Exemple #1
0
 def api_token_issue_view(self):
     if  (
         "user_id" not in self.request.session or 
         self.request.session["user_id"] == None or 
         self.request.session["user_id"] not in self.request.root.users or 
         self.request.root.users[self.request.session["user_id"]] == None
         ):
         return {
             "error": "No valid authenticated session present, cannot issue token."
         }
     else:
         user = self.request.root.users[self.request.session["user_id"]]
         coder = Coding()
         token = jwt.encode({
             'user_id':      user.__name__,
             'username':     user.username,
             'auth_date':    str(int(round(time.time() * 1000.0))),
             'unique_id':    coder.generateUniqueCode()
         }, 
         self.request.registry._settings["api.session_secret"], 
         algorithm='HS512')
         user.api_token = token
         logging.info("API: Issued authentication token to %s" % user.username)
         return {
             "token": token
         }
Exemple #2
0
 def __init__(self):
     coding = Coding()
     self.__name__ = coding.generateUniqueCode()
     self.name = self.description = None
     self.cost = 0
     self.total_released = 0
     self.allocated = PersistentList()
     self.exclusive = False
     self.unlimited = False
     self.locked_down = False
Exemple #3
0
 def __init__(self):
     coding = Coding()
     self.__name__ = self.id_code = coding.generateUniqueCode()
     self.owner = None
     self.payment = None
     self.issue_date = None
     self.creation_date = datetime.now()
     self.guest_info = None
     self.change_enabled = False
     self.tick_type = None
     self.addons = PersistentMapping()
     self.checked_in = False
     self.checkin_data = None
     self.notes = ""
Exemple #4
0
 def setup_two_view(self):
     if (PROP.getProperty(self.request, PROP.SITE_SETUP) == True):
         return HTTPFound(location=self.request.route_path("welcome"))
     elif (PROP.getProperty(self.request, PROP.VERSION) == None):
         return HTTPFound(location=self.request.route_path("setup_stageone"))
     # Check if the password has already been changed, default is 'password'
     admin_usr = self.request.root.users["admin"]
     test_password = salt_password("password", admin_usr.password_salt)
     if test_password != admin_usr.password:
         self.request.session.flash("It looks like someone has already changed the default password on the account, if this wasn't you then contact support!", "info")
         return HTTPFound(location=self.request.route_path("setup_stagethree"))
     # Get password for admin user and double check
     if "password_one" in self.request.POST and  "password_two" in self.request.POST:
         pwd_1 = self.request.POST["password_one"]
         pwd_2 = self.request.POST["password_two"]
         if len(pwd_1) < 5:
             self.request.session.flash("The passwords entered are too short, they must be of 5 characters or longer.", "error")
             return {}
         elif pwd_1 != pwd_2:
             self.request.session.flash("The passwords entered do not match.", "error")
             return {}
         # Set the administrator password
         admin_usr.password_salt = Coding().generateUniqueCode()
         admin_usr.password = salt_password(pwd_1, admin_usr.password_salt)
         return HTTPFound(location=self.request.route_path("setup_stagethree"))
     return {}
Exemple #5
0
 def add_group_view_do(self):
     group = None
     if "group_id" in self.request.matchdict and self.request.matchdict["group_id"] in self.request.root.groups:
         group = self.request.root.groups[self.request.matchdict["group_id"]]
     else:
         group = Group()
         group.__name__ = Coding().generateUniqueCode(withdash=False)
         group.__parent__ = self.request.root
     # If the group is protected, fetch certain values from its existing configuration
     name = self.request.POST["name"] if group.can_delete else group.name
     privilege = self.request.POST["privilege"] if group.can_delete else group.privileges[0]
     access_code = self.request.POST["access_code"].replace(" ", "")
     if len(name.replace(" ","")) < 2:
         self.request.session.flash("The name entered is not valid, please try again.", "error")
         return {"name": None, "privilege": privilege}
     if privilege not in ["basic", "staff", "committee", "admin"]:
         self.request.session.flash("The privilege chosen is not valid, please try again.", "error")
         return {"name": name, "privilege": None}
     if len(access_code) == 0:
         access_code = None
     else:
         access_code = re.sub('[\W_]+', '', access_code)
     # Update any values on the object
     group.name = name
     group.access_code = access_code
     group.privileges = [privilege]
     group._p_changed = True
     # Notify success/failure
     if "group_id" in self.request.matchdict and self.request.matchdict["group_id"] in self.request.root.groups:
         self.request.session.flash("Group updated successfully!", "info")
     else:
         # As the group is new - attach it to the root object
         self.request.root.groups[group.__name__] = group
         self.request.session.flash("Group added successfully!", "info")
     return HTTPFound(location=self.request.route_path("admin_accounts"))
Exemple #6
0
 def user_password_view(self):
     if not "user_id" in self.request.matchdict and not self.request.matchdict["user_id"] in self.request.root.users:
         self.request.session.flash("Requested user does not exist!", "error")
         return HTTPFound(location=self.request.route_path("admin_accounts"))
     user = self.request.root.users[self.request.matchdict["user_id"]]
     # Check actually allowed to change password
     if user.profile != None and user.profile.raven_user:
         self.request.session.flash("This user is authenticated via Raven and therefore does not have a password stored in the system.", "error")
         return HTTPFound(location=self.request.route_path("admin_accounts"))
     # Act on data being passed from view
     if "submit" in self.request.POST:
         password_one = self.request.POST["password_one"]
         password_two = self.request.POST["password_two"]
         if password_one != password_two:
             self.request.session.flash("You have not entered the same password twice, please try again.", "error")
             return {
                 "user": user
             }
         elif len(password_one) < 6:
             self.request.session.flash("For security reasons you must enter a password of 6 letters or more.", "error")
             return {
                 "user": user
             }
         # Generate a new salt, salt the password and store it
         user.password_salt = Coding().generateUniqueCode(withdash=False)
         user.password = salt_password(password_one, user.password_salt)
         self.request.session.flash("%s's password has been successfully changed." % user.username, "info")
         return HTTPFound(location=self.request.route_path("admin_accounts"))
     return {
         "user": user,
     }
Exemple #7
0
 def set_password_view(self):
     # Check agreements
     if not self.user.purchase_agreement:
         return HTTPFound(location=self.request.route_path("purchase_agreement_act"))
     elif not self.user.privacy_agreement:
         return HTTPFound(location=self.request.route_path("privacy_policy_act"))
     # Check this user is allowed to set/change a password
     if self.user.profile == None:
         self.request.session.flash("You are not able to change your password as you haven't yet set up your profile", "error")
         return HTTPFound(location=self.request.route_path("user_profile"))
     elif self.user.profile.raven_user:
         self.request.session.flash("You are not able to set a password as you are authenticated via Raven. Please change your password with the Raven service.", "error")
         return HTTPFound(location=self.request.route_path("user_profile"))
     # Ok all good, deal with any posted data
     if "submit" in self.request.POST:
         password_one = self.request.POST["password_one"]
         password_two = self.request.POST["password_two"]
         if password_one != password_two:
             self.request.session.flash("You have not entered the same password twice, please try again.", "error")
             return {}
         elif len(password_one) < 6:
             self.request.session.flash("For security reasons you must enter a password of 6 letters or more.", "error")
             return {}
         # Generate a new salt, salt the password and store it
         self.user.password_salt = Coding().generateUniqueCode(withdash=False)
         self.user.password = salt_password(password_one, self.user.password_salt)
         self.request.session.flash("Your password has been successfully changed.", "info")
         return HTTPFound(location=self.request.route_path("user_profile"))
     # Otherwise just pass to renderer
     return {}
Exemple #8
0
 def __init__(self):
     self.__name__ = self.ref_code = Coding().generateUniqueCode(
         short=True, withdash=False)
     self.owner = self.method = None
     self.opened_date = datetime.now()
     self.tickets = PersistentList()
     self.notes = ""
     self.history = PersistentList()
Exemple #9
0
 def __init__(self, name="", description="", cost=0, total_released=0):
     self.__name__ = "TYPE-" + Coding().generateUniqueCode()
     self.name = name
     self.description = description
     self.cost = cost
     self.total_released = total_released
     self.addons = PersistentMapping()
     self.purchase_limit = 0
     self.locked_down = False
Exemple #10
0
 def __init__(self):
     self.name = "New Method"
     self.short_name = "New Method"
     self.description = ""
     self.__name__ = Coding().generateUniqueCode(short=True, withdash=False)
     self.settings = PersistentMapping()
     self.enabled = False
     self.public = True
     self.deadlined = False
     self.transaction_properties = PersistentMapping()
     self.groups = PersistentList()
Exemple #11
0
 def __init__(self):
     self.__name__ = Coding().generateUniqueCode(short=True, withdash=False)
     self.method = None
     self.method_properties = PersistentMapping()
     self.method_change = False
     self.amount_paid = 0
     self.processing_charge = 0
     self.received = False
     self.cashed = False
     self.completed = False
     self.transfer = False
     self.stage_owner = None
     self.date = datetime.now()
Exemple #12
0
 def __init__(self,
              key=Coding().generateUniqueCode(short=True, withdash=False),
              name="New Property",
              description="",
              confidential=False,
              percentage=False,
              value="-",
              parent=None,
              monetary=False):
     self.__name__ = key
     self.name = name
     self.description = description
     self.confidential = confidential
     self.percentage = percentage
     self.monetary = monetary
     self.long_value = False
     self.value = value
     self.__parent__ = parent
Exemple #13
0
 def signup_view(self):
     if not self.public_signup_enabled:
         self.request.session.flash(
             "Public sign-ups are not currently enabled!", "error")
         return HTTPFound(location=self.request.route_path('welcome'))
     # If form data submitted
     if "submit" in self.request.POST:
         email = (self.request.POST["email"] if "email" in self.request.POST
                  and len(self.request.POST["email"]) > 0 else None)
         username = (self.request.POST["username"]
                     if "username" in self.request.POST
                     and len(self.request.POST["username"]) > 0 else None)
         pwd_one = (self.request.POST["password"]
                    if "password" in self.request.POST
                    and len(self.request.POST["password"]) > 0 else None)
         pwd_two = (self.request.POST["confirm_password"]
                    if "confirm_password" in self.request.POST
                    and len(self.request.POST["confirm_password"]) > 0 else
                    None)
         discount_code = (self.request.POST["discount_code"]
                          if "discount_code" in self.request.POST
                          and len(self.request.POST["discount_code"]) > 0
                          else None)
         # Check if all fields filled
         if email == None or username == None or pwd_one == None or pwd_two == None:
             self.request.session.flash(
                 "One or more fields was not filled, please try again.",
                 "error")
             return {
                 "email": email,
                 "username": username,
                 "discount_code": discount_code
             }
         # Now run additional checks
         validator = Email()
         if not validator(email):
             self.request.session.flash(
                 "Please enter a valid email address.", "error")
             return {
                 "email": email,
                 "username": username,
                 "discount_code": discount_code
             }
         # Username checks
         username = username.lower()
         if len(username) < 3 or " " in username:
             self.request.session.flash(
                 "Please enter a valid username of more than 3 characters and containing no spaces.",
                 "error")
             return {
                 "email": email,
                 "username": username,
                 "discount_code": discount_code
             }
         if username in self.request.root.users or (re.match(
                 r"^[a-zA-Z]+[0-9]+$", username) != None):
             self.request.session.flash(
                 "A user already exists with the username you specified, please try again.",
                 "error")
             return {
                 "email": email,
                 "username": username,
                 "discount_code": discount_code
             }
         # Password checks
         if pwd_one != pwd_two:
             self.request.session.flash(
                 "Your passwords do not appear to match, please try again.",
                 "error")
             return {
                 "email": email,
                 "username": username,
                 "discount_code": discount_code
             }
         if len(pwd_one) < 5 or (re.match(r"(?=.{6,}).*", pwd_one) == None):
             self.request.session.flash(
                 "Your password is too short or not complex enough, please enter a stronger password.",
                 "error")
             return {
                 "email": email,
                 "username": username,
                 "discount_code": discount_code
             }
         # Passed all checks - create an account...
         group = self.request.root.groups['ungrouped']
         # - See if we can find a discount group
         if discount_code != None:
             found_discount = False
             for group_key in self.request.root.groups:
                 test_group = self.request.root.groups[group_key]
                 if test_group.access_code != None and len(
                         test_group.access_code
                 ) > 0 and test_group.access_code == discount_code:
                     group = test_group
                     found_discount = True
                     break
             if not found_discount:
                 self.request.session.flash(
                     "The discount code entered is not valid, please check it and try again.",
                     "error")
                 return {
                     "email": email,
                     "username": username,
                     "discount_code": discount_code
                 }
         # - Now setup user
         user = User()
         user.username = user.__name__ = username
         user.password_salt = Coding().generateUniqueCode()
         user.password = salt_password(pwd_one, user.password_salt)
         user.profile = UserProfile()
         user.profile.__parent__ = user
         user.profile.raven_user = False
         user.profile.email = email
         user.__parent__ = group
         group.members.append(user)
         self.request.root.users[user.__name__] = user
         # ...send an email telling them about their new account...
         emailer = GenericEmail(self.request)
         emailer.compose_and_send(
             "Account Created",
             """Thank you for creating an account on our ticketing system, this email is just to remind you that your username is %s. No further action is required."""
             % (user.username), user.__name__)
         # ...and finally login
         header = remember(self.request, user.__name__)
         self.request.session["user_id"] = user.__name__
         return HTTPFound(
             location=self.request.route_path('user_profile_edit'),
             headers=header)
     return {"email": None, "username": None, "discount_code": None}
Exemple #14
0
 def __init__(self):
     self.__name__ = "POOL-" + Coding().generateUniqueCode()
     self.tick_type = None
     self.tickets = PersistentList()
     self.groups = PersistentList()
Exemple #15
0
 def user_add_view(self):
     if "submit" in self.request.POST:
         username = self.request.POST["username"].lower().replace(" ","")
         password = self.request.POST["password"]
         userprefix = self.request.POST["userprefix"].lower().replace(" ","")
         numberusers = int(float(self.request.POST["numberusers"]))
         startingpoint = int(float(self.request.POST["startingnumber"]))
         group_key = self.request.POST["group"]
         single = (self.request.POST["singleuser"] == "single")
         # Check username not already in use
         error = True
         if single:
             if username in self.request.root.users:
                 self.request.session.flash("A user with this username already exists.", "error")
             elif group_key not in self.request.root.groups:
                 self.request.session.flash("The group selected is invalid, please try again.", "error")
             elif len(password) < 6:
                 self.request.session.flash("The password you entered is too short, please enter a longer one.", "error")
             elif len(username) < 3:
                 self.request.session.flash("Please enter a username longer than 2 letters.", "error")
             else:
                 error = False
                 # Otherwise we're good, create user
                 group = self.request.root.groups[group_key]
                 user = User()
                 user.username = user.__name__ = username
                 user.password_salt = Coding().generateUniqueCode()
                 user.password = salt_password(password, user.password_salt)
                 user.__parent__ = group
                 group.members.append(user)
                 self.request.root.users[user.__name__] = user
                 self.request.session.flash("User %s has been added successfully!" % username, "info")
                 return HTTPFound(location=self.request.route_path("admin_accounts"))
         else:
             if len(userprefix) < 2:
                 self.request.session.flash("Please enter a prefix of 2 or more characters.", "error")
             elif numberusers <= 1:
                 self.request.session.flash("Please enter a number of users greater than 1.", "error")
             elif startingpoint < 0:
                 self.request.session.flash("Please enter a starting point number greater than or equal to 0.", "error")
             elif group_key not in self.request.root.groups:
                 self.request.session.flash("The group selected is invalid, please try again.", "error")
             else:
                 error = False
                 creds = {}
                 coding = Coding()
                 group = self.request.root.groups[group_key]
                 # Otherwise we're good, create lots of users and passwords
                 for i in range(numberusers):
                     password = coding.genRandomString(size=6).lower()
                     username = ("%s%i%s" % (userprefix, (i + startingpoint), coding.genRandomString(size=2))).lower()
                     creds[username] = password
                     # Create the user
                     newuser = User()
                     newuser.username = newuser.__name__ = username
                     newuser.password_salt = coding.generateUniqueCode()
                     newuser.password = salt_password(password, newuser.password_salt)
                     newuser.__parent__ = group
                     group.members.append(newuser)
                     self.request.root.users[newuser.__name__] = newuser
                 # Confirm a success
                 self.request.session.flash("Successfully added %i users to %s!" % (numberusers, group.name), "info")
                 # - Forward to showing the full list of users that were added
                 self.request.session["added_users"] = creds
                 return HTTPFound(location=self.request.route_path("admin_user_add_list"))
         # Respond to a thrown error
         if error:
             return {
                 "groups": sorted(self.request.root.groups.values(), key=lambda x: x.name),
                 "username": username, "selgroup": group_key, "single": single,
                 "userprefix": userprefix, "numberusers": numberusers, "startingnumber": startingpoint,
             }
     return {
         "groups": sorted(self.request.root.groups.values(), key=lambda x: x.name),
         "username": None, "selgroup": None, "single": True,
         "userprefix": None, "numberusers": 0, "startingnumber": 0,
     }
Exemple #16
0
 def __init__(self):
     self.__name__ = Coding().generateUniqueCode()
     self.date = None
     self.enacted_by = None
     self.overriden = False
     self.override_id = None
Exemple #17
0
 def db_setup_accounts(self, root):
     # Groups & users
     root.groups = PersistentMapping()
     root.users = PersistentMapping()
     # admin
     admin = Group()
     admin.__name__ = "admin"
     admin.__parent__ = root
     admin.can_delete = False
     admin.name = "Administrators"
     admin.privileges = ["admin"]
     admin.can_delete = False
     admin._p_changed = True
     root.groups[admin.__name__] = admin
     # committee
     committee = Group()
     committee.__name__ = "committee"
     committee.__parent__ = root
     committee.name = "Committee Members"
     committee.privileges = ["committee"]
     committee.can_delete = False
     committee._p_changed = True
     root.groups[committee.__name__] = committee
     # Raven authentications
     raven_grp = Group()
     raven_grp.__name__ = "raven"
     raven_grp.__parent__ = root
     raven_grp.name = "Customers (Raven)"
     raven_grp.privileges = ["basic"]
     raven_grp.can_delete = False
     raven_grp._p_changed = True
     root.groups[raven_grp.__name__] = raven_grp
     # Alumnus Raven authentications
     alumni_raven_grp = Group()
     alumni_raven_grp.__name__ = "raven_alumni"
     alumni_raven_grp.__parent__ = root
     alumni_raven_grp.name = "Customers (Alumni via Raven)"
     alumni_raven_grp.privileges = ["basic"]
     alumni_raven_grp.can_delete = False
     alumni_raven_grp._p_changed = True
     root.groups[alumni_raven_grp.__name__] = alumni_raven_grp
     # Alumnus authentications
     alumni_grp = Group()
     alumni_grp.__name__ = "alumni"
     alumni_grp.__parent__ = root
     alumni_grp.name = "Customers (Alumni)"
     alumni_grp.privileges = ["basic"]
     alumni_grp.can_delete = False
     alumni_grp._p_changed = True
     root.groups[alumni_grp.__name__] = alumni_grp
     # Ungrouped
     ungrouped = Group()
     ungrouped.__name__ = "ungrouped"
     ungrouped.__parent__ = root
     ungrouped.name = "Ungrouped"
     ungrouped.privileges = ["basic"]
     ungrouped.can_delete = False
     ungrouped._p_changed = True
     root.groups[ungrouped.__name__] = ungrouped
     # Setup an admin user
     admin_usr = User()
     admin_usr.username = "******"
     admin_usr.password_salt = Coding().generateUniqueCode()
     admin_usr.password = salt_password("password", admin_usr.password_salt)
     admin_usr.__name__ = admin_usr.username
     admin_usr.__parent__ = admin
     root.users[admin_usr.__name__] = admin_usr
     admin.members.append(admin_usr)
     admin.members._p_changed = True
     admin_usr.privacy_agreement = True
     admin_usr.purchase_agreement = True
     admin_prof = UserProfile()
     admin_usr.profile = admin_prof
     admin_prof.__parent__ = admin_usr
     admin_prof.title = "Admin"
     admin_prof.forename = "Super"
     admin_prof.surname = "Administrator"
     admin_prof.email = "*****@*****.**"
     admin_prof.dob = datetime(year=1990, month=1, day=1)
     admin_prof.photo_file = "blank.png"
     admin_prof.address = PostalAddress()
     admin_prof.address.__parent__ = admin_prof
     admin_prof.address.line_one = "Admin Address"
     admin_prof.address.line_two = "Admin Address"
     admin_prof.address.city = "Cambridge"
     admin_prof.address.county = "Cambridgeshire"
     admin_prof.address.country = "United Kingdom"
     admin_prof.address.postal_code = "CB1 1AA"
     admin_prof.phone_number = "01234 567890"
Exemple #18
0
 def __init__(self):
     self.queue_entry_time = datetime.now()
     self.__name__ = self.queue_id = self.last_checkin_time = Coding(
     ).generateUniqueCode()
Exemple #19
0
    def banktransfer_view(self):
        # Detect a payment alteration
        payment_id = None
        payment = None
        if "payment_id" in self.request.matchdict:
            payment_id = self.request.matchdict["payment_id"]
        # Check we can be here
        methods = PROP.getProperty(self.request, PROP.PAYMENT_METHODS)
        method = [x for x in methods if x.__name__ == "banktransfer" and x.enabled == True]
        # - First check queue/active status
        if payment_id == None and Queue(self.request).timed_out():
            return HTTPFound(self.request.route_path("purchase_timeout"))
        # - Now details
        elif payment_id == None and not self.details_complete:
            self.request.session.flash("You must complete all of your guest's details before continuing.", "error")
            return HTTPFound(location=self.request.route_path("order_details"))
        # - Check that the payment method is enabled?
        elif len(method) <= 0:
            self.request.session.flash("There was an error with the payment method you selected, please try again.", "error")
            return HTTPFound(location=self.request.route_path("pay_for_tickets"))
        # - Now run some checks that this person actually should be able to pay this
        elif payment_id != None:
            if not payment_id in self.request.root.payments:
                self.request.session.flash("The requested payment does not exist.", "error")
                return HTTPFound(location=self.request.route_path("user_profile"))
            else:
                payment = self.request.root.payments[payment_id]
                if payment.owner != self.user:
                    self.request.session.flash("The requested payment could not be found on your account.", "error")
                    return HTTPFound(location=self.request.route_path("user_profile"))
                elif payment.paid:
                    self.request.session.flash("The requested payment has already been completed, no need to alter the payment.", "error")
                    return HTTPFound(location=self.request.route_path("user_profile"))
        # Get method, processing fee & other parameters
        method = method[0]
        process_fee = method.settings[PROP.PAYMENT_PROCESSING_FEE].value
        org_name = method.get_value(PROP.ORGANISATION_NAME)
        account_number = method.get_value(PROP.BANK_ACCOUNT)
        sort_code = method.get_value(PROP.BANK_SORT_CODE)
        
        if payment_id == None:
            tickets = [x for x in self.user.tickets if x.payment == None]
            if len(tickets) == 0:
                return HTTPFound(location=self.request.route_path("buy_tickets"))

            subtotal = 0
            for tick in tickets:
                subtotal += tick.total_cost
            processing = process_fee
            total = subtotal + processing

            if "action" in self.request.GET and self.request.GET["action"] == "pay":
                if "payment_id" in self.request.session:
                    ref_code = self.request.session["payment_id"]
                    payment = Issuer(self.request.root).constructPayment(
                        user_id=self.user.__name__,
                        paid=False,
                        ref_code=ref_code
                    )
                    stage = PaymentStage()
                    stage.__parent__ = payment
                    stage.method = "banktransfer"
                    stage.processing_charge = processing
                    stage.stage_owner = self.user.__name__
                    payment.history.append(stage)
                    return HTTPFound(location=self.request.route_path("pay_confirm"))

            if not "payment_id" in self.request.session: # NEED TO CHECK FOR UNIQUENESS
                self.request.session["payment_id"] = Coding().generateUniqueCode(short=True,withdash=False)
        
            return {
                "method":           method,
                "subtotal":         self.format_price(subtotal),
                "processing":       self.format_price(processing),
                "total":            self.format_price(total),
                "org_name":         org_name,
                "alteration":       False,
                "account_number":   account_number,
                "sort_code":        sort_code,
                "payment_id":       self.request.session["payment_id"],
                "payment":          None,
                "due_date":         (datetime.now() + timedelta(days=self.payment_window)).strftime("%d/%m/%Y"),
            }
        else:
            subtotal = payment.amount_remaining
            processing = process_fee
            total = subtotal + processing
            if payment.current_method == "banktransfer":
                subtotal = payment.current_stage.amount_remaining
                processing = payment.current_stage.processing_charge
                total = subtotal + processing
            if "action" in self.request.GET and self.request.GET["action"] == "pay":
                # Don't bother adding a payment stage if we are already paying this way!
                if payment.current_method != "banktransfer":
                    # Add a new stage to the payment
                    new_stage = PaymentStage()
                    new_stage.__parent__ = payment
                    new_stage.method = "banktransfer"
                    new_stage.method_change = True
                    new_stage.processing_charge = processing
                    new_stage.stage_owner = self.user.__name__
                    payment.history.append(new_stage)
                # Forward on to the correct place
                return HTTPFound(location=self.request.route_path("alter_confirm", payment_id=payment_id))

            return {
                "method":           method,
                "subtotal":         self.format_price(subtotal),
                "processing":       self.format_price(processing),
                "total":            self.format_price(total),
                "org_name":         org_name,
                "alteration":       True,
                "account_number":   account_number,
                "sort_code":        sort_code,
                "payment_id":       payment_id,
                "payment":          payment,
                "due_date":         (datetime.now() + timedelta(days=self.payment_window)).strftime("%d/%m/%Y"),
            }