mirror of
https://github.com/pretix/pretix.git
synced 2026-07-11 06:11:54 +00:00
Compare commits
18 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ffca102a8a | |||
| 78f8830f90 | |||
| eb594266a7 | |||
| 76e6803eac | |||
| e19908571c | |||
| 779ab360df | |||
| 723c63008d | |||
| 15c194c0a3 | |||
| 7f847c3dd2 | |||
| 430c6dd269 | |||
| 6411648457 | |||
| 005b3864b1 | |||
| 1ee1c604cf | |||
| e425105dbf | |||
| 738b375042 | |||
| d09572d999 | |||
| 634754aacb | |||
| 14c3baa2aa |
@@ -53,7 +53,7 @@ Working with the code
|
||||
---------------------
|
||||
If you do not have a recent installation of ``nodejs``, install it now::
|
||||
|
||||
curl -sL https://deb.nodesource.com/setup_17.x | sudo -E bash -
|
||||
curl -sL https://deb.nodesource.com/setup_24.x | sudo -E bash -
|
||||
sudo apt install nodejs
|
||||
|
||||
To make sure it is on your path variable, close and reopen your terminal. Now, install the Python-level dependencies of pretix::
|
||||
|
||||
+1
-1
@@ -43,7 +43,7 @@ dependencies = [
|
||||
"django-countries==8.2.*",
|
||||
"django-filter==25.1",
|
||||
"django-formset-js-improved==0.5.0.5",
|
||||
"django-formtools==2.6.1",
|
||||
"django-formtools==2.7",
|
||||
"django-hierarkey==2.0.*,>=2.0.1",
|
||||
"django-hijack==3.7.*",
|
||||
"django-i18nfield==1.11.*",
|
||||
|
||||
@@ -1116,6 +1116,13 @@ class BaseQuestionsForm(forms.Form):
|
||||
if q.dependency_question_id and not question_is_visible(q.dependency_question_id, q.dependency_values) and answer is not None:
|
||||
d['question_%d' % q.pk] = None
|
||||
|
||||
# Strip False answers to required yes/no questions even if all_optional is set, as our data model assumes that
|
||||
# required yes/no questions can only be answered with yes
|
||||
for q in question_cache.values():
|
||||
if q.required and q.type == Question.TYPE_BOOLEAN:
|
||||
if 'question_%d' % q.pk in d and d['question_%d' % q.pk] is False:
|
||||
del d['question_%d' % q.pk]
|
||||
|
||||
return d
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
# Generated by Django 4.2.8 on 2024-07-01 09:27
|
||||
import logging
|
||||
|
||||
from django.db import migrations
|
||||
from django.db.models import Count
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def clean_duplicate_secrets(apps, schema_editor):
|
||||
# This will autofix all possible duplicate Order.code and OrderPosition.secret values,
|
||||
# unless Order.code is already too long to append something. This would need to be fixed by
|
||||
# sysadmins manually.
|
||||
OrderPosition = apps.get_model("pretixbase", "OrderPosition")
|
||||
Order = apps.get_model("pretixbase", "Order")
|
||||
|
||||
qs = OrderPosition.all.values("secret", "order__event__organizer_id").order_by().annotate(c=Count("*")).filter(c__gt=1)
|
||||
for row in qs:
|
||||
affected = OrderPosition.all.filter(
|
||||
**{k: v for k, v in row.items() if k != "c"}
|
||||
).order_by("pk")
|
||||
logger.error(f"Found {row['c']} tickets with with the same secret \"{row['secret']}\" in organizer {row['order__event__organizer_id']}, all except one will be changed")
|
||||
for i, a in enumerate(affected):
|
||||
if i > 0:
|
||||
a.secret = a.secret + "__dupl__" + str(a.pk)
|
||||
logger.info(
|
||||
f"Ticket {a.pk} has new secret {a.secret}"
|
||||
)
|
||||
a.save(update_fields=["organizer_id", "secret"])
|
||||
|
||||
qs = Order.objects.values("code", "event__organizer_id").order_by().annotate(c=Count("*")).filter(c__gt=1)
|
||||
for row in qs:
|
||||
affected = Order.objects.filter(
|
||||
**{k: v for k, v in row.items() if k != "c"}
|
||||
).order_by("pk")
|
||||
logger.error(f"Found {row['c']} orders with with the same code \"{row['code']}\" in organizer {row['event__organizer_id']}, all except one will be changed")
|
||||
for i, a in enumerate(affected):
|
||||
if i > 0:
|
||||
if len(a.code) > 16 - len(str(a.pk)):
|
||||
raise ValueError(f"Cannot auto-fix order with duplicate code {a.code}, order code is too long already")
|
||||
a.code = a.code + str(a.pk).zfill(16 - len(a.code))
|
||||
logger.info(
|
||||
f"Order {a.pk} has new code {a.code}"
|
||||
)
|
||||
a.save(update_fields=["organizer_id", "code"])
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
(
|
||||
"pretixbase",
|
||||
"0301_reusablemedium_remove_orderposition",
|
||||
),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RunPython(clean_duplicate_secrets, migrations.RunPython.noop),
|
||||
]
|
||||
+46
@@ -0,0 +1,46 @@
|
||||
# Generated by Django 4.2.8 on 2024-07-01 09:27
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
(
|
||||
"pretixbase",
|
||||
"0302_resolve_duplicate_codes_and_secrets",
|
||||
),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RunSQL(
|
||||
"UPDATE pretixbase_order "
|
||||
"SET organizer_id = (SELECT e.organizer_id FROM pretixbase_event e WHERE e.id = pretixbase_order.event_id) "
|
||||
"WHERE pretixbase_order.organizer_id IS NULL;",
|
||||
migrations.RunSQL.noop,
|
||||
),
|
||||
migrations.RunSQL(
|
||||
"UPDATE pretixbase_orderposition "
|
||||
"SET organizer_id = (SELECT e.organizer_id FROM pretixbase_order o LEFT JOIN pretixbase_event e ON e.id = o.event_id WHERE o.id = pretixbase_orderposition.order_id) "
|
||||
"WHERE pretixbase_orderposition.organizer_id IS NULL;",
|
||||
migrations.RunSQL.noop,
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="order",
|
||||
name="organizer",
|
||||
field=models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
related_name="orders",
|
||||
to="pretixbase.organizer",
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="orderposition",
|
||||
name="organizer",
|
||||
field=models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
related_name="order_positions",
|
||||
to="pretixbase.organizer",
|
||||
),
|
||||
),
|
||||
]
|
||||
@@ -1403,15 +1403,12 @@ class Event(EventMixin, LoggedModel):
|
||||
|
||||
for mp in self.organizer.meta_properties.all():
|
||||
if mp.required and not self.meta_data.get(mp.name):
|
||||
issues.append(
|
||||
('<a {a_attr}>' + gettext('You need to fill the meta parameter "{property}".') + '</a>').format(
|
||||
property=mp.name,
|
||||
a_attr='href="%s#id_prop-%d-value"' % (
|
||||
reverse('control:event.settings', kwargs={'organizer': self.organizer.slug, 'event': self.slug}),
|
||||
mp.pk
|
||||
)
|
||||
)
|
||||
)
|
||||
issues.append(format_html(
|
||||
'<a href="{href}{href_hash}">{text}</a>',
|
||||
text=gettext('You need to fill the meta parameter "{property}".').format(property=mp.name),
|
||||
href=reverse('control:event.settings', kwargs={'organizer': self.organizer.slug, 'event': self.slug}),
|
||||
href_hash=f'#id_prop-{mp.pk}-value',
|
||||
))
|
||||
|
||||
responses = event_live_issues.send(self)
|
||||
for receiver, response in sorted(responses, key=lambda r: str(r[0])):
|
||||
|
||||
@@ -224,8 +224,6 @@ class Order(LockModel, LoggedModel):
|
||||
"Organizer",
|
||||
related_name="orders",
|
||||
on_delete=models.CASCADE,
|
||||
null=True,
|
||||
blank=True,
|
||||
)
|
||||
event = models.ForeignKey(
|
||||
Event,
|
||||
@@ -329,7 +327,7 @@ class Order(LockModel, LoggedModel):
|
||||
default="line",
|
||||
)
|
||||
|
||||
objects = ScopedManager(OrderQuerySet.as_manager().__class__, organizer='event__organizer')
|
||||
objects = ScopedManager(OrderQuerySet.as_manager().__class__, organizer='organizer')
|
||||
|
||||
class Meta:
|
||||
verbose_name = _("Order")
|
||||
@@ -2541,8 +2539,6 @@ class OrderPosition(AbstractPosition):
|
||||
"Organizer",
|
||||
related_name="order_positions",
|
||||
on_delete=models.CASCADE,
|
||||
null=True,
|
||||
blank=True,
|
||||
)
|
||||
order = models.ForeignKey(
|
||||
Order,
|
||||
@@ -2599,7 +2595,7 @@ class OrderPosition(AbstractPosition):
|
||||
blank=True,
|
||||
)
|
||||
|
||||
all = ScopedManager(organizer='order__event__organizer')
|
||||
all = ScopedManager(organizer='organizer')
|
||||
objects = ActivePositionManager()
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
|
||||
@@ -1706,6 +1706,58 @@ class GiftCardPayment(BasePaymentProvider):
|
||||
)
|
||||
|
||||
|
||||
class BaseHistoricalPaymentProvider(BasePaymentProvider):
|
||||
"""
|
||||
Base class for payment providers that no longer exist but can't be deleted to make sure historical
|
||||
payments are shown correctly.
|
||||
|
||||
Subclasses are recommended to only implement:
|
||||
- identifier
|
||||
- verbose_name
|
||||
- public_name
|
||||
- payment_control_render
|
||||
- payment_control_render_short
|
||||
- refund_control_render
|
||||
- refund_control_render_short
|
||||
- render_invoice_text
|
||||
- render_invoice_stamp
|
||||
- api_payment_details
|
||||
- api_refund_details
|
||||
- shred_payment_info
|
||||
- matching_id
|
||||
- refund_matching_id
|
||||
"""
|
||||
|
||||
@property
|
||||
def is_enabled(self) -> bool:
|
||||
return False
|
||||
|
||||
@property
|
||||
def settings_form_fields(self) -> dict:
|
||||
return {}
|
||||
|
||||
def is_allowed(self, request: HttpRequest, total: Decimal=None) -> bool:
|
||||
return False
|
||||
|
||||
def payment_is_valid_session(self, request: HttpRequest, payment: OrderPayment):
|
||||
return False
|
||||
|
||||
def order_change_allowed(self, order: Order, request: HttpRequest=None) -> bool:
|
||||
return False
|
||||
|
||||
def payment_refund_supported(self, payment: OrderPayment) -> bool:
|
||||
return False
|
||||
|
||||
def payment_partial_refund_supported(self, payment: OrderPayment) -> bool:
|
||||
return False
|
||||
|
||||
def execute_payment(self, request: HttpRequest, payment: OrderPayment):
|
||||
raise PaymentException(_("This payment provider exists for historical purposes only and is no longer usable."))
|
||||
|
||||
def execute_refund(self, refund: OrderRefund):
|
||||
raise PaymentException(_("This payment provider exists for historical purposes only and is no longer usable."))
|
||||
|
||||
|
||||
@receiver(register_payment_providers, dispatch_uid="payment_free")
|
||||
def register_payment_provider(sender, **kwargs):
|
||||
return [FreeOrderProvider, BoxOfficeProvider, OffsettingProvider, ManualPayment, GiftCardPayment]
|
||||
|
||||
@@ -535,8 +535,9 @@ EventPluginRegistry = PluginAwareRegistry # for backwards compatibility
|
||||
event_live_issues = EventPluginSignal()
|
||||
"""
|
||||
This signal is sent out to determine whether an event can be taken live. If you want to
|
||||
prevent the event from going live, return a string that will be displayed to the user
|
||||
as the error message. If you don't, your receiver should return ``None``.
|
||||
prevent the event from going live, return an error message to display to the user (either
|
||||
as a SafeString containing HTML, or a string that will be HTML-escaped). If you don't,
|
||||
your receiver should return ``None``.
|
||||
|
||||
As with all event-plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
import importlib
|
||||
|
||||
from django import template
|
||||
from django.utils.html import conditional_escape
|
||||
from django.utils.safestring import mark_safe
|
||||
|
||||
from pretix.base.models import Event
|
||||
@@ -44,7 +45,7 @@ def eventsignal(event: Event, signame: str, **kwargs):
|
||||
_html = []
|
||||
for receiver, response in signal.send(event, **kwargs):
|
||||
if response:
|
||||
_html.append(response)
|
||||
_html.append(conditional_escape(response))
|
||||
return mark_safe("".join(_html))
|
||||
|
||||
|
||||
@@ -63,5 +64,5 @@ def signal(signame: str, request, **kwargs):
|
||||
_html = []
|
||||
for receiver, response in signal.send(request, **kwargs):
|
||||
if response:
|
||||
_html.append(response)
|
||||
_html.append(conditional_escape(response))
|
||||
return mark_safe("".join(_html))
|
||||
|
||||
@@ -27,11 +27,11 @@ from django.template import TemplateDoesNotExist, loader
|
||||
from django.template.loader import get_template
|
||||
from django.utils.functional import Promise
|
||||
from django.utils.translation import gettext as _
|
||||
from django.views.decorators.csrf import requires_csrf_token
|
||||
from sentry_sdk import last_event_id
|
||||
|
||||
from pretix.base.i18n import language
|
||||
from pretix.base.middleware import get_language_from_request
|
||||
from pretix.multidomain.middlewares import requires_csrf_token
|
||||
|
||||
|
||||
def csrf_failure(request, reason=""):
|
||||
|
||||
@@ -59,7 +59,7 @@ def on_task_prerun(sender, task_id, task, **kwargs):
|
||||
from pretix.helpers.logs import local
|
||||
|
||||
local.request_id = task_id
|
||||
if "X-Pretix-Trace" in task.request.headers:
|
||||
if task.request.headers and "X-Pretix-Trace" in task.request.headers:
|
||||
local.trace = task.request.headers["X-Pretix-Trace"].split(" ")
|
||||
else:
|
||||
local.trace = []
|
||||
|
||||
@@ -1905,12 +1905,6 @@ class QuickSetupForm(I18nForm):
|
||||
required=False,
|
||||
help_text=_("We'll show this publicly to allow attendees to contact you.")
|
||||
)
|
||||
contact_url = forms.URLField(
|
||||
label=_("Contact URL"),
|
||||
required=False,
|
||||
help_text=_("If you set this, the footer contact link will point here instead of using the email address above. "
|
||||
"Please note that you still need to add a contact email address that will be shared with all emails you send.")
|
||||
)
|
||||
total_quota = forms.IntegerField(
|
||||
label=_("Total capacity"),
|
||||
min_value=0,
|
||||
|
||||
@@ -39,7 +39,8 @@ from pretix.base.signals import (
|
||||
html_page_start = GlobalSignal()
|
||||
"""
|
||||
This signal allows you to put code in the beginning of the main page for every
|
||||
page in the backend. You are expected to return HTML.
|
||||
page in the backend. You are expected to return a SafeString containing HTML, or
|
||||
a string that will be HTML-escaped.
|
||||
|
||||
The ``sender`` keyword argument will contain the request.
|
||||
"""
|
||||
@@ -129,7 +130,7 @@ event_dashboard_top = EventPluginSignal()
|
||||
Arguments: 'request'
|
||||
|
||||
This signal is sent out to include custom HTML in the top part of the the event dashboard.
|
||||
Receivers should return HTML.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
An additional keyword argument ``subevent`` *can* contain a sub-event.
|
||||
@@ -172,6 +173,7 @@ Arguments: 'form'
|
||||
|
||||
This signal allows you to add additional HTML to the form that is used for modifying vouchers.
|
||||
You receive the form object in the ``form`` keyword argument.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -209,6 +211,7 @@ Arguments: 'quota'
|
||||
|
||||
This signal allows you to append HTML to a Quota's detail view. You receive the
|
||||
quota as argument in the ``quota`` keyword argument.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -219,6 +222,7 @@ Arguments: 'subevent'
|
||||
|
||||
This signal allows you to append HTML to a SubEvent's detail view. You receive the
|
||||
subevent as argument in the ``subevent`` keyword argument.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -265,7 +269,8 @@ order_info = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``order``, ``request``
|
||||
|
||||
This signal is sent out to display additional information on the order detail page
|
||||
This signal is sent out to display additional information on the order detail page.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
Additionally, the argument ``order`` and ``request`` are available.
|
||||
@@ -275,7 +280,8 @@ order_approve_info = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``order``, ``request``
|
||||
|
||||
This signal is sent out to display additional information on the order approve page
|
||||
This signal is sent out to display additional information on the order approve page.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
Additionally, the argument ``order`` and ``request`` are available.
|
||||
@@ -286,6 +292,7 @@ order_position_buttons = EventPluginSignal()
|
||||
Arguments: ``order``, ``position``, ``request``
|
||||
|
||||
This signal is sent out to display additional buttons for a single position of an order.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
Additionally, the argument ``order`` and ``request`` are available.
|
||||
@@ -315,6 +322,7 @@ Arguments: 'request'
|
||||
|
||||
This signal is sent out to include template snippets on the settings page of an event
|
||||
that allows generating a pretix Widget code.
|
||||
Receivers should return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
A second keyword argument ``request`` will contain the request object.
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
</p>
|
||||
<ul>
|
||||
{% for issue in issues %}
|
||||
<li>{{ issue|safe }}</li>
|
||||
<li>{{ issue }}</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
@@ -42,7 +42,7 @@
|
||||
</p>
|
||||
<ul>
|
||||
{% for issue in issues %}
|
||||
<li>{{ issue|safe }}</li>
|
||||
<li>{{ issue }}</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
@@ -193,7 +193,6 @@
|
||||
{% endblocktrans %}
|
||||
</p>
|
||||
{% bootstrap_field form.contact_mail layout="control" %}
|
||||
{% bootstrap_field form.contact_url layout="control" %}
|
||||
{% bootstrap_field form.imprint_url layout="control" %}
|
||||
</div>
|
||||
</fieldset>
|
||||
|
||||
@@ -49,11 +49,11 @@
|
||||
<td>
|
||||
<strong>
|
||||
{% if t.tag %}
|
||||
<a href="{% url "control:event.vouchers" organizer=request.event.organizer.slug event=request.event.slug %}?tag={{ '"'|add:t.tag|add:'"'|urlencode }}">
|
||||
<a href="{% url "control:event.vouchers" organizer=request.event.organizer.slug event=request.event.slug %}?filter-tag={{ '"'|add:t.tag|add:'"'|urlencode }}">
|
||||
{{ t.tag }}
|
||||
</a>
|
||||
{% else %}
|
||||
<a href="{% url "control:event.vouchers" organizer=request.event.organizer.slug event=request.event.slug %}?tag={{ '<>'|urlencode }}">
|
||||
<a href="{% url "control:event.vouchers" organizer=request.event.organizer.slug event=request.event.slug %}?filter-tag={{ '<>'|urlencode }}">
|
||||
{% trans "Empty tag" %}
|
||||
</a>
|
||||
{% endif %}
|
||||
|
||||
@@ -243,7 +243,8 @@ def invite(request, token):
|
||||
if request.user.is_authenticated:
|
||||
if inv.team.members.filter(pk=request.user.pk).exists():
|
||||
messages.error(request, _('You cannot accept the invitation for "{}" as you already are part of '
|
||||
'this team.').format(inv.team.name))
|
||||
'this team. If you want to add a different user or create a new account, '
|
||||
'log out and click the invitation link again.').format(inv.team.name))
|
||||
return redirect('control:index')
|
||||
else:
|
||||
with transaction.atomic():
|
||||
|
||||
@@ -1428,11 +1428,16 @@ class TaxUpdate(EventSettingsViewMixin, EventPermissionRequiredMixin, UpdateView
|
||||
form.instance.custom_rules = json.dumps([
|
||||
f.cleaned_data for f in self.formset.ordered_forms if f not in self.formset.deleted_forms
|
||||
], cls=I18nJSONEncoder)
|
||||
if form.has_changed():
|
||||
if form.has_changed() or self.formset.has_changed():
|
||||
change_data = {
|
||||
k: form.cleaned_data.get(k) for k in form.changed_data
|
||||
}
|
||||
if self.formset.has_changed():
|
||||
change_data["custom_rules"] = [
|
||||
f.cleaned_data for f in self.formset.ordered_forms if f not in self.formset.deleted_forms
|
||||
]
|
||||
self.object.log_action(
|
||||
'pretix.event.taxrule.changed', user=self.request.user, data={
|
||||
k: form.cleaned_data.get(k) for k in form.changed_data
|
||||
}
|
||||
'pretix.event.taxrule.changed', user=self.request.user, data=change_data
|
||||
)
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
@@ -19,7 +19,9 @@
|
||||
# You should have received a copy of the GNU Affero General Public License along with this program. If not, see
|
||||
# <https://www.gnu.org/licenses/>.
|
||||
#
|
||||
import itertools
|
||||
import re
|
||||
from http.cookies import Morsel
|
||||
|
||||
from django.conf import settings
|
||||
|
||||
@@ -48,6 +50,41 @@ def set_cookie_without_samesite(request, response, key, *args, **kwargs):
|
||||
response.cookies[key]['Partitioned'] = True
|
||||
|
||||
|
||||
def thoroughly_delete_cookie(response, cookie_name, **kwargs):
|
||||
""" Deletes different possible versions of a cookie (SameSite, Partitioned) """
|
||||
properties = {"SameSite": ["", 'None'], "Partitioned": ["", True]}
|
||||
for i, values in enumerate(itertools.product(*properties.values())):
|
||||
m = Morsel()
|
||||
m.set(cookie_name, '', '')
|
||||
m.update(kwargs)
|
||||
m.update(zip(properties.keys(), values))
|
||||
m['expires'] = "Thu, 01 Jan 1970 00:00:00 GMT"
|
||||
|
||||
response.cookies[f'___DELETECOOKIE__{i}___{cookie_name}'] = m
|
||||
|
||||
# Make sure settings a cookie afterwards will add a new item in the dictionary, placing
|
||||
# it below our deletion headers.
|
||||
response.cookies.pop(cookie_name, None)
|
||||
|
||||
|
||||
def get_all_values_of_cookie(cookie_header, cookie_name):
|
||||
# like django.http.cookie.parse_cookie, but returns all values of duplicated cookies instead of only the last
|
||||
values = list()
|
||||
if not cookie_header:
|
||||
return values
|
||||
for chunk in cookie_header.split(";"):
|
||||
if "=" in chunk:
|
||||
key, val = chunk.split("=", 1)
|
||||
else:
|
||||
# Assume an empty name per
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=169091
|
||||
key, val = "", chunk
|
||||
key, val = key.strip(), val.strip()
|
||||
if key == cookie_name:
|
||||
values.append(val)
|
||||
return values
|
||||
|
||||
|
||||
# Based on https://www.chromium.org/updates/same-site/incompatible-clients
|
||||
# Copyright 2019 Google LLC.
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
@@ -34,8 +34,6 @@
|
||||
|
||||
import logging
|
||||
import time
|
||||
from datetime import datetime
|
||||
from http.cookies import Morsel
|
||||
from urllib.parse import urlparse
|
||||
|
||||
from django.conf import settings
|
||||
@@ -53,12 +51,16 @@ from django.middleware.csrf import (
|
||||
from django.shortcuts import render
|
||||
from django.urls import set_urlconf
|
||||
from django.utils.cache import patch_vary_headers
|
||||
from django.utils.decorators import decorator_from_middleware
|
||||
from django.utils.deprecation import MiddlewareMixin
|
||||
from django.utils.http import http_date
|
||||
from django_scopes import scopes_disabled
|
||||
|
||||
from pretix.base.models import Event, Organizer
|
||||
from pretix.helpers.cookies import set_cookie_without_samesite
|
||||
from pretix.helpers.cookies import (
|
||||
get_all_values_of_cookie, set_cookie_without_samesite,
|
||||
thoroughly_delete_cookie,
|
||||
)
|
||||
from pretix.multidomain.models import KnownDomain
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -181,9 +183,23 @@ class SessionMiddleware(BaseSessionMiddleware):
|
||||
# The session should be deleted only if the session is entirely empty
|
||||
is_secure = request.scheme == 'https'
|
||||
if '__Host-' + settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
|
||||
response.delete_cookie('__Host-' + settings.SESSION_COOKIE_NAME)
|
||||
# response.delete_cookie does not work as we might have set a partitioned cookie
|
||||
thoroughly_delete_cookie(
|
||||
response,
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME,
|
||||
path=settings.SESSION_COOKIE_PATH,
|
||||
secure=is_secure,
|
||||
httponly=settings.SESSION_COOKIE_HTTPONLY or None
|
||||
)
|
||||
elif settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
|
||||
response.delete_cookie(settings.SESSION_COOKIE_NAME)
|
||||
# response.delete_cookie does not work as we might have set a partitioned cookie
|
||||
thoroughly_delete_cookie(
|
||||
response,
|
||||
settings.SESSION_COOKIE_NAME,
|
||||
path=settings.SESSION_COOKIE_PATH,
|
||||
secure=is_secure,
|
||||
httponly=settings.SESSION_COOKIE_HTTPONLY or None
|
||||
)
|
||||
else:
|
||||
if accessed:
|
||||
patch_vary_headers(response, ('Cookie',))
|
||||
@@ -200,15 +216,21 @@ class SessionMiddleware(BaseSessionMiddleware):
|
||||
if response.status_code != 500:
|
||||
request.session.save()
|
||||
if is_secure and settings.SESSION_COOKIE_NAME in request.COOKIES: # remove legacy cookie
|
||||
response.delete_cookie(settings.SESSION_COOKIE_NAME)
|
||||
response.delete_cookie(settings.SESSION_COOKIE_NAME, samesite="None")
|
||||
# response.delete_cookie does not work as we might have set a partitioned cookie
|
||||
thoroughly_delete_cookie(
|
||||
response,
|
||||
settings.SESSION_COOKIE_NAME,
|
||||
path=settings.SESSION_COOKIE_PATH,
|
||||
secure=is_secure,
|
||||
httponly=settings.SESSION_COOKIE_HTTPONLY or None
|
||||
)
|
||||
set_cookie_without_samesite(
|
||||
request, response,
|
||||
'__Host-' + settings.SESSION_COOKIE_NAME if is_secure else settings.SESSION_COOKIE_NAME,
|
||||
request.session.session_key, max_age=max_age,
|
||||
expires=expires,
|
||||
path=settings.SESSION_COOKIE_PATH,
|
||||
secure=request.scheme == 'https',
|
||||
secure=is_secure,
|
||||
httponly=settings.SESSION_COOKIE_HTTPONLY or None
|
||||
)
|
||||
return response
|
||||
@@ -253,75 +275,74 @@ class CsrfViewMiddleware(BaseCsrfMiddleware):
|
||||
if request.session.get(CSRF_SESSION_KEY) != request.META["CSRF_COOKIE"]:
|
||||
request.session[CSRF_SESSION_KEY] = request.META["CSRF_COOKIE"]
|
||||
else:
|
||||
is_secure = request.scheme == 'https'
|
||||
# Set the CSRF cookie even if it's already set, so we renew
|
||||
# the expiry timer.
|
||||
if is_secure and settings.CSRF_COOKIE_NAME in request.COOKIES: # remove legacy cookie
|
||||
response.delete_cookie(settings.CSRF_COOKIE_NAME)
|
||||
response.delete_cookie(settings.CSRF_COOKIE_NAME, samesite="None")
|
||||
|
||||
# remove legacy cookie
|
||||
if request.is_secure() and settings.CSRF_COOKIE_NAME in request.COOKIES:
|
||||
thoroughly_delete_cookie(
|
||||
response,
|
||||
settings.CSRF_COOKIE_NAME,
|
||||
path=settings.CSRF_COOKIE_PATH,
|
||||
secure=request.is_secure(),
|
||||
httponly=settings.CSRF_COOKIE_HTTPONLY
|
||||
)
|
||||
|
||||
handle_duplicated_csrftoken(request, response)
|
||||
|
||||
set_cookie_without_samesite(
|
||||
request, response,
|
||||
'__Host-' + settings.CSRF_COOKIE_NAME if is_secure else settings.CSRF_COOKIE_NAME,
|
||||
'__Host-' + settings.CSRF_COOKIE_NAME if request.is_secure() else settings.CSRF_COOKIE_NAME,
|
||||
request.META["CSRF_COOKIE"],
|
||||
max_age=settings.CSRF_COOKIE_AGE,
|
||||
path=settings.CSRF_COOKIE_PATH,
|
||||
secure=is_secure,
|
||||
secure=request.is_secure(),
|
||||
httponly=settings.CSRF_COOKIE_HTTPONLY
|
||||
)
|
||||
# Content varies with the CSRF cookie, so set the Vary header.
|
||||
patch_vary_headers(response, ('Cookie',))
|
||||
|
||||
def process_response(self, request, response):
|
||||
if (
|
||||
not settings.CSRF_USE_SESSIONS
|
||||
and request.is_secure()
|
||||
and settings.CSRF_COOKIE_NAME in response.cookies
|
||||
and response.cookies[settings.CSRF_COOKIE_NAME].value
|
||||
):
|
||||
logger.warning("Usage of djangos CsrfViewMiddleware detected (legacy cookie found in response). "
|
||||
"This may be caused by using csrf_project or requires_csrf_token from django.views.decorators.csrf. "
|
||||
"Use the pretix.multidomain.middlewares equivalent instead.")
|
||||
|
||||
return super().process_response(request, response)
|
||||
|
||||
|
||||
def handle_duplicated_csrftoken(request, response):
|
||||
# Due to a Safari bug, in some browser, two csrftoken cookies with different values
|
||||
# exist: one unpartitioned, one partitioned. This function generates an additional
|
||||
# Due to a Safari bug, in some browser, two csrftoken cookies can exist:
|
||||
# one unpartitioned, one partitioned. This function generates an additional
|
||||
# Set-Cookie header to get rid of the unpartitioned one.
|
||||
|
||||
cookie_name = '__Host-' + settings.CSRF_COOKIE_NAME
|
||||
|
||||
if request.scheme == 'https' and cookie_name in request.COOKIES:
|
||||
if request.is_secure() and cookie_name in request.COOKIES:
|
||||
values = get_all_values_of_cookie(request.headers.get('Cookie'), cookie_name)
|
||||
if len(values) > 1:
|
||||
logger.info('Trying to remove duplicated %s cookies: %r', cookie_name, values)
|
||||
|
||||
# Make sure the set_cookie_without_samesite below will add a new item in the dictionary, placing
|
||||
# it below our deletion header.
|
||||
response.cookies.pop(cookie_name, None)
|
||||
|
||||
# Add the deletion Set-Cookie header to the cookie dict under a wrong name, so it doesn't get
|
||||
# overwritten by the set_cookie_without_samesite call below. This works because the code in
|
||||
# django.core.handlers.wsgi/asgi, that generates the actual Set-Cookie headers, only iterates
|
||||
# over cookie.values(), ignoring the keys.
|
||||
response.cookies['___DELETECOOKIE___' + cookie_name] = make_delete_morsel(cookie_name)
|
||||
thoroughly_delete_cookie(
|
||||
response,
|
||||
cookie_name,
|
||||
secure=request.is_secure(),
|
||||
path=settings.CSRF_COOKIE_PATH,
|
||||
httponly=settings.CSRF_COOKIE_HTTPONLY
|
||||
)
|
||||
|
||||
|
||||
def get_all_values_of_cookie(cookie_header, cookie_name):
|
||||
# like django.http.cookie.parse_cookie, but returns all values of duplicated cookies instead of only the last
|
||||
values = list()
|
||||
if not cookie_header:
|
||||
return values
|
||||
for chunk in cookie_header.split(";"):
|
||||
if "=" in chunk:
|
||||
key, val = chunk.split("=", 1)
|
||||
else:
|
||||
# Assume an empty name per
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=169091
|
||||
key, val = "", chunk
|
||||
key, val = key.strip(), val.strip()
|
||||
if key == cookie_name:
|
||||
values.append(val)
|
||||
return values
|
||||
csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
|
||||
|
||||
|
||||
def make_delete_morsel(name):
|
||||
m = Morsel()
|
||||
m.set(name, '', '')
|
||||
m['expires'] = datetime.utcfromtimestamp(0).strftime("%a, %d %b %Y %H:%M:%S GMT")
|
||||
m['samesite'] = 'None'
|
||||
m['secure'] = True
|
||||
m['path'] = settings.CSRF_COOKIE_PATH
|
||||
m['httponly'] = settings.CSRF_COOKIE_HTTPONLY
|
||||
return m
|
||||
class _EnsureCsrfToken(CsrfViewMiddleware):
|
||||
# Behave like CsrfViewMiddleware but don't reject requests or log warnings.
|
||||
def _reject(self, request, reason):
|
||||
return None
|
||||
|
||||
|
||||
requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken)
|
||||
|
||||
@@ -26,6 +26,7 @@ from collections import defaultdict
|
||||
from django.dispatch import receiver
|
||||
from django.template.loader import get_template
|
||||
from django.urls import resolve, reverse
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from pretix.base.logentrytypes import EventLogEntryType, log_entry_types
|
||||
@@ -153,7 +154,7 @@ def control_order_position_info(sender: Event, position, request, order: Order,
|
||||
'event': sender,
|
||||
'position': position
|
||||
}
|
||||
return template.render(ctx, request=request).strip()
|
||||
return mark_safe(template.render(ctx, request=request).strip())
|
||||
|
||||
|
||||
@receiver(order_info, dispatch_uid="badges_control_order_info")
|
||||
|
||||
@@ -162,6 +162,8 @@ class ScheduledMail(models.Model):
|
||||
send_to_orders = self.rule.send_to in (Rule.CUSTOMERS, Rule.BOTH)
|
||||
send_to_attendees = self.rule.send_to in (Rule.ATTENDEES, Rule.BOTH)
|
||||
|
||||
position_ids = op_qs.values_list('id', flat=True)
|
||||
|
||||
for o in orders:
|
||||
with language(o.locale, e.settings.region):
|
||||
positions = list(o.positions.all())
|
||||
@@ -191,28 +193,29 @@ class ScheduledMail(models.Model):
|
||||
positions = [p for p in positions if p.subevent_id == self.subevent_id]
|
||||
|
||||
for p in positions:
|
||||
if p.attendee_email and (p.attendee_email != o.email or not o_sent):
|
||||
email_ctx = get_email_context(
|
||||
event=e,
|
||||
order=o,
|
||||
invoice_address=ia,
|
||||
position=p,
|
||||
event_or_subevent=self.subevent or e,
|
||||
)
|
||||
p.send_mail(self.rule.subject, self.rule.template, email_ctx,
|
||||
attach_ical=self.rule.attach_ical,
|
||||
log_entry_type='pretix.plugins.sendmail.rule.order.position.email.sent')
|
||||
elif not o_sent and o.email:
|
||||
email_ctx = get_email_context(
|
||||
event=e,
|
||||
order=o,
|
||||
invoice_address=ia,
|
||||
event_or_subevent=self.subevent or e,
|
||||
)
|
||||
o.send_mail(self.rule.subject, self.rule.template, email_ctx,
|
||||
attach_ical=self.rule.attach_ical,
|
||||
log_entry_type='pretix.plugins.sendmail.rule.order.email.sent')
|
||||
o_sent = True
|
||||
if p.id in position_ids:
|
||||
if p.attendee_email and (p.attendee_email != o.email or not o_sent):
|
||||
email_ctx = get_email_context(
|
||||
event=e,
|
||||
order=o,
|
||||
invoice_address=ia,
|
||||
position=p,
|
||||
event_or_subevent=self.subevent or e,
|
||||
)
|
||||
p.send_mail(self.rule.subject, self.rule.template, email_ctx,
|
||||
attach_ical=self.rule.attach_ical,
|
||||
log_entry_type='pretix.plugins.sendmail.rule.order.position.email.sent')
|
||||
elif not o_sent and o.email:
|
||||
email_ctx = get_email_context(
|
||||
event=e,
|
||||
order=o,
|
||||
invoice_address=ia,
|
||||
event_or_subevent=self.subevent or e,
|
||||
)
|
||||
o.send_mail(self.rule.subject, self.rule.template, email_ctx,
|
||||
attach_ical=self.rule.attach_ical,
|
||||
log_entry_type='pretix.plugins.sendmail.rule.order.email.sent')
|
||||
o_sent = True
|
||||
|
||||
self.last_successful_order_id = o.pk
|
||||
|
||||
@@ -270,7 +273,7 @@ class Rule(models.Model, LoggingMixin):
|
||||
|
||||
date_is_absolute = models.BooleanField(default=True, blank=True)
|
||||
offset_to_event_end = models.BooleanField(default=False, blank=True) # no verbose name because not actually
|
||||
offset_is_after = models.BooleanField(default=False, blank=True) # displayed in any forms
|
||||
offset_is_after = models.BooleanField(default=False, blank=True) # displayed in any forms
|
||||
|
||||
send_to = models.CharField(max_length=10, choices=SEND_TO_CHOICES, default=CUSTOMERS, verbose_name=_('Send email to'))
|
||||
|
||||
|
||||
@@ -189,7 +189,7 @@ def control_order_position_info(sender: Event, position, request, order, **kwarg
|
||||
'position': position,
|
||||
'layouts': layouts,
|
||||
}
|
||||
return template.render(ctx, request=request).strip()
|
||||
return template.render(ctx, request=request)
|
||||
|
||||
|
||||
override_layout = EventPluginSignal()
|
||||
|
||||
@@ -161,7 +161,8 @@ voucher_redeem_info = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``voucher``
|
||||
|
||||
This signal is sent out to display additional information on the "redeem a voucher" page
|
||||
This signal is sent out to display additional information on the "redeem a voucher" page.
|
||||
You are expected to return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -194,6 +195,7 @@ Arguments: ``request``
|
||||
|
||||
This signals allows you to add HTML content to the confirmation page that is presented at the
|
||||
end of the checkout process, just before the order is being created.
|
||||
You are expected to return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event. A ``request``
|
||||
argument will contain the request object.
|
||||
@@ -276,7 +278,8 @@ order_info = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``order``, ``request``
|
||||
|
||||
This signal is sent out to display additional information on the order detail page
|
||||
This signal is sent out to display additional information on the order detail page.
|
||||
Return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -285,7 +288,8 @@ position_info = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``order``, ``position``, ``request``
|
||||
|
||||
This signal is sent out to display additional information on the position detail page
|
||||
This signal is sent out to display additional information on the position detail page.
|
||||
Return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -294,7 +298,8 @@ order_info_top = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``order``, ``request``
|
||||
|
||||
This signal is sent out to display additional information on top of the order detail page
|
||||
This signal is sent out to display additional information on top of the order detail page.
|
||||
Return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -303,7 +308,8 @@ position_info_top = EventPluginSignal()
|
||||
"""
|
||||
Arguments: ``order``, ``position``, ``request``
|
||||
|
||||
This signal is sent out to display additional information on top of the position detail page
|
||||
This signal is sent out to display additional information on top of the position detail page.
|
||||
Return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event.
|
||||
"""
|
||||
@@ -349,7 +355,7 @@ This signal is sent out to display additional information on the frontpage above
|
||||
of products and but below a custom frontpage text.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event. The
|
||||
receivers are expected to return HTML.
|
||||
receivers are expected to return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
"""
|
||||
|
||||
render_seating_plan = EventPluginSignal()
|
||||
@@ -361,7 +367,7 @@ You will be passed the ``request`` as a keyword argument. If applicable, a ``sub
|
||||
``voucher`` argument might be given.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event. The
|
||||
receivers are expected to return HTML.
|
||||
receivers are expected to return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
"""
|
||||
|
||||
front_page_bottom = EventPluginSignal()
|
||||
@@ -372,7 +378,7 @@ This signal is sent out to display additional information on the frontpage below
|
||||
of products.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event. The
|
||||
receivers are expected to return HTML.
|
||||
receivers are expected to return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
"""
|
||||
|
||||
front_page_bottom_widget = EventPluginSignal()
|
||||
@@ -383,7 +389,7 @@ This signal is sent out to display additional information on the frontpage below
|
||||
of products if the front page is shown in the widget.
|
||||
|
||||
As with all event plugin signals, the ``sender`` keyword argument will contain the event. The
|
||||
receivers are expected to return HTML.
|
||||
receivers are expected to return a SafeString containing HTML, or a string that will be HTML-escaped.
|
||||
"""
|
||||
|
||||
checkout_all_optional = EventPluginSignal()
|
||||
@@ -403,7 +409,7 @@ Arguments: ``item``, ``variation``, ``subevent``
|
||||
|
||||
This signal is sent out when the description of an item or variation is rendered and allows you to append
|
||||
additional text to the description. You are passed the ``item``, ``variation`` and ``subevent``. You are
|
||||
expected to return HTML.
|
||||
expected to return markdown.
|
||||
"""
|
||||
|
||||
register_cookie_providers = EventPluginSignal()
|
||||
|
||||
@@ -44,7 +44,6 @@ from django.utils.http import url_has_allowed_host_and_scheme
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.decorators.cache import never_cache
|
||||
from django.views.decorators.csrf import csrf_protect
|
||||
from django.views.decorators.debug import sensitive_post_parameters
|
||||
from django.views.generic import FormView, ListView, View
|
||||
|
||||
@@ -101,7 +100,6 @@ class LoginView(RedirectBackMixin, FormView):
|
||||
redirect_authenticated_user = True
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -213,7 +211,6 @@ class RegistrationView(RedirectBackMixin, FormView):
|
||||
redirect_authenticated_user = True
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -257,7 +254,6 @@ class SetPasswordView(FormView):
|
||||
template_name = 'pretixpresale/organizers/customer_setpassword.html'
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -301,7 +297,6 @@ class ResetPasswordView(FormView):
|
||||
template_name = 'pretixpresale/organizers/customer_resetpw.html'
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -527,7 +522,6 @@ class ChangePasswordView(CustomerAccountBaseMixin, FormView):
|
||||
form_class = ChangePasswordForm
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -561,7 +555,6 @@ class ChangeInformationView(CustomerAccountBaseMixin, FormView):
|
||||
form_class = ChangeInfoForm
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -669,7 +662,6 @@ class SSOLoginView(RedirectBackMixin, View):
|
||||
redirect_authenticated_user = True
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
@@ -732,7 +724,6 @@ class SSOLoginReturnView(RedirectBackMixin, View):
|
||||
redirect_authenticated_user = True
|
||||
|
||||
@method_decorator(sensitive_post_parameters())
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.organizer.settings.customer_accounts:
|
||||
|
||||
@@ -426,6 +426,97 @@ def test_sendmail_rule_checked_in_get_mail(event, order, item):
|
||||
assert len(djmail.outbox) == 1, "email not sent"
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@scopes_disabled()
|
||||
def test_sendmail_rule_checked_in_mixed_order(event, order, item):
|
||||
order.status = Order.STATUS_PAID
|
||||
order.save()
|
||||
p1 = order.all_positions.create(item=item, price=13, attendee_email='item1@dummy.test')
|
||||
order.all_positions.create(item=item, price=13, attendee_email='item2@dummy.test') # p2
|
||||
clist = event.checkin_lists.create(name="Default", all_products=True)
|
||||
|
||||
# receives no mail when checked in
|
||||
djmail.outbox = []
|
||||
perform_checkin(p1, clist, {})
|
||||
assert clist.checkin_count == 1
|
||||
event.sendmail_rules.create(send_date=dt_now - datetime.timedelta(hours=1), checked_in_status="checked_in",
|
||||
subject='meow', template='meow meow meow')
|
||||
sendmail_run_rules(None)
|
||||
assert len(djmail.outbox) == 1
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@scopes_disabled()
|
||||
def test_sendmail_rule_not_checked_in_mixed_order(event, order, item):
|
||||
order.status = Order.STATUS_PAID
|
||||
order.save()
|
||||
p1 = order.all_positions.create(item=item, price=13, attendee_email='item1@dummy.test')
|
||||
order.all_positions.create(item=item, price=13, attendee_email='item2@dummy.test') # p2
|
||||
clist = event.checkin_lists.create(name="Default", all_products=True)
|
||||
|
||||
# receives no mail when checked in
|
||||
djmail.outbox = []
|
||||
perform_checkin(p1, clist, {})
|
||||
assert clist.checkin_count == 1
|
||||
event.sendmail_rules.create(send_date=dt_now - datetime.timedelta(hours=1), checked_in_status="no_checkin",
|
||||
subject='meow', template='meow meow meow')
|
||||
sendmail_run_rules(None)
|
||||
assert len(djmail.outbox) == 1
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@scopes_disabled()
|
||||
def test_sendmail_rule_not_checked_in_mixed_order_position_without_email_not_matching_status(event, order, item, item2):
|
||||
order.status = Order.STATUS_PAID
|
||||
order.save()
|
||||
p1 = order.all_positions.create(item=item, price=13, attendee_email='item1@dummy.test')
|
||||
p2 = order.all_positions.create(item=item, price=13, attendee_email='item2@dummy.test')
|
||||
clist = event.checkin_lists.create(name="Default", all_products=True)
|
||||
|
||||
# receives no mail when checked in
|
||||
djmail.outbox = []
|
||||
perform_checkin(p1, clist, {})
|
||||
|
||||
# we have no email and we are checked in
|
||||
# we shouldn't trigger a fallback to order.email
|
||||
p3 = order.all_positions.create(item=item, price=13)
|
||||
perform_checkin(p3, clist, {})
|
||||
assert clist.checkin_count == 2
|
||||
|
||||
event.sendmail_rules.create(send_date=dt_now - datetime.timedelta(hours=1), checked_in_status="no_checkin",
|
||||
subject='meow', template='meow meow meow', send_to=Rule.ATTENDEES)
|
||||
sendmail_run_rules(None)
|
||||
|
||||
assert len(djmail.outbox) == 1
|
||||
recipients = [m.to for m in djmail.outbox]
|
||||
assert [p2.attendee_email] in recipients # for p2
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@scopes_disabled()
|
||||
def test_sendmail_rule_not_checked_in_mixed_order_position_without_email(event, order, item, item2):
|
||||
order.status = Order.STATUS_PAID
|
||||
order.save()
|
||||
p1 = order.all_positions.create(item=item, price=13, attendee_email='item1@dummy.test')
|
||||
p2 = order.all_positions.create(item=item, price=13, attendee_email='item2@dummy.test')
|
||||
order.all_positions.create(item=item, price=13) # p3
|
||||
order.all_positions.create(item=item, price=13) # p4
|
||||
clist = event.checkin_lists.create(name="Default", all_products=True)
|
||||
|
||||
# receives no mail when checked in
|
||||
djmail.outbox = []
|
||||
perform_checkin(p1, clist, {})
|
||||
assert clist.checkin_count == 1
|
||||
event.sendmail_rules.create(send_date=dt_now - datetime.timedelta(hours=1), checked_in_status="no_checkin",
|
||||
subject='meow', template='meow meow meow', send_to=Rule.ATTENDEES)
|
||||
sendmail_run_rules(None)
|
||||
|
||||
assert len(djmail.outbox) == 2
|
||||
recipients = [m.to for m in djmail.outbox]
|
||||
assert [order.email] in recipients # for p3 and p4
|
||||
assert [p2.attendee_email] in recipients # for p2
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@scopes_disabled()
|
||||
def run_restriction_test(event, order, restrictions_pass=[], restrictions_fail=[]):
|
||||
|
||||
Reference in New Issue
Block a user