include acceptor slug in log/webhook event

2026-02-20 09:02:27 +00:00 · 2026-02-18 17:35:41 +01:00
7 changed files with 34 additions and 78 deletions
--- a/src/pretix/base/exporters/orderlist.py
+++ b/src/pretix/base/exporters/orderlist.py
@@ -651,7 +651,6 @@ class OrderListExporter(MultiSheetListExporter):
            pgettext('address', 'State'),
            _('Voucher'),
            _('Voucher budget usage'),
-            _('Voucher tag'),
            _('Pseudonymization ID'),
            _('Ticket secret'),
            _('Seat ID'),
@@ -770,7 +769,6 @@ class OrderListExporter(MultiSheetListExporter):
                    op.state_for_address or '',
                    op.voucher.code if op.voucher else '',
                    op.voucher_budget_use if op.voucher_budget_use else '',
-                    op.voucher.tag if op.voucher else '',
                    op.pseudonymization_id,
                    op.secret,
                ]
--- a/src/pretix/control/templates/pretixcontrol/user/2fa_main.html
+++ b/src/pretix/control/templates/pretixcontrol/user/2fa_main.html
@@ -144,23 +144,14 @@
        </div>
        <div class="panel-body">
            <p>
-                {% blocktrans trimmed %}
-                    If you lose access to your devices, you can use one of your emergency tokens to log in.
-                    We recommend to store them in a safe place, e.g. printed out or in a password manager.
-                    Every token can be used at most once.
-                {% endblocktrans %}
+                {% trans "If you lose access to your devices, you can use one of the following keys to log in. We recommend to store them in a safe place, e.g. printed out or in a password manager. Every token can be used at most once." %}
            </p>
-            {% if static_tokens_device %}
-                <p>
-                    {% blocktrans trimmed with generation_date_time=static_tokens_device.created_at %}
-                        You generated your emergency tokens on {{ generation_date_time }}.
-                    {% endblocktrans %}
-                </p>
-            {% else %}
-                <p>
-                    {% trans "You don't have any emergency tokens yet." %}
-                </p>
-            {% endif %}
+            <p>{% trans "Unused tokens:" %}</p>
+            <ul>
+                {% for t in static_tokens %}
+                    <li><code>{{ t.token }}</code></li>
+                {% endfor %}
+            </ul>
            <a href="{% url "control:user.settings.2fa.regenemergency" %}" class="btn btn-default">
                <span class="fa fa-refresh"></span>
                {% trans "Generate new emergency tokens" %}
--- a/src/pretix/control/views/user.py
+++ b/src/pretix/control/views/user.py
@@ -49,14 +49,12 @@ from django.db import transaction
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.crypto import get_random_string
-from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.html import format_html
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django.views import View
-from django.views.decorators.cache import never_cache
 from django.views.generic import FormView, ListView, TemplateView, UpdateView
 from django_otp.plugins.otp_static.models import StaticDevice
 from django_otp.plugins.otp_totp.models import TOTPDevice
@@ -87,9 +85,8 @@ logger = logging.getLogger(__name__)


 class RecentAuthenticationRequiredMixin:
-    max_time = 900
+    max_time = 3600

-    @method_decorator(never_cache)
    def dispatch(self, request, *args, **kwargs):
        tdelta = time.time() - request.session.get('pretix_auth_login_time', 0)
        if tdelta > self.max_time:
@@ -292,13 +289,16 @@ class User2FAMainView(RecentAuthenticationRequiredMixin, TemplateView):
        ctx = super().get_context_data()

        try:
-            ctx['static_tokens_device'] = StaticDevice.objects.get(user=self.request.user, name='emergency')
+            ctx['static_tokens'] = StaticDevice.objects.get(user=self.request.user, name='emergency').token_set.all()
        except StaticDevice.MultipleObjectsReturned:
-            ctx['static_tokens_device'] = StaticDevice.objects.filter(
+            ctx['static_tokens'] = StaticDevice.objects.filter(
                user=self.request.user, name='emergency'
-            ).first()
+            ).first().token_set.all()
        except StaticDevice.DoesNotExist:
-            ctx['static_tokens_device'] = None
+            d = StaticDevice.objects.create(user=self.request.user, name='emergency')
+            for i in range(10):
+                d.token_set.create(token=get_random_string(length=12, allowed_chars='1234567890'))
+            ctx['static_tokens'] = d.token_set.all()

        ctx['devices'] = []
        for dt in REAL_DEVICE_TYPES:
@@ -631,8 +631,7 @@ class User2FARegenerateEmergencyView(RecentAuthenticationRequiredMixin, Template
        self.request.user.update_session_token()
        update_session_auth_hash(self.request, self.request.user)
        messages.success(request, _('Your emergency codes have been newly generated. Remember to store them in a safe '
-                                    'place in case you lose access to your devices. You will not be able to view them '
-                                    'again here.\n\nYour emergency codes:\n- ' + '\n- '.join(t.token for t in d.token_set.all())))
+                                    'place in case you lose access to your devices.'))
        return redirect(reverse('control:user.settings.2fa'))


--- a/src/pretix/plugins/paypal2/payment.py
+++ b/src/pretix/plugins/paypal2/payment.py
@@ -786,29 +786,23 @@ class PaypalMethod(BasePaymentProvider):
                else:
                    pp_captured_order = response.result

+                for purchaseunit in pp_captured_order.purchase_units:
+                    for capture in purchaseunit.payments.captures:
+                        try:
+                            ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=capture.id)
+                        except ReferencedPayPalObject.MultipleObjectsReturned:
+                            pass
+
+                        if capture.status != 'COMPLETED':
+                            messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as '
+                                                        'soon as the payment completed.'))
+                            payment.info = json.dumps(pp_captured_order.dict())
+                            payment.state = OrderPayment.PAYMENT_STATE_PENDING
+                            payment.save()
+                            return
+
            payment.refresh_from_db()

-            any_captures = False
-            all_captures_completed = True
-            for purchaseunit in pp_captured_order.purchase_units:
-                for capture in purchaseunit.payments.captures:
-                    try:
-                        ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=capture.id)
-                    except ReferencedPayPalObject.MultipleObjectsReturned:
-                        pass
-
-                    if capture.status != 'COMPLETED':
-                        all_captures_completed = False
-                    else:
-                        any_captures = True
-            if not (any_captures and all_captures_completed):
-                messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as '
-                                            'soon as the payment completed.'))
-                payment.info = json.dumps(pp_captured_order.dict())
-                payment.state = OrderPayment.PAYMENT_STATE_PENDING
-                payment.save()
-                return
-
            if pp_captured_order.status != 'COMPLETED':
                payment.fail(info=pp_captured_order.dict())
                logger.error('Invalid state: %s' % repr(pp_captured_order.dict()))
--- a/src/pretix/plugins/stripe/payment.py
+++ b/src/pretix/plugins/stripe/payment.py
@@ -118,7 +118,6 @@ logger = logging.getLogger('pretix.plugins.stripe')
 # - UPI: ✗
 # - Netbanking: ✗
 # - TWINT: ✓
-# - Wero: ✓ (No settings UI yet)
 #
 # Bank transfers
 # - ACH Bank Transfer: ✗
@@ -510,15 +509,6 @@ class StripeSettingsHolder(BasePaymentProvider):
                                 'before they work properly.'),
                     required=False,
                 )),
-                # Disabled for now, since still in closed Beta and only available to dedicated boarded accounts.
-                # ('method_wero',
-                #  forms.BooleanField(
-                #     label=_('Wero'),
-                #      disabled=self.event.currency not in 'EUR',
-                #      help_text=_('Some payment methods might need to be enabled in the settings of your Stripe account '
-                #                  'before they work properly.'),
-                #      required=False,
-                #  )),
            ] + extra_fields + list(super().settings_form_fields.items()) + moto_settings
        )
        if not self.settings.connect_client_id or self.settings.secret_key:
@@ -1956,15 +1946,3 @@ class StripeMobilePay(StripeRedirectMethod):
                "type": "mobilepay",
            },
        }
-
-
-class StripeWero(StripeRedirectMethod):
-    identifier = 'stripe_wero'
-    verbose_name = _('WERO via Stripe')
-    public_name = 'WERO'
-    method = 'wero'
-    confirmation_method = 'automatic'
-    explanation = _(
-        'This payment method is available to European online banking users, whose banking institutions support WERO '
-        'either through their native banking apps or through the WERO wallet app. Please have you app ready.'
-    )
--- a/src/pretix/plugins/stripe/signals.py
+++ b/src/pretix/plugins/stripe/signals.py
@@ -49,14 +49,14 @@ def register_payment_provider(sender, **kwargs):
        StripeMultibanco, StripePayByBank, StripePayPal, StripePromptPay,
        StripePrzelewy24, StripeRevolutPay, StripeSEPADirectDebit,
        StripeSettingsHolder, StripeSofort, StripeSwish, StripeTwint,
-        StripeWeChatPay, StripeWero,
+        StripeWeChatPay,
    )

    return [
        StripeSettingsHolder, StripeCC, StripeGiropay, StripeIdeal, StripeAlipay, StripeBancontact,
        StripeSofort, StripeEPS, StripeMultibanco, StripePayByBank, StripePrzelewy24, StripePromptPay, StripeRevolutPay,
        StripeWeChatPay, StripeSEPADirectDebit, StripeAffirm, StripeKlarna, StripePayPal, StripeSwish,
-        StripeTwint, StripeMobilePay, StripeWero
+        StripeTwint, StripeMobilePay
    ]


--- a/src/tests/control/test_user.py
+++ b/src/tests/control/test_user.py
@@ -339,17 +339,13 @@ class UserSettings2FATest(SoupTest):

    def test_gen_emergency(self):
        self.client.get('/control/settings/2fa/')
-        assert not StaticDevice.objects.filter(user=self.user, name='emergency').exists()
-
-        self.client.post('/control/settings/2fa/regenemergency')
        d = StaticDevice.objects.get(user=self.user, name='emergency')
        assert d.token_set.count() == 10
        old_tokens = set(t.token for t in d.token_set.all())
-
        self.client.post('/control/settings/2fa/regenemergency')
+        new_tokens = set(t.token for t in d.token_set.all())
        d = StaticDevice.objects.get(user=self.user, name='emergency')
        assert d.token_set.count() == 10
-        new_tokens = set(t.token for t in d.token_set.all())
        assert old_tokens != new_tokens

    def test_delete_u2f(self):