def dispatch(self, request, *args, **kwargs):
from pretix.base.services.cart import error_messages
err = None
v = request.GET.get('voucher')
if v:
v = v.strip()
try:
self.voucher = Voucher.objects.get(code=v, event=request.event)
if self.voucher.redeemed:
err = error_messages['voucher_redeemed']
if self.voucher.valid_until is not None and self.voucher.valid_until < now():
err = error_messages['voucher_expired']
except Voucher.DoesNotExist:
err = error_messages['voucher_invalid']
else:
return redirect(eventreverse(request.event, 'presale:event.index'))
if request.event.presale_start and now() < request.event.presale_start:
err = error_messages['not_started']
if request.event.presale_end and now() > request.event.presale_end:
err = error_messages['ended']
if err:
messages.error(request, _(err))
return redirect(eventreverse(request.event, 'presale:event.index'))
return super().dispatch(request, *args, **kwargs)
def test_event_custom_domain_cache(env):
KnownDomain.objects.create(domainname='foobar', organizer=env[0])
env[0].get_cache().clear()
with assert_num_queries(1):
eventreverse(env[1], 'presale:event.index')
with assert_num_queries(0):
eventreverse(env[1], 'presale:event.index')
def _redirect_to_order(self):
if self.request.session.get('payment_stripe_order_secret') != self.order.secret:
messages.error(self.request, _('Sorry, there was an error in the payment process. Please check the link '
'in your emails to continue.'))
return redirect(eventreverse(self.request.event, 'presale:event.index'))
return redirect(eventreverse(self.request.event, 'presale:event.order', kwargs={
'order': self.order.code,
'secret': self.order.secret
}) + ('?paid=yes' if self.order.status == Order.STATUS_PAID else ''))
def url(self):
if isinstance(self.position, OrderPosition):
return eventreverse(self.event, 'presale:event.order.download.answer', kwargs={
'order': self.position.order.code,
'secret': self.position.order.secret,
'answer': self.answer.pk,
})
else:
return eventreverse(self.event, 'presale:event.cart.download.answer', kwargs={
'answer': self.answer.pk,
})
def get_order_url(self, order):
payment = order.payments.first()
if not payment:
return eventreverse(self.request.event, 'presale:event.order', kwargs={
'order': order.code,
'secret': order.secret,
}) + '?thanks=1'
return eventreverse(self.request.event, 'presale:event.order.pay.complete', kwargs={
'order': order.code,
'secret': order.secret,
'payment': payment.pk
})
def get_order_url(self, order):
payment = order.payments.filter(state__in=[OrderPayment.PAYMENT_STATE_CREATED, OrderPayment.PAYMENT_STATE_PENDING]).first()
if not payment:
return eventreverse(self.request.event, 'presale:event.order', kwargs={
'order': order.code,
'secret': order.secret,
}) + '?thanks=1'
return eventreverse(self.request.event, 'presale:event.order.pay.complete', kwargs={
'order': order.code,
'secret': order.secret,
'payment': payment.pk
})
def abort(request, *args, **kwargs):
messages.error(request, _('It looks like you canceled the PayPal payment'))
if request.session.get('payment_paypal_payment'):
payment = OrderPayment.objects.get(pk=request.session.get('payment_paypal_payment'))
else:
payment = None
if payment:
return redirect(eventreverse(request.event, 'presale:event.order', kwargs={
'order': payment.order.code,
'secret': payment.order.secret
}) + ('?paid=yes' if payment.order.status == Order.STATUS_PAID else ''))
else:
return redirect(eventreverse(request.event, 'presale:event.checkout', kwargs={'step': 'payment'}))
def abort(request, organizer=None, event=None):
messages.error(request, _('It looks like you cancelled the PayPal payment'))
try:
event = Event.objects.get(id=request.session['payment_paypal_event'])
return redirect(eventreverse(event, 'presale:event.checkout', kwargs={'step': 'payment'}))
except Event.DoesNotExist:
pass # TODO: Handle this
def retry(request, order):
try:
order = Order.objects.current.get(
user=request.user,
code=order,
)
except Order.DoesNotExist:
return # TODO: Handle this
provider = Paypal(order.event)
provider.init_api()
if 'token' in request.GET:
if 'PayerID' in request.GET:
payment = paypalrestsdk.Payment.find(request.session.get('payment_paypal_id'))
provider._execute_payment(payment, request, order)
else:
messages.error(request, _('It looks like you cancelled the PayPal payment'))
else:
payment = paypalrestsdk.Payment({
'intent': 'sale',
'payer': {
"payment_method": "paypal",
},
"redirect_urls": {
"return_url": build_absolute_uri('plugins:paypal:retry', kwargs={
'order': order.code
}),
"cancel_url": build_absolute_uri('plugins:paypal:retry', kwargs={
'order': order.code
}),
},
"transactions": [
{
"item_list": {
"items": [
{
"name": 'Order %s' % order.code,
"quantity": 1,
"price": str(order.total),
"currency": order.event.currency
}
]
},
"amount": {
"currency": order.event.currency,
"total": str(order.total)
},
"description": __('Event tickets for %s') % order.event.name
}
]
})
resp = provider._create_payment(request, payment)
if resp:
return redirect(resp)
return redirect(eventreverse(order.event, 'presale:event.order', kwargs={
'order': order.code,
'secret': order.secret
}) + '?paid=yes')
def render(self, context):
from pretix.multidomain.urlreverse import eventreverse
kwargs = {
smart_text(k, 'ascii'): v.resolve(context)
for k, v in self.kwargs.items()
}
view_name = self.view_name.resolve(context)
event = self.event.resolve(context)
url = ''
try:
if self.absolute:
url = build_absolute_uri(event, view_name, kwargs=kwargs)
else:
url = eventreverse(event, view_name, kwargs=kwargs)
except NoReverseMatch:
if self.asvar is None:
raise
if self.asvar:
context[self.asvar] = url
return ''
else:
if context.autoescape:
url = conditional_escape(url)
return url
def post(self, request, *args, **kwargs):
if not self.link_form.is_valid():
messages.error(self.request, _('We had difficulties processing your input.'))
return self.get(request, *args, **kwargs)
user = self.link_form.cleaned_data.get('email')
if settings.HAS_REDIS:
from django_redis import get_redis_connection
rc = get_redis_connection("redis")
if rc.exists('pretix_resend_{}'.format(user)):
messages.error(request, _('We already sent you an email in the last 24 hours.'))
return redirect(eventreverse(self.request.event, 'presale:event.resend_link'))
else:
rc.setex('pretix_resend_{}'.format(user), 3600 * 24, '1')
orders = self.request.event.orders.filter(email__iexact=user)
order_context = []
for order in orders:
url = build_absolute_uri(
self.request.event,
'presale:event.order',
kwargs={'order': order.code, 'secret': order.secret}
)
order_context.append(' - {} - {}'.format(order, url))
if not orders:
user = INVALID_ADDRESS
subject = _('Your orders for {}'.format(self.request.event))
template = self.request.event.settings.mail_text_resend_all_links
context = {
'orders': '\n'.join(order_context),
'event': self.request.event,
}
try:
mail(user, subject, template, context, event=self.request.event, locale=self.request.LANGUAGE_CODE)
except SendMailException:
logger = logging.getLogger('pretix.presale.user')
logger.exception('A mail resending order links to {} could not be sent.'.format(user))
messages.error(self.request, _('We have trouble sending emails right now, please check back later.'))
return self.get(request, *args, **kwargs)
messages.success(self.request, _('If there were any orders by this user, they will receive an email with their order codes.'))
return redirect(eventreverse(self.request.event, 'presale:event.index'))
def get_prev_url(self, request):
prev = self.get_prev_applicable(request)
if not prev:
kwargs = {}
if request.resolver_match and 'cart_namespace' in request.resolver_match.kwargs:
kwargs['cart_namespace'] = request.resolver_match.kwargs['cart_namespace']
return eventreverse(self.request.event, 'presale:event.index', kwargs=kwargs)
else:
return prev.get_step_url(request)
def get(self, request, *args, **kwargs):
from pretix.presale.views.cart import get_or_create_cart_id
self.subevent = None
if request.GET.get('src', '') == 'widget' and 'take_cart_id' in request.GET:
# User has clicked "Open in a new tab" link in widget
get_or_create_cart_id(request)
return redirect(eventreverse(request.event, 'presale:event.index', kwargs=kwargs))
elif request.GET.get('iframe', '') == '1' and 'take_cart_id' in request.GET:
# Widget just opened, a cart already exists. Let's to a stupid redirect to check if cookies are disabled
get_or_create_cart_id(request)
return redirect(eventreverse(request.event, 'presale:event.index', kwargs=kwargs) + '?require_cookie=true&cart_id={}'.format(
request.GET.get('take_cart_id')
))
elif request.GET.get('iframe', '') == '1' and len(self.request.GET.get('widget_data', '{}')) > 3:
# We've been passed data from a widget, we need to create a cart session to store it.
get_or_create_cart_id(request)
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported
r = render(request, 'pretixpresale/event/cookies.html', {
'url': eventreverse(
request.event, "presale:event.index", kwargs={'cart_namespace': kwargs.get('cart_namespace') or ''}
) + (
"?src=widget&take_cart_id={}".format(request.GET.get('cart_id'))
if "cart_id" in request.GET else ""
)
})
r._csp_ignore = True
return r
if request.event.has_subevents:
if 'subevent' in kwargs:
self.subevent = request.event.subevents.using(settings.DATABASE_REPLICA).filter(pk=kwargs['subevent'], active=True).first()
if not self.subevent:
raise Http404()
return super().get(request, *args, **kwargs)
else:
return super().get(request, *args, **kwargs)
else:
if 'subevent' in kwargs:
return redirect(self.get_index_url())
else:
return super().get(request, *args, **kwargs)
def success(request, *args, **kwargs):
pid = request.GET.get('paymentId')
token = request.GET.get('token')
payer = request.GET.get('PayerID')
request.session['payment_paypal_token'] = token
request.session['payment_paypal_payer'] = payer
urlkwargs = {}
if 'cart_namespace' in kwargs:
urlkwargs['cart_namespace'] = kwargs['cart_namespace']
if request.session.get('payment_paypal_payment'):
payment = OrderPayment.objects.get(pk=request.session.get('payment_paypal_payment'))
else:
payment = None
if pid == request.session.get('payment_paypal_id', None):
if payment:
prov = Paypal(request.event)
try:
resp = prov.execute_payment(request, payment)
except PaymentException as e:
messages.error(request, str(e))
urlkwargs['step'] = 'payment'
return redirect(eventreverse(request.event, 'presale:event.checkout', kwargs=urlkwargs))
if resp:
return resp
else:
messages.error(request, _('Invalid response from PayPal received.'))
logger.error('Session did not contain payment_paypal_id')
urlkwargs['step'] = 'payment'
return redirect(eventreverse(request.event, 'presale:event.checkout', kwargs=urlkwargs))
if payment:
return redirect(eventreverse(request.event, 'presale:event.order', kwargs={
'order': payment.order.code,
'secret': payment.order.secret
}) + ('?paid=yes' if payment.order.status == Order.STATUS_PAID else ''))
else:
urlkwargs['step'] = 'confirm'
return redirect(eventreverse(request.event, 'presale:event.checkout', kwargs=urlkwargs))
def add_subevents_for_days(qs, before, after, ebd, timezones, event=None, cart_namespace=None):
qs = qs.filter(active=True).filter(
Q(Q(date_to__gte=before) & Q(date_from__lte=after)) |
Q(Q(date_from__lte=after) & Q(date_to__gte=before)) |
Q(Q(date_to__isnull=True) & Q(date_from__gte=before) & Q(date_from__lte=after))
).order_by(
'date_from'
)
for se in qs:
kwargs = {'subevent': se.pk}
if cart_namespace:
kwargs['cart_namespace'] = cart_namespace
settings = event.settings if event else se.event.settings
timezones.add(settings.timezones)
tz = pytz.timezone(settings.timezone)
datetime_from = se.date_from.astimezone(tz)
date_from = datetime_from.date()
if se.event.settings.show_date_to and se.date_to:
date_to = se.date_to.astimezone(tz).date()
d = max(date_from, before.date())
while d <= date_to and d <= after.date():
first = d == date_from
ebd[d].append({
'continued': not first,
'timezone': settings.timezone,
'time': datetime_from.time().replace(tzinfo=None) if first and settings.show_times else None,
'event': se,
'url': eventreverse(se.event, 'presale:event.index', kwargs=kwargs)
})
d += timedelta(days=1)
else:
ebd[date_from].append({
'event': se,
'continued': False,
'time': datetime_from.time().replace(tzinfo=None) if se.event.settings.show_times else None,
'url': eventreverse(se.event, 'presale:event.index', kwargs=kwargs),
'timezone': se.event.settings.timezone,
})
def add_events_for_days(request, baseqs, before, after, ebd, timezones):
qs = baseqs.filter(is_public=True, live=True, has_subevents=False).filter(
Q(Q(date_to__gte=before) & Q(date_from__lte=after)) |
Q(Q(date_from__lte=after) & Q(date_to__gte=before)) |
Q(Q(date_to__isnull=True) & Q(date_from__gte=before) & Q(date_from__lte=after))
).order_by(
'date_from'
).prefetch_related(
'_settings_objects', 'organizer___settings_objects'
)
if hasattr(request, 'organizer'):
qs = filter_qs_by_attr(qs, request)
for event in qs:
timezones.add(event.settings.timezones)
tz = pytz.timezone(event.settings.timezone)
datetime_from = event.date_from.astimezone(tz)
date_from = datetime_from.date()
if event.settings.show_date_to and event.date_to:
date_to = event.date_to.astimezone(tz).date()
d = max(date_from, before.date())
while d <= date_to and d <= after.date():
first = d == date_from
ebd[d].append({
'event': event,
'continued': not first,
'time': datetime_from.time().replace(tzinfo=None) if first and event.settings.show_times else None,
'url': eventreverse(event, 'presale:event.index'),
'timezone': event.settings.timezone,
})
d += timedelta(days=1)
else:
ebd[date_from].append({
'event': event,
'continued': False,
'time': datetime_from.time().replace(tzinfo=None) if event.settings.show_times else None,
'url': eventreverse(event, 'presale:event.index'),
'timezone': event.settings.timezone,
})
def success(request, organizer=None, event=None):
pid = request.GET.get('paymentId')
token = request.GET.get('token')
payer = request.GET.get('PayerID')
if pid == request.session.get('payment_paypal_id', None):
request.session['payment_paypal_token'] = token
request.session['payment_paypal_payer'] = payer
try:
event = Event.objects.get(id=request.session['payment_paypal_event'])
if request.session.get('payment_paypal_order'):
prov = Paypal(event)
order = Order.objects.get(pk=request.session.get('payment_paypal_order'))
resp = prov.payment_perform(request, order)
return redirect(resp or eventreverse(event, 'presale:event.order', kwargs={
'order': order.code,
'secret': order.secret
}) + '?paid=yes')
return redirect(eventreverse(event, 'presale:event.checkout', kwargs={'step': 'confirm'}))
except Event.DoesNotExist:
pass # TODO: Handle this
else:
pass # TODO: Handle this
def success(request):
pid = request.GET.get('paymentId')
token = request.GET.get('token')
payer = request.GET.get('PayerID')
if pid == request.session['payment_paypal_id']:
request.session['payment_paypal_token'] = token
request.session['payment_paypal_payer'] = payer
try:
event = Event.objects.current.get(identity=request.session['payment_paypal_event'])
return redirect(eventreverse(event, 'presale:event.checkout', kwargs={'step': 'confirm'}))
except Event.DoesNotExist:
pass # TODO: Handle this
else:
pass # TODO: Handle this
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['voucher'] = self.voucher
context['max_times'] = self.voucher.max_usages - self.voucher.redeemed
# Fetch all items
items, display_add_to_cart = get_grouped_items(self.request.event, self.subevent,
voucher=self.voucher, channel=self.request.sales_channel)
# Calculate how many options the user still has. If there is only one option, we can
# check the box right away ;)
context['options'] = sum([(len(item.available_variations) if item.has_variations else 1)
for item in items])
# Regroup those by category
context['items_by_category'] = item_group_by_category(items)
context['subevent'] = self.subevent
context['new_tab'] = (
'require_cookie' in self.request.GET and
settings.SESSION_COOKIE_NAME not in self.request.COOKIES
# Cookies are not supported! Lets just make the form open in a new tab
)
if self.request.event.settings.redirect_to_checkout_directly:
context['cart_redirect'] = eventreverse(self.request.event, 'presale:event.checkout.start',
kwargs={'cart_namespace': kwargs.get('cart_namespace') or ''})
else:
context['cart_redirect'] = eventreverse(self.request.event, 'presale:event.index',
kwargs={'cart_namespace': kwargs.get('cart_namespace') or ''})
if context['cart_redirect'].startswith('https:'):
context['cart_redirect'] = '/' + context['cart_redirect'].split('/', 3)[3]
return context
def get(self, request, *args, **kwargs):
if request.GET.get('iframe', '') == '1' and 'require_cookie' not in request.GET:
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
return redirect(request.get_full_path() + '&require_cookie=true')
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
# cookies.
r = render(request, 'pretixpresale/event/cookies.html', {
'url': eventreverse(
request.event, "presale:event.waitinglist", kwargs={'cart_namespace': kwargs.get('cart_namespace')}
) + '?' + url_replace(request, 'require_cookie', '', 'iframe', '')
})
r._csp_ignore = True
return r
return super().get(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
prov = self.pprov
prov._init_api()
src = stripe.Source.retrieve(request.GET.get('source'), **prov.api_kwargs)
if src.client_secret != request.GET.get('client_secret'):
messages.error(self.request, _('Sorry, there was an error in the payment process. Please check the link '
'in your emails to continue.'))
return redirect(eventreverse(self.request.event, 'presale:event.index'))
with transaction.atomic():
self.order.refresh_from_db()
self.payment.refresh_from_db()
if self.payment.state == OrderPayment.PAYMENT_STATE_CONFIRMED:
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
return self._redirect_to_order()
if src.status == 'chargeable':
try:
prov._charge_source(request, src.id, self.payment)
except PaymentException as e:
messages.error(request, str(e))
return self._redirect_to_order()
finally:
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
elif src.status == 'consumed':
# Webhook was faster, wow! ;)
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
return self._redirect_to_order()
elif src.status == 'pending':
self.payment.state = OrderPayment.PAYMENT_STATE_PENDING
self.payment.info = str(src)
self.payment.save()
else: # failed or canceled
self.payment.state = OrderPayment.PAYMENT_STATE_FAILED
self.payment.info = str(src)
self.payment.save()
self.payment.order.log_action('pretix.event.order.payment.failed', {
'local_id': self.payment.local_id,
'provider': self.payment.provider,
'info': str(src)
})
messages.error(self.request, _('We had trouble authorizing your card payment. Please try again and '
'get in touch with us if this problem persists.'))
return self._redirect_to_order()
def get_next_url(self):
if "next" in self.request.GET and is_safe_url(self.request.GET.get("next"), allowed_hosts=None):
u = self.request.GET.get('next')
else:
kwargs = {}
if 'cart_namespace' in self.kwargs:
kwargs['cart_namespace'] = self.kwargs['cart_namespace']
u = eventreverse(self.request.event, 'presale:event.index', kwargs=kwargs)
if '?' in u:
u += '&require_cookie=true'
else:
u += '?require_cookie=true'
disclose_cart_id = (
'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME not in self.request.COOKIES
) and self.kwargs.get('cart_namespace')
if disclose_cart_id:
cart_id = get_or_create_cart_id(self.request)
u += '&cart_id={}'.format(cart_id)
return u
def post(self, request, *args, **kwargs):
s = SessionStore(request.POST.get('session'))
try:
data = s.load()
except:
raise PermissionDenied(_('Please go back and try again.'))
parent = data.get('pretix_event_access_{}'.format(request.event.pk))
sparent = SessionStore(parent)
try:
parentdata = sparent.load()
except:
raise PermissionDenied(_('Please go back and try again.'))
else:
if 'event_access' not in parentdata:
raise PermissionDenied(_('Please go back and try again.'))
request.session['pretix_event_access_{}'.format(request.event.pk)] = parent
return redirect(eventreverse(request.event, 'presale:event.index'))
def get_next_url(self):
if "next" in self.request.GET and is_safe_url(
self.request.GET.get("next"), allowed_hosts=None):
u = self.request.GET.get('next')
else:
kwargs = {}
if 'cart_namespace' in self.kwargs:
kwargs['cart_namespace'] = self.kwargs['cart_namespace']
u = eventreverse(self.request.event,
'presale:event.index',
kwargs=kwargs)
if '?' in u:
u += '&require_cookie=true'
else:
u += '?require_cookie=true'
disclose_cart_id = (
'iframe' in self.request.GET or settings.SESSION_COOKIE_NAME
not in self.request.COOKIES) and self.kwargs.get('cart_namespace')
if disclose_cart_id:
cart_id = get_or_create_cart_id(self.request)
u += '&cart_id={}'.format(cart_id)
return u
def post(self, request, *args, **kwargs):
s = SessionStore(request.POST.get('session'))
try:
data = s.load()
except:
raise PermissionDenied(_('Please go back and try again.'))
parent = data.get('pretix_event_access_{}'.format(request.event.pk))
sparent = SessionStore(parent)
try:
parentdata = sparent.load()
except:
raise PermissionDenied(_('Please go back and try again.'))
else:
if 'event_access' not in parentdata:
raise PermissionDenied(_('Please go back and try again.'))
request.session['pretix_event_access_{}'.format(
request.event.pk)] = parent
return redirect(eventreverse(request.event, 'presale:event.index'))
def dispatch(self, request, *args, **kwargs):
self.request = request
if not self.positions and "async_id" not in request.GET:
messages.error(request, _("Your cart is empty"))
return redirect(eventreverse(self.request.event, 'presale:event.index'))
flow = get_checkout_flow(self.request.event)
for step in flow:
if not step.is_applicable(request):
continue
if 'step' not in kwargs:
return redirect(step.get_step_url())
is_selected = (step.identifier == kwargs.get('step', ''))
if "async_id" not in request.GET and not is_selected and not step.is_completed(request, warn=not is_selected):
return redirect(step.get_step_url())
if is_selected:
if request.method.lower() in self.http_method_names:
handler = getattr(step, request.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
return handler(request)
raise Http404()
def confirm_messages(sender, *args, **kwargs):
cached = sender.cache.get('pages_confirm_messages_' + get_language())
if cached is None:
pages = list(
Page.objects.filter(event=sender, require_confirmation=True))
if pages:
cached = {
'pages':
_('I have read and agree with the content of the following pages: {plist}'
).format(plist=', '.join([
'<a href="{url}" target="_blank">{title}</a>'.format(
title=str(p.title),
url=eventreverse(sender,
'plugins:pretix_pages:show',
kwargs={'slug': p.slug}))
for p in pages
]))
}
else:
cached = {}
sender.cache.set('pages_confirm_messages_' + get_language(), cached)
return cached
def get(self, request, *args, **kwargs):
prov = self.pprov
prov._init_api()
src = stripe.Source.retrieve(request.GET.get('source'),
**prov.api_kwargs)
if src.client_secret != request.GET.get('client_secret'):
messages.error(
self.request,
_('Sorry, there was an error in the payment process. Please check the link '
'in your emails to continue.'))
return redirect(
eventreverse(self.request.event, 'presale:event.index'))
with transaction.atomic():
self.order.refresh_from_db()
self.payment.refresh_from_db()
if self.payment.state == OrderPayment.PAYMENT_STATE_CONFIRMED:
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
return self._redirect_to_order()
if src.status == 'chargeable':
try:
prov._charge_source(request, src.id, self.payment)
except PaymentException as e:
messages.error(request, str(e))
return self._redirect_to_order()
finally:
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
else:
self.payment.state = OrderPayment.PAYMENT_STATE_FAILED
self.payment.info = str(src)
self.payment.save()
messages.error(
self.request,
_('We had trouble authorizing your card payment. Please try again and '
'get in touch with us if this problem persists.'))
return self._redirect_to_order()
def get_next_page(self):
if getattr(self.request, 'event_domain', False):
next_page = '/'
else:
next_page = eventreverse(self.request.organizer,
'presale:organizer.index',
kwargs={})
if (self.redirect_field_name in self.request.POST
or self.redirect_field_name in self.request.GET):
next_page = self.request.POST.get(
self.redirect_field_name,
self.request.GET.get(self.redirect_field_name))
url_is_safe = url_has_allowed_host_and_scheme(
url=next_page,
allowed_hosts=None,
require_https=self.request.is_secure(),
)
# Security check -- Ensure the user-originating redirection URL is
# safe.
if not url_is_safe:
next_page = self.request.path
return next_page
def get(self, request, *args, **kwargs):
if request.GET.get('iframe',
'') == '1' and 'require_cookie' not in request.GET:
# Widget just opened. Let's to a stupid redirect to check if cookies are disabled
return redirect(request.get_full_path() + '&require_cookie=true')
elif 'require_cookie' in request.GET and settings.SESSION_COOKIE_NAME not in request.COOKIES:
# Cookies are in fact not supported. We can't even display the form, since we can't get CSRF right without
# cookies.
r = render(
request, 'pretixpresale/event/cookies.html', {
'url':
eventreverse(request.event,
"presale:event.waitinglist",
kwargs={
'cart_namespace':
kwargs.get('cart_namespace')
}) + '?' +
url_replace(request, 'require_cookie', '', 'iframe', '')
})
r._csp_ignore = True
return r
return super().get(request, *args, **kwargs)
def get_success_url(self):
url = self.get_redirect_url()
if not url:
return eventreverse(self.request.organizer,
'presale:organizer.customer.profile',
kwargs={})
if self.request.GET.get(
"request_cross_domain_customer_auth") == "true":
otpstore = SessionStore()
otpstore[
f'customer_cross_domain_auth_{self.request.organizer.pk}'] = self.request.session.session_key
otpstore.set_expiry(60)
otpstore.save(must_create=True)
otp = otpstore.session_key
u = urlparse(url)
qsl = parse_qs(u.query)
qsl['cross_domain_customer_auth'] = otp
url = urlunparse((u.scheme, u.netloc, u.path, u.params,
urlencode(qsl, doseq=True), u.fragment))
return url
def dispatch(self, request, *args, **kwargs):
self.request = request
has_cart = CartPosition.objects.filter(
cart_id=self.request.session.session_key, event=self.request.event).exists()
if not has_cart and "async_id" not in request.GET:
messages.error(request, _("Your cart is empty"))
return redirect(eventreverse(self.request.event, 'presale:event.index'))
flow = get_checkout_flow(self.request.event)
for step in flow:
if not step.is_applicable(request):
continue
if 'step' not in kwargs:
return redirect(step.get_step_url())
is_selected = (step.identifier == kwargs.get('step', ''))
if "async_id" not in request.GET and not is_selected and not step.is_completed(request, warn=not is_selected):
return redirect(step.get_step_url())
if is_selected:
if request.method.lower() in self.http_method_names:
handler = getattr(step, request.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
return handler(request)
raise Http404()
def get_self_url(self):
return eventreverse(self.request.event,
'presale:event.order.download' if 'position' in self.kwargs
else 'presale:event.order.download.combined',
kwargs=self.kwargs)
def get_next_url(self):
if "next" in self.request.GET and '://' not in self.request.GET.get(
'next'):
return self.request.GET.get('next')
else:
return eventreverse(self.request.event, 'presale:event.index')
def get_self_url(self):
return eventreverse(self.request.event,
'presale:event.order.position.download',
kwargs=self.kwargs)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
# Show voucher option if an event is selected and vouchers exist
vouchers_exist = self.request.event.cache.get('vouchers_exist')
if vouchers_exist is None:
vouchers_exist = self.request.event.vouchers.exists()
self.request.event.cache.set('vouchers_exist', vouchers_exist)
if not self.request.event.has_subevents or self.subevent:
# Fetch all items
items, display_add_to_cart = get_grouped_items(
self.request.event,
self.subevent,
filter_items=self.request.GET.getlist('item'),
filter_categories=self.request.GET.getlist('category'),
channel=self.request.sales_channel.identifier)
context['itemnum'] = len(items)
context['allfree'] = all(
item.display_price.gross == Decimal('0.00')
for item in items if not item.has_variations) and all(
all(var.display_price.gross == Decimal('0.00')
for var in item.available_variations)
for item in items if item.has_variations)
# Regroup those by category
context['items_by_category'] = item_group_by_category(items)
context['display_add_to_cart'] = display_add_to_cart
context['show_vouchers'] = vouchers_exist
context['vouchers_exist'] = vouchers_exist
else:
context['show_vouchers'] = False
context['vouchers_exist'] = vouchers_exist
context['ev'] = self.subevent or self.request.event
context['subevent'] = self.subevent
context['cart'] = self.get_cart()
context['has_addon_choices'] = get_cart(
self.request).filter(item__addons__isnull=False).exists()
if self.subevent:
context['frontpage_text'] = str(self.subevent.frontpage_text)
else:
context['frontpage_text'] = str(
self.request.event.settings.frontpage_text)
context['list_type'] = self.request.GET.get(
"style", self.request.event.settings.event_list_type)
if context['list_type'] not in (
"calendar",
"week") and self.request.event.subevents.count() > 100:
if self.request.event.settings.event_list_type not in ("calendar",
"week"):
self.request.event.settings.event_list_type = "calendar"
context['list_type'] = "calendar"
if context[
'list_type'] == "calendar" and self.request.event.has_subevents:
self._set_month_year()
tz = pytz.timezone(self.request.event.settings.timezone)
_, ndays = calendar.monthrange(self.year, self.month)
before = datetime(self.year, self.month, 1, 0, 0, 0,
tzinfo=tz) - timedelta(days=1)
after = datetime(self.year, self.month, ndays, 0, 0, 0,
tzinfo=tz) + timedelta(days=1)
context['date'] = date(self.year, self.month, 1)
context['before'] = before
context['after'] = after
ebd = defaultdict(list)
add_subevents_for_days(
filter_qs_by_attr(
self.request.event.subevents_annotated(
self.request.sales_channel.identifier).using(
settings.DATABASE_REPLICA), self.request), before,
after, ebd, set(), self.request.event,
kwargs.get('cart_namespace'))
context['show_names'] = ebd.get(
'_subevents_different_names', False) or sum(
len(i) for i in ebd.values() if isinstance(i, list)) < 2
context['weeks'] = weeks_for_template(ebd, self.year, self.month)
context['months'] = [date(self.year, i + 1, 1) for i in range(12)]
context['years'] = range(now().year - 2, now().year + 3)
elif context[
'list_type'] == "week" and self.request.event.has_subevents:
self._set_week_year()
tz = pytz.timezone(self.request.event.settings.timezone)
week = isoweek.Week(self.year, self.week)
before = datetime(week.monday().year,
week.monday().month,
week.monday().day,
0,
0,
0,
tzinfo=tz) - timedelta(days=1)
after = datetime(week.sunday().year,
week.sunday().month,
week.sunday().day,
0,
0,
0,
tzinfo=tz) + timedelta(days=1)
context['date'] = week.monday()
context['before'] = before
context['after'] = after
ebd = defaultdict(list)
add_subevents_for_days(
filter_qs_by_attr(
self.request.event.subevents_annotated(
self.request.sales_channel.identifier).using(
settings.DATABASE_REPLICA), self.request), before,
after, ebd, set(), self.request.event,
kwargs.get('cart_namespace'))
context['show_names'] = ebd.get(
'_subevents_different_names', False) or sum(
len(i) for i in ebd.values() if isinstance(i, list)) < 2
context['days'] = days_for_template(ebd, week)
context['weeks'] = [date(self.year, i + 1, 1) for i in range(12)]
context['weeks'] = [i + 1 for i in range(53)]
context['years'] = range(now().year - 2, now().year + 3)
context['week_format'] = get_format('WEEK_FORMAT')
if context['week_format'] == 'WEEK_FORMAT':
context['week_format'] = WEEK_FORMAT
elif self.request.event.has_subevents:
context['subevent_list'] = self.request.event.subevents_sorted(
filter_qs_by_attr(
self.request.event.subevents_annotated(
self.request.sales_channel.identifier).using(
settings.DATABASE_REPLICA), self.request))
context['show_cart'] = (context['cart']['positions']
and (self.request.event.has_subevents
or self.request.event.presale_is_running))
if self.request.event.settings.redirect_to_checkout_directly:
context['cart_redirect'] = eventreverse(
self.request.event,
'presale:event.checkout.start',
kwargs={'cart_namespace': kwargs.get('cart_namespace') or ''})
if context['cart_redirect'].startswith('https:'):
context[
'cart_redirect'] = '/' + context['cart_redirect'].split(
'/', 3)[3]
else:
context['cart_redirect'] = self.request.path
return context
def get_success_url(self):
return eventreverse(self.request.organizer, 'presale:organizer.customer.profile', kwargs={})
def test_event_custom_domain_front_page(env):
KnownDomain.objects.create(domainname='foobar', organizer=env[0])
assert eventreverse(env[1], 'presale:event.index') == 'http://foobar/2015/'
assert eventreverse(env[0], 'presale:organizer.index') == 'http://foobar/'
def test_event_main_domain_kwargs(env):
assert eventreverse(env[1], 'presale:event.checkout',
{'step': 'payment'}) == '/mrmcd/2015/checkout/payment/'
def test_event_custom_domain_kwargs(env):
KnownDomain.objects.create(domainname='foobar', organizer=env[0])
assert eventreverse(
env[1], 'presale:event.checkout',
{'step': 'payment'}) == 'http://foobar/2015/checkout/payment/'
def test_event_main_domain_front_page(env):
assert eventreverse(env[1], 'presale:event.index') == '/mrmcd/2015/'
assert eventreverse(env[0], 'presale:organizer.index') == '/mrmcd/'
def get(self, request, *args, **kwargs):
hashes = request.session.get('pretix_unlock_hashes', [])
hashes.append(kwargs.get('hash'))
request.session['pretix_unlock_hashes'] = hashes
return redirect(eventreverse(self.request.event,
'presale:event.index'))
def get_prev_url(self, request):
prev = self.get_prev_applicable(request)
if not prev:
return eventreverse(self.event, 'presale:event.index')
else:
return prev.get_step_url()
def get_order_url(self):
return eventreverse(
self.request.event, "presale:event.order", kwargs={"order": self.order.code, "secret": self.order.secret}
)
def get_index_url(self):
kwargs = {}
if 'cart_namespace' in self.kwargs:
kwargs['cart_namespace'] = self.kwargs['cart_namespace']
return eventreverse(self.request.event, 'presale:event.index', kwargs=kwargs)
def test_event_custom_domain_keep_scheme(env):
settings.SITE_URL = 'https://example.com'
KnownDomain.objects.create(domainname='foobar', organizer=env[0])
assert eventreverse(env[1],
'presale:event.index') == 'https://foobar/2015/'
def get_success_url(self):
url = self.get_redirect_url()
return url or eventreverse(self.request.organizer, 'presale:organizer.customer.login', kwargs={})
def test_event_main_domain_cache(env):
env[0].get_cache().clear()
with assert_num_queries(1):
eventreverse(env[1], 'presale:event.index')
with assert_num_queries(0):
eventreverse(env[1], 'presale:event.index')
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
if not self.request.event.has_subevents or self.subevent:
# Fetch all items
items, display_add_to_cart = get_grouped_items(
self.request.event,
self.subevent,
channel=self.request.sales_channel.identifier)
context['itemnum'] = len(items)
# Regroup those by category
context['items_by_category'] = item_group_by_category(items)
context['display_add_to_cart'] = display_add_to_cart
# Show voucher option if an event is selected and vouchers exist
vouchers_exist = self.request.event.cache.get('vouchers_exist')
if vouchers_exist is None:
vouchers_exist = self.request.event.vouchers.exists()
self.request.event.cache.set('vouchers_exist', vouchers_exist)
context['show_vouchers'] = vouchers_exist
else:
context['show_vouchers'] = False
context['ev'] = self.subevent or self.request.event
context['subevent'] = self.subevent
context['cart'] = self.get_cart()
context['has_addon_choices'] = get_cart(
self.request).filter(item__addons__isnull=False).exists()
if self.subevent:
context['frontpage_text'] = str(self.subevent.frontpage_text)
else:
context['frontpage_text'] = str(
self.request.event.settings.frontpage_text)
context['list_type'] = self.request.GET.get(
"style", self.request.event.settings.event_list_type)
if context['list_type'] == "calendar":
self._set_month_year()
tz = pytz.timezone(self.request.event.settings.timezone)
_, ndays = calendar.monthrange(self.year, self.month)
before = datetime(self.year, self.month, 1, 0, 0, 0,
tzinfo=tz) - timedelta(days=1)
after = datetime(self.year, self.month, ndays, 0, 0, 0,
tzinfo=tz) + timedelta(days=1)
context['date'] = date(self.year, self.month, 1)
context['before'] = before
context['after'] = after
ebd = defaultdict(list)
add_subevents_for_days(
filter_qs_by_attr(
self.request.event.subevents_annotated(
self.request.sales_channel.identifier).using(
settings.DATABASE_REPLICA), self.request), before,
after, ebd, set(), self.request.event,
kwargs.get('cart_namespace'))
context['weeks'] = weeks_for_template(ebd, self.year, self.month)
context['months'] = [date(self.year, i + 1, 1) for i in range(12)]
context['years'] = range(now().year - 2, now().year + 3)
else:
context['subevent_list'] = self.request.event.subevents_sorted(
filter_qs_by_attr(
self.request.event.subevents_annotated(
self.request.sales_channel.identifier).using(
settings.DATABASE_REPLICA), self.request))
context['show_cart'] = (context['cart']['positions']
and (self.request.event.has_subevents
or self.request.event.presale_is_running))
context['show_dates'] = (self.request.event.has_subevents
and ('cart_namespace' not in self.kwargs
or not self.subevent))
if self.request.event.settings.redirect_to_checkout_directly:
context['cart_redirect'] = eventreverse(
self.request.event,
'presale:event.checkout.start',
kwargs={'cart_namespace': kwargs.get('cart_namespace') or ''})
if context['cart_redirect'].startswith('https:'):
context[
'cart_redirect'] = '/' + context['cart_redirect'].split(
'/', 3)[3]
else:
context['cart_redirect'] = self.request.path
return context
def add_subevents_for_days(qs, before, after, ebd, timezones, event=None, cart_namespace=None, voucher=None):
qs = qs.filter(active=True, is_public=True).filter(
Q(Q(date_to__gte=before) & Q(date_from__lte=after)) |
Q(Q(date_from__lte=after) & Q(date_to__gte=before)) |
Q(Q(date_to__isnull=True) & Q(date_from__gte=before) & Q(date_from__lte=after))
).order_by(
'date_from'
)
quotas_to_compute = []
for se in qs:
if se.presale_is_running:
quotas_to_compute += se.active_quotas
name = None
qcache = {}
if quotas_to_compute:
qa = QuotaAvailability()
qa.queue(*quotas_to_compute)
qa.compute(allow_cache=True)
qcache.update(qa.results)
for se in qs:
if qcache:
se._quota_cache = qcache
kwargs = {'subevent': se.pk}
if cart_namespace:
kwargs['cart_namespace'] = cart_namespace
s = event.settings if event else se.event.settings
if s.event_list_available_only:
hide = se.presale_has_ended or (
(not voucher or not voucher.allow_ignore_quota) and
se.best_availability_state is not None and
se.best_availability_state < Quota.AVAILABILITY_RESERVED
)
if hide:
continue
timezones.add(s.timezones)
tz = pytz.timezone(s.timezone)
datetime_from = se.date_from.astimezone(tz)
date_from = datetime_from.date()
if name is None:
name = str(se.name)
elif str(se.name) != name:
ebd['_subevents_different_names'] = True
if s.show_date_to and se.date_to:
datetime_to = se.date_to.astimezone(tz)
date_to = se.date_to.astimezone(tz).date()
d = max(date_from, before.date())
while d <= date_to and d <= after.date():
first = d == date_from
ebd[d].append({
'continued': not first,
'timezone': s.timezone,
'time': datetime_from.time().replace(tzinfo=None) if first and s.show_times else None,
'time_end': (
datetime_to.time().replace(tzinfo=None)
if (date_to == date_from or (
date_to == date_from + timedelta(days=1) and datetime_to.time() < datetime_from.time()
)) and s.show_times
else None
),
'event': se,
'url': (
eventreverse(se.event, 'presale:event.redeem',
kwargs={k: v for k, v in kwargs.items() if k != 'subevent'}) + f'?subevent={se.pk}&voucher={quote(voucher.code)}'
if voucher
else eventreverse(se.event, 'presale:event.index', kwargs=kwargs)
)
})
d += timedelta(days=1)
else:
ebd[date_from].append({
'event': se,
'continued': False,
'time': datetime_from.time().replace(tzinfo=None) if s.show_times else None,
'url': (
eventreverse(se.event, 'presale:event.redeem',
kwargs={k: v for k, v in kwargs.items() if k != 'subevent'}) + f'?subevent={se.pk}&voucher={quote(voucher.code)}'
if voucher
else eventreverse(se.event, 'presale:event.index', kwargs=kwargs)
),
'timezone': s.timezone,
})
def checkout_prepare(self, request: HttpRequest,
cart: Dict[str, Any]) -> Union[bool, str, None]:
for p in get_cart(request):
if p.item.issue_giftcard:
messages.error(
request,
_("You cannot pay with gift cards when buying a gift card."
))
return
cs = cart_session(request)
try:
gc = self.event.organizer.accepted_gift_cards.get(
secret=request.POST.get("giftcard"))
if gc.currency != self.event.currency:
messages.error(
request,
_("This gift card does not support this currency."))
return
if gc.testmode and not self.event.testmode:
messages.error(
request,
_("This gift card can only be used in test mode."))
return
if not gc.testmode and self.event.testmode:
messages.error(
request,
_("Only test gift cards can be used in test mode."))
return
if gc.value <= Decimal("0.00"):
messages.error(
request, _("All credit on this gift card has been used."))
return
if 'gift_cards' not in cs:
cs['gift_cards'] = []
elif gc.pk in cs['gift_cards']:
messages.error(
request,
_("This gift card is already used for your payment."))
return
cs['gift_cards'] = cs['gift_cards'] + [gc.pk]
remainder = cart['total'] - gc.value
if remainder >= Decimal('0.00'):
del cs['payment']
messages.success(
request,
_("Your gift card has been applied, but {} still need to be paid. Please select a payment method."
).format(money_filter(remainder, self.event.currency)))
else:
messages.success(request,
_("Your gift card has been applied."))
kwargs = {'step': 'payment'}
if request.resolver_match and 'cart_namespace' in request.resolver_match.kwargs:
kwargs['cart_namespace'] = request.resolver_match.kwargs[
'cart_namespace']
return eventreverse(self.event,
'presale:event.checkout',
kwargs=kwargs)
except GiftCard.DoesNotExist:
if self.event.vouchers.filter(
code__iexact=request.POST.get("giftcard")).exists():
messages.warning(
request,
_("You entered a voucher instead of a gift card. Vouchers can only be entered on the first page of the shop below "
"the product selection."))
else:
messages.error(request, _("This gift card is not known."))
except GiftCard.MultipleObjectsReturned:
messages.error(
request,
_("This gift card can not be redeemed since its code is not unique. Please contact the organizer of this event."
))
def get_next_url(self):
if "next" in self.request.GET and "://" not in self.request.GET.get("next"):
return self.request.GET.get("next")
else:
return eventreverse(self.request.event, "presale:event.index")
def get(self, request, *args, **kwargs):
prov = self.pprov
prov._init_api()
try:
src = stripe.Source.retrieve(request.GET.get('source'),
**prov.api_kwargs)
except stripe.error.InvalidRequestError:
logger.exception('Could not retrieve source')
messages.error(
self.request,
_('Sorry, there was an error in the payment process. Please check the link '
'in your emails to continue.'))
return redirect(
eventreverse(self.request.event, 'presale:event.index'))
if src.client_secret != request.GET.get('client_secret'):
messages.error(
self.request,
_('Sorry, there was an error in the payment process. Please check the link '
'in your emails to continue.'))
return redirect(
eventreverse(self.request.event, 'presale:event.index'))
with transaction.atomic():
self.order.refresh_from_db()
self.payment.refresh_from_db()
if self.payment.state == OrderPayment.PAYMENT_STATE_CONFIRMED:
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
return self._redirect_to_order()
if src.status == 'chargeable':
try:
prov._charge_source(request, src.id, self.payment)
except PaymentException as e:
messages.error(request, str(e))
return self._redirect_to_order()
finally:
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
elif src.status == 'consumed':
# Webhook was faster, wow! ;)
if 'payment_stripe_token' in request.session:
del request.session['payment_stripe_token']
return self._redirect_to_order()
elif src.status == 'pending':
self.payment.state = OrderPayment.PAYMENT_STATE_PENDING
self.payment.info = str(src)
self.payment.save()
else: # failed or canceled
self.payment.state = OrderPayment.PAYMENT_STATE_FAILED
self.payment.info = str(src)
self.payment.save()
self.payment.order.log_action(
'pretix.event.order.payment.failed', {
'local_id': self.payment.local_id,
'provider': self.payment.provider,
'info': str(src)
})
messages.error(
self.request,
_('We had trouble authorizing your card payment. Please try again and '
'get in touch with us if this problem persists.'))
return self._redirect_to_order()
def abort(request, *args, **kwargs):
messages.error(request, _('It looks like you canceled the PayPal payment'))
return redirect(
eventreverse(request.event,
'presale:event.checkout',
kwargs={'step': 'payment'}))
def get_order_url(self):
return eventreverse(self.request.event, 'presale:event.order', kwargs={
'order': self.order.code,
'secret': self.order.secret
})
def get_index_url(self):
kwargs = {}
if 'cart_namespace' in self.kwargs:
kwargs['cart_namespace'] = self.kwargs['cart_namespace']
return eventreverse(self.request.event, 'presale:event.index', kwargs=kwargs)
def get_next_url(self):
if "next" in self.request.GET and '://' not in self.request.GET.get('next'):
return self.request.GET.get('next')
else:
return eventreverse(self.request.event, 'presale:event.index')
def get_confirm_url(self):
return eventreverse(
self.request.event,
"presale:event.order.pay.confirm",
kwargs={"order": self.order.code, "secret": self.order.secret},
)
def get_step_url(self):
return eventreverse(self.event,
'presale:event.checkout',
kwargs={'step': self.identifier})
def get_step_url(self, request):
kwargs = {'step': self.identifier}
if request.resolver_match and 'cart_namespace' in request.resolver_match.kwargs:
kwargs['cart_namespace'] = request.resolver_match.kwargs['cart_namespace']
return eventreverse(self.event, 'presale:event.checkout', kwargs=kwargs)
