mirror of
https://github.com/pretix/pretix.git
synced 2026-05-03 14:54:04 +00:00
0fc2d6134f
* Add option to restrict anonymous access to order URLs By default, users who place orders while logged in can still access their order URLs without authentication. This raises potential security risks, particularly if order confirmation emails are forwarded. This commit introduces an organiser-level setting to disable anonymous access for such orders. When enabled, unauthenticated attempts to access URLs starting with `/order/`, which are intended for the customer, are redirected to the login page. Upon successful authentication, the user is redirected back to the original order URL. It is important to note that this change does not impact routes intended for attendees (e.g., `/ticket/*`), which remain accessible without authentication. * Change name of setting for future clarity Co-authored-by: Raphael Michel <mail@raphaelmichel.de> * Update message wording Co-authored-by: Raphael Michel <mail@raphaelmichel.de> * Eliminate database query Co-authored-by: Raphael Michel <mail@raphaelmichel.de> * Rename feature flag to fix breaking tests * Refactor order access verification code into `OrderDetailsMixin` * Add test for logged-in customer accessing another customer's order * Refactor order access conditions to remove nesting * Handle case where customer is not yet verified * Add additional information to help message * Fix multidomain issue Co-authored-by: Raphael Michel <mail@raphaelmichel.de> * Merge order/position variants into single tests * Add docstring explaining return type of `order` property * Apply suggestion from @raphaelm * Fix indentation --------- Co-authored-by: Raphael Michel <mail@raphaelmichel.de> Co-authored-by: Raphael Michel <michel@rami.io>
pretix ====== .. image:: https://img.shields.io/pypi/v/pretix.svg :target: https://pypi.python.org/pypi/pretix .. image:: https://github.com/pretix/pretix/workflows/Documentation/badge.svg :target: https://docs.pretix.eu/ .. image:: https://github.com/pretix/pretix/workflows/Tests/badge.svg :target: https://github.com/pretix/pretix/actions/workflows/tests.yml .. image:: https://codecov.io/gh/pretix/pretix/branch/master/graph/badge.svg :target: https://codecov.io/gh/pretix/pretix Reinventing ticket presales, one ticket at a time. Project status & release cycle ------------------------------ While there is always a lot to do and improve on, pretix by now has been in use for thousands of events conferences that sold millions of tickets combined. We therefore think of pretix as being stable and ready to use. If you want to use or extend pretix, we strongly recommend to follow our `blog`_. We will announce all releases there. You can always find the latest stable version on PyPI or in the ``release/X.Y`` branch of this repository. The ``master`` branch contains a development version that we also try to keep stable in the sense that it does not break your data, but its APIs might change without prior notice. To get started using pretix on your own server, look at the `installation guide`_ in our documentation. Support ------- This project is 100 percent free and open source software. You are welcome to ask questions in the GitHub repository. Private support via email or phone is only offered to customers of our pretix Hosted or pretix Enterprise offerings. If you are interested in commercial support, hosting services or supporting this project financially, please go to `pretix.eu`_ or contact us at support@pretix.eu. Contributing ------------ If you want to contribute to pretix, please read the `developer documentation`_ in our documentation. If you have any further questions, please do not hesitate to ask! .. image:: https://translate.pretix.eu/widgets/pretix/-/pretix/multi-blue.svg :target: https://translate.pretix.eu/engage/pretix/ Code of Conduct --------------- We have a `Code of Conduct`_ in place that applies to all project contributions, including issues, pull requests, etc. License ------- The code in this repository is covered by different licenses. Most of it is available to everyone under the terms of the GNU AGPL license v3 with additional terms. See the LICENSE file for the complete license details. .. _installation guide: https://docs.pretix.eu/self-hosting/installation/general/ .. _developer documentation: https://docs.pretix.eu/dev/development/index.html .. _Code of Conduct: https://docs.pretix.eu/dev/development/contribution/codeofconduct.html .. _pretix.eu: https://pretix.eu .. _blog: https://pretix.eu/about/en/blog/