def configure_paypal():
"""
Configure the paypal sdk
:return: Credentials
"""
settings = get_settings()
# Use Sandbox by default.
paypal_mode = settings.get(
'paypal_mode',
'live' if (settings['app_environment'] == Environment.PRODUCTION)
else 'sandbox',
)
paypal_key = None
if paypal_mode == 'sandbox':
paypal_key = 'paypal_sandbox'
elif paypal_mode == 'live':
paypal_key = 'paypal'
if not paypal_key:
raise ConflictError({'pointer': ''},
"Paypal Mode must be 'live' or 'sandbox'")
paypal_client = settings.get(f'{paypal_key}_client', None)
paypal_secret = settings.get(f'{paypal_key}_secret', None)
if not paypal_client or not paypal_secret:
raise ConflictError(
{'pointer': ''},
"Payments through Paypal have not been configured on the platform",
)
return paypalrestsdk.configure({
"mode": paypal_mode,
"client_id": paypal_client,
"client_secret": paypal_secret,
})
def validate_event(user, data):
if not user.can_create_event():
raise ForbiddenError({'source': ''}, "Please verify your Email")
if data.get('state', None) == 'published' and not user.can_publish_event():
raise ForbiddenError({'source': ''}, "Only verified accounts can publish events")
if (
not data.get('is_event_online')
and data.get('state', None) == 'published'
and not data.get('location_name', None)
):
raise ConflictError(
{'pointer': '/data/attributes/location-name'},
"Location is required to publish the event",
)
if data.get('location_name', None) and data.get('is_event_online'):
raise ConflictError(
{'pointer': '/data/attributes/location-name'},
"Online Event does not have any locaton",
)
if not data.get('name', None) and data.get('state', None) == 'published':
raise ConflictError(
{'pointer': '/data/attributes/location-name'},
"Event Name is required to publish the event",
)
if data.get('searchable_location_name') and data.get('is_event_online'):
raise ConflictError(
{'pointer': '/data/attributes/searchable-location-name'},
"Online Event does not have any locaton",
)
def before_create_object(self, data, view_kwargs):
"""
before create object method for AccessCodeListPost Class
:param data:
:param view_kwargs:
:return:
"""
if data.get('tickets', None):
for ticket in data['tickets']:
# Ensuring that the ticket exists and is hidden.
try:
ticket_object = (self.session.query(Ticket).filter_by(
id=int(ticket), deleted_at=None).one())
if not ticket_object.is_hidden:
raise ConflictError(
{'pointer': '/data/relationships/tickets'},
"Ticket with id {} is public.".format(ticket) +
" Access code cannot be applied to public tickets",
)
except NoResultFound:
raise ConflictError(
{'pointer': '/data/relationships/tickets'},
"Ticket with id {} does not exists".format(
str(ticket)),
)
def reject_invite(speaker_invite_id):
try:
speaker_invite = SpeakerInvite.query.filter_by(
id=speaker_invite_id).one()
except NoResultFound:
raise NotFoundError({'source': ''}, 'Speaker Invite Not Found')
else:
if not current_user.email == speaker_invite.email:
raise ForbiddenError({'source': ''}, 'Invitee access is required.')
elif speaker_invite.status == 'accepted':
raise ConflictError(
{'pointer': '/data/status'},
'Accepted speaker invite can not be rejected.',
)
elif speaker_invite.status == 'rejected':
raise ConflictError(
{'pointer': '/data/status'},
'Speaker invite is already rejected.',
)
try:
speaker_invite.status = 'rejected'
save_to_db(speaker_invite, {'speaker invite rejected'})
except Exception:
raise UnprocessableEntityError(
{'source': ''}, 'error while rejecting speaker invite.')
return jsonify(
success=True,
message="Speaker invite rejected successfully",
)
def capture_payment(order_invoice, currency=None, credentials=None):
"""
Capture payments through stripe.
:param order_invoice: Order to be charged for
:param currency: Currency of the order amount.
:param credentials: Stripe credentials.
:return: charge/None depending on success/failure.
"""
if not credentials:
credentials = StripePaymentsManager.get_credentials(
order_invoice.event)
if not credentials:
raise ConflictError({'pointer': ''},
'Stripe credentials not found for the event.')
stripe.api_key = credentials['SECRET_KEY']
if not currency:
currency = order_invoice.event.payment_currency
if not currency or currency == "":
currency = "USD"
frontend_url = get_settings()['frontend_url']
try:
# payment_method_types = ['card', 'klarna']
payment_method_types = ['card']
# if currency.lower() == 'eur':
# payment_method_types.append('sepa_debit')
session = stripe.checkout.Session.create(
customer_email=order_invoice.user.email,
payment_method_types=payment_method_types,
line_items=[{
'price_data': {
'currency': currency.lower(),
'product_data': {
'name': order_invoice.event.name,
},
'unit_amount': int(order_invoice.amount * 100),
},
'quantity': 1,
}],
mode='payment',
success_url=
f"{frontend_url}/orders/{order_invoice.identifier}/view",
cancel_url=
f"{frontend_url}/orders/{order_invoice.identifier}/view",
)
return session
except Exception as e:
raise ConflictError({'pointer': ''}, str(e))
def validate_event(user, modules, data):
if not user.can_create_event():
raise ForbiddenError({'source': ''}, "Please verify your Email")
elif not modules.ticket_include:
raise ForbiddenError({'source': ''},
"Ticketing is not enabled in the system")
if (data.get('can_pay_by_paypal', False)
or data.get('can_pay_by_cheque', False)
or data.get('can_pay_by_bank', False)
or data.get('can_pay_by_stripe', False)):
if not modules.payment_include:
raise ForbiddenError({'source': ''},
"Payment is not enabled in the system")
if data.get('is_donation_enabled', False) and not modules.donation_include:
raise ForbiddenError(
{'source': '/data/attributes/is-donation-enabled'},
"Donation is not enabled in the system",
)
if data.get('state', None) == 'published' and not user.can_publish_event():
raise ForbiddenError({'source': ''},
"Only verified accounts can publish events")
if (not data.get('is_event_online')
and data.get('state', None) == 'published'
and not data.get('location_name', None)):
raise ConflictError(
{'pointer': '/data/attributes/location-name'},
"Location is required to publish the event",
)
if data.get('location_name', None) and data.get('is_event_online'):
raise ConflictError(
{'pointer': '/data/attributes/location-name'},
"Online Event does not have any locaton",
)
if not data.get('name', None) and data.get('state', None) == 'published':
raise ConflictError(
{'pointer': '/data/attributes/location-name'},
"Event Name is required to publish the event",
)
if data.get('searchable_location_name') and data.get('is_event_online'):
raise ConflictError(
{'pointer': '/data/attributes/searchable-location-name'},
"Online Event does not have any locaton",
)
def test_exceptions(self):
"""Method to test all exceptions."""
# Unprocessable Entity Exception
with self.assertRaises(UnprocessableEntityError):
raise UnprocessableEntityError(
{'pointer': '/data/attributes/min-quantity'},
"min-quantity should be less than max-quantity",
)
# Conflict Exception
with self.assertRaises(ConflictError):
raise ConflictError({'pointer': '/data/attributes/email'},
"Email already exists")
# Forbidden Exception
with self.assertRaises(ForbiddenError):
raise ForbiddenError({'source': ''}, "Access Forbidden")
# Not Found Error
with self.assertRaises(NotFoundError):
raise NotFoundError({'source': ''}, "Not Found")
# Server Error
with self.assertRaises(ServerError):
raise ServerError({'source': ''}, "Internal Server Error")
# Bad Request Error
with self.assertRaises(BadRequestError):
raise BadRequestError({'source': ''}, "Bad Request")
# Method Not Allowed Exception
with self.assertRaises(MethodNotAllowed):
raise MethodNotAllowed({'source': ''}, "Method Not Allowed")
def before_create_object(self, data, view_kwargs):
"""
method to check if there is an existing user with same email which is received in data to create a new user
and if the password is at least 8 characters long
:param data:
:param view_kwargs:
:return:
"""
if len(data['password']) < 8:
logging.error('Password should be at least 8 characters long')
raise UnprocessableEntityError(
{'source': '/data/attributes/password'},
'Password should be at least 8 characters long',
)
if (db.session.query(
User.id).filter_by(email=data['email'].strip()).scalar()
is not None):
logging.error('Email already exists')
raise ConflictError({'pointer': '/data/attributes/email'},
"Email already exists")
if data.get('is_verified'):
logging.error("You are not allowed to submit this field")
raise UnprocessableEntityError(
{'pointer': '/data/attributes/is-verified'},
"You are not allowed to submit this field",
)
def validate_ticket_holders(ticket_holder_ids):
# pytype: disable=attribute-error
ticket_holders = (TicketHolder.query.filter_by(deleted_at=None).filter(
TicketHolder.id.in_(ticket_holder_ids)).all())
# pytype: enable=attribute-error
if len(ticket_holders) != len(ticket_holder_ids):
logger.warning("Ticket Holders not found in",
extra=dict(ticket_holder_ids=ticket_holder_ids))
raise ObjectNotFound(
{'pointer': '/data/relationships/attendees'},
"Some attendee among ids {} do not exist".format(
str(ticket_holder_ids)),
)
for ticket_holder in ticket_holders:
# Ensuring that the attendee exists and doesn't have an associated order.
if ticket_holder.order_id:
logger.warning(
"Order already exists for attendee",
extra=dict(attendee_id=ticket_holder.id),
)
raise ConflictError(
{'pointer': '/data/relationships/attendees'},
"Order already exists for attendee with id {}".format(
str(ticket_holder.id)),
)
return ticket_holders
def decide_schema(self, json_data):
"""To decide discount code schema based on posted data.
:param json_data:
:return:"""
used_for = json_data['data']['attributes'].get('used-for')
try:
discount = (
db.session.query(DiscountCode)
.filter_by(id=int(json_data['data']['id']))
.one()
)
except NoResultFound:
raise ObjectNotFound({'parameter': '{id}'}, "DiscountCode: not found")
if not used_for:
used_for = discount.used_for
elif used_for != discount.used_for:
raise ConflictError(
{'pointer': '/data/attributes/used-for'},
"Cannot modify discount code usage type",
)
if used_for == 'ticket':
self.schema = DiscountCodeSchemaTicket
elif used_for == 'event':
self.schema = DiscountCodeSchemaEvent
def before_create_object(self, data, view_kwargs):
"""
before create object method for OrderListPost Class
:param data:
:param view_kwargs:
:return:
"""
validate_attendees(data['ticket_holders'])
if data.get('cancel_note'):
del data['cancel_note']
if data.get('payment_mode') != 'free' and not data.get('amount'):
raise ConflictError(
{'pointer': '/data/attributes/amount'},
"Amount cannot be null for a paid order",
)
if not data.get('amount'):
data['amount'] = 0
# Apply discount only if the user is not event admin
if data.get('discount_code') and not has_access(
'is_coorganizer', event_id=data['event']):
validate_discount_code(
data['discount_code'],
ticket_holders=data['ticket_holders'],
event_id=data['event'],
)
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound(
{'parameter': 'event_id'}, "Event: {} not found".format(data['event'])
)
if (
get_count(
db.session.query(Ticket.id).filter_by(
name=data['name'], event_id=int(data['event']), deleted_at=None
)
)
> 0
):
raise ConflictError(
{'pointer': '/data/attributes/name'}, "Ticket already exists"
)
def before_create_object(self, data, view_kwargs):
"""
method to check if stripe authorization object already exists for an event.
Raises ConflictError if it already exists.
If it doesn't, then uses the StripePaymentManager to get the other credentials from Stripe.
:param data:
:param view_kwargs:
:return:
"""
try:
self.session.query(StripeAuthorization).filter_by(
event_id=data['event'], deleted_at=None).one()
except NoResultFound:
credentials = StripePaymentsManager.get_event_organizer_credentials_from_stripe(
data['stripe_auth_code'])
if 'error' in credentials:
raise UnprocessableEntityError(
{'pointer': '/data/stripe_auth_code'},
credentials['error_description'],
)
data['stripe_secret_key'] = credentials['access_token']
data['stripe_refresh_token'] = credentials['refresh_token']
data['stripe_publishable_key'] = credentials[
'stripe_publishable_key']
data['stripe_user_id'] = credentials['stripe_user_id']
else:
raise ConflictError(
{'pointer': '/data/relationships/event'},
"Stripe Authorization already exists for this event",
)
def create_onsite_attendees_for_order(data):
"""
Creates on site ticket holders for an order and adds it into the request data.
:param data: data initially passed in the POST request for order.
:return:
"""
on_site_tickets = data.get('on_site_tickets')
if not on_site_tickets:
raise UnprocessableEntityError(
{'pointer': 'data/attributes/on_site_tickets'},
'on_site_tickets info missing')
data['ticket_holders'] = []
for on_site_ticket in on_site_tickets:
ticket_id = on_site_ticket['id']
quantity = int(on_site_ticket['quantity'])
ticket = safe_query_without_soft_deleted_entries(
Ticket, 'id', ticket_id, 'ticket_id')
ticket_sold_count = get_count(
db.session.query(TicketHolder.id).filter_by(ticket_id=int(
ticket.id),
deleted_at=None))
# Check if the ticket is already sold out or not.
if ticket_sold_count + quantity > ticket.quantity:
# delete the already created attendees.
for holder in data['ticket_holders']:
ticket_holder = (db.session.query(TicketHolder).filter(
id == int(holder)).one())
db.session.delete(ticket_holder)
try:
db.session.commit()
except Exception:
logging.exception('DB Exception!')
db.session.rollback()
raise ConflictError(
{'pointer': '/data/attributes/on_site_tickets'},
"Ticket with id: {} already sold out. You can buy at most {} tickets"
.format(ticket_id, ticket.quantity - ticket_sold_count),
)
for _ in range(1, quantity):
ticket_holder = TicketHolder(
firstname='onsite',
lastname='attendee',
email='*****@*****.**',
ticket_id=ticket.id,
event_id=data.get('event'),
)
save_to_db(ticket_holder)
data['ticket_holders'].append(ticket_holder.id)
# delete from the data.
del data['on_site_tickets']
def before_create_object(self, data, view_kwargs):
if data.get('used_for') == 'ticket' and (event_id :=
data.get('event')):
discount_codes = DiscountCode.query.filter_by(event_id=event_id,
code=data['code'],
deleted_at=None)
if get_count(discount_codes) > 0:
raise ConflictError({'pointer': '/data/attributes/code'},
'Discount Code already exists')
def retrieve_session(event_id, stripe_session_id):
credentials = StripePaymentsManager.get_credentials(event_id)
if not credentials:
raise ConflictError({'pointer': ''},
'Stripe credentials not found for the event.')
stripe.api_key = credentials['SECRET_KEY']
session = stripe.checkout.Session.retrieve(stripe_session_id)
return session
def capture_payment(order_invoice, currency=None, credentials=None):
"""
Capture payments through stripe.
:param order_invoice: Order to be charged for
:param currency: Currency of the order amount.
:param credentials: Stripe credentials.
:return: charge/None depending on success/failure.
"""
if not credentials:
credentials = StripePaymentsManager.get_credentials(order_invoice.event)
if not credentials:
raise ConflictError(
{'pointer': ''}, 'Stripe credentials not found for the event.'
)
stripe.api_key = credentials['SECRET_KEY']
if not currency:
currency = order_invoice.event.payment_currency
if not currency or currency == "":
currency = "USD"
try:
customer = stripe.Customer.create(
email=order_invoice.user.email, source=order_invoice.stripe_token
)
charge = stripe.Charge.create(
customer=customer.id,
amount=int(order_invoice.amount * 100),
currency=currency.lower(),
metadata={
'order_id': order_invoice.id,
'event': order_invoice.event.name,
'user_id': order_invoice.user_id,
'event_id': order_invoice.event_id,
},
description=order_invoice.event.name,
)
return charge
except Exception as e:
raise ConflictError({'pointer': ''}, str(e))
def retrieve_payment_intent(event_id, payment_intent_id):
credentials = StripePaymentsManager.get_credentials(event_id)
if not credentials:
raise ConflictError({'pointer': ''},
'Stripe credentials not found for the event.')
stripe.api_key = credentials['SECRET_KEY']
payment_intent = stripe.PaymentIntent.retrieve(payment_intent_id)
return payment_intent
def before_delete_object(self, role_invite, view_kwargs):
"""
method to check for proper permissions for deleting
:param order:
:param view_kwargs:
:return:
"""
if role_invite.status == 'accepted':
raise ConflictError({'pointer': '/data/status'},
'You cannot delete an accepted role invite.')
def before_create_object(self, data, view_kwargs):
"""
method to check if tax object already exists for an event
:param data:
:param view_kwargs:
:return:
"""
if (self.session.query(Tax).filter_by(event_id=data['event'],
deleted_at=None).first()):
raise ConflictError(
{'pointer': '/data/relationships/event'},
"Tax already exists for this event",
)
def validate_event(user, data):
if not user.can_create_event():
raise ForbiddenError({'source': ''}, "Please verify your Email")
if data.get('state', None) == 'published' and not user.can_publish_event():
raise ForbiddenError({'source': ''},
"Only verified accounts can publish events")
if not data.get('name', None) and data.get('state', None) == 'published':
raise ConflictError(
{'pointer': '/data/attributes/name'},
"Event Name is required to publish the event",
)
def before_delete_object(self, order, view_kwargs):
"""
method to check for proper permissions for deleting
:param order:
:param view_kwargs:
:return:
"""
if not has_access('is_coorganizer', event_id=order.event.id):
raise ForbiddenError({'source': ''}, 'Access Forbidden')
if (order.amount and order.amount > 0
and (order.status == 'completed' or order.status == 'placed')):
raise ConflictError(
{'source': ''},
'You cannot delete a placed/completed paid order.')
def validate(self, data):
require_exclusive_relationship(['rooms', 'event'], data)
if data.get('rooms'):
check_same_event(data['rooms'])
check_event_access(data.get('event'))
if data.get('event'):
video_exists = db.session.query(
VideoStream.query.filter_by(
event_id=data['event']).exists()).scalar()
if video_exists:
raise ConflictError(
{'pointer': '/data/relationships/event'},
'Video Stream for this event already exists',
)
def get_payment_intent_stripe(order_invoice,
currency=None,
credentials=None):
"""
Capture payments through stripe.
:param order_invoice: Order to be charged for
:param currency: Currency of the order amount.
:param credentials: Stripe credentials.
:return: secret of payment intent
"""
if not credentials:
credentials = StripePaymentsManager.get_credentials(
order_invoice.event)
if not credentials:
raise ConflictError({'pointer': ''},
'Stripe credentials not found for the event.')
stripe.api_key = credentials['SECRET_KEY']
if not currency:
currency = order_invoice.event.payment_currency
if not currency or currency == "":
currency = "USD"
try:
payment_intent = stripe.PaymentIntent.create(
amount=int(order_invoice.amount * 100),
currency=currency.lower(),
metadata={'order_id': order_invoice.identifier},
automatic_payment_methods={
'enabled': True,
},
)
return payment_intent
except Exception as e:
raise ConflictError({'pointer': ''}, str(e))
def before_delete_object(self, speaker_invite, view_kwargs):
"""
method to check for proper permissions for deleting
:param order:
:param view_kwargs:
:return:
"""
if not has_access('is_speaker_for_session',
id=speaker_invite.session_id):
raise ForbiddenError({'source': ''}, 'Speaker access is required.')
if speaker_invite.status == 'accepted':
raise ConflictError(
{'pointer': '/data/status'},
'You cannot delete an accepted speaker invite.',
)
def before_post(self, args, kwargs, data):
"""
Before post method to check for required relationship and proper permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['ticket', 'event'], data)
ticket = (db.session.query(Ticket).filter_by(id=int(data['ticket']),
deleted_at=None).first())
if ticket is None:
raise UnprocessableEntityError(
{'pointer': '/data/relationships/ticket'}, "Invalid Ticket")
if ticket.event_id != int(data['event']):
raise UnprocessableEntityError(
{'pointer': '/data/relationships/ticket'},
"Ticket belongs to a different Event",
)
# Check if the ticket is already sold out or not.
if get_sold_and_reserved_tickets_count(ticket.id) >= ticket.quantity:
raise ConflictError({'pointer': '/data/attributes/ticket_id'},
"Ticket already sold out")
if 'device_name_checkin' in data and data[
'device_name_checkin'] is not None:
if 'is_checked_in' not in data or not data['is_checked_in']:
raise UnprocessableEntityError(
{'pointer': '/data/attributes/device_name_checkin'},
"Attendee needs to be checked in first",
)
elif 'checkin_times' not in data or data['checkin_times'] is None:
raise UnprocessableEntityError(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing",
)
elif len(data['checkin_times'].split(",")) != len(
data['device_name_checkin'].split(",")):
raise UnprocessableEntityError(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing for the corresponding device name",
)
if 'checkin_times' in data:
if 'device_name_checkin' not in data or data[
'device_name_checkin'] is None:
data['device_name_checkin'] = '-'
def decide_schema(self, json_data):
"""To decide discount code schema based on posted data.
:param json_data:
:return:"""
used_for = json_data['data']['attributes'].get('used-for')
if used_for in ('event', 'ticket'):
if used_for == 'event':
self.schema = DiscountCodeSchemaEvent
elif used_for == 'ticket':
self.schema = DiscountCodeSchemaTicket
else:
raise ConflictError(
{'pointer': '/data/attributes/used-for'},
"used-for attribute is required and should be equal to 'ticket' or 'event' to create discount code",
)
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['session'], data)
data['user'] = current_user.id
user_favourite_session = UserFavouriteSession.query.filter_by(
session_id=data['session'], user=current_user).first()
if user_favourite_session:
raise ConflictError({'pointer': '/data/relationships/session'},
"Session already favourited")
def before_post(cls, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['group'], data)
data['user'] = current_user.id
user_follow_group = UserFollowGroup.query.filter_by(
group_id=data['group'], user=current_user).first()
if user_follow_group:
raise ConflictError({'pointer': '/data/relationships/group'},
"Group already followed")
def before_create_object(self, data, view_kwargs):
"""
before create object method for UsersGroupsRolesListPost Class
:param data:
:param view_kwargs:
:return:
"""
role_already_exists = UsersGroupsRoles.query.filter_by(
email=data['email'], group_id=data['group'], role_id=data['role']
).count()
if role_already_exists:
raise ConflictError(
{'source': '/data'}, 'Role Invite has already been sent for this email.'
)
user = User.query.filter_by(email=data['email']).first()
if user:
data['user_id'] = user.id
