('url', models.CharField(max_length=255)),
-                ('session', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='logs',
-                                              to='pretixbase.StaffSession')),
-                ('impersonating', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE,
-                                                    to=settings.AUTH_USER_MODEL)),
-                ('method', models.CharField(default='GET', max_length=255)),
-            ],
-            options={
-                'ordering': ('datetime',),
-            },
-        ),
-        migrations.AddField(
-            model_name='staffsession',
-            name='user',
-            field=models.ForeignKey(default=None, on_delete=django.db.models.deletion.CASCADE,
-                                    to=settings.AUTH_USER_MODEL),
-            preserve_default=False,
-        ),
-        migrations.AlterModelOptions(
-            name='staffsession',
-            options={'ordering': ('date_start',)},
-        ),
-        migrations.AlterField(
-            model_name='item',
-            name='picture',
-            field=models.ImageField(blank=True, max_length=255, null=True,
-                                    upload_to=pretix.base.models.items.itempicture_upload_to,
-                                    verbose_name='Product picture'),
-        ),
-    ]