lingo: check user is logged in before paying basket items (#18267)

This commit is contained in:
Frédéric Péters 2017-11-15 11:19:09 +04:00
parent 9697bc9c7c
commit 9cc28f57be
2 changed files with 29 additions and 10 deletions

View File

@ -295,7 +295,9 @@ class PayView(View):
@atomic
def post(self, request, *args, **kwargs):
regie_id = request.POST.get('regie')
next_url = request.POST.get('next_url')
next_url = request.POST.get('next_url') or '/'
user = request.user if request.user.is_authenticated() else None
remote_items = []
items = []
@ -303,11 +305,15 @@ class PayView(View):
regie = Regie.objects.get(pk=regie_id)
# get all items data from regie webservice
for item_id in request.POST.getlist('item'):
remote_items.append(regie.get_invoice(request.user, item_id))
remote_items.append(regie.get_invoice(user, item_id))
else:
if user is None:
messages.error(request, _(u'Payment requires to be logged in.'))
return HttpResponseRedirect(next_url)
if not regie_id:
# take all items but check they're from the same regie
items = BasketItem.get_items_to_be_paid(user=self.request.user)
items = BasketItem.get_items_to_be_paid(user=user)
regie_id = items[0].regie_id
for item in items:
if item.regie_id != regie_id:
@ -316,15 +322,15 @@ class PayView(View):
regie = Regie.objects.get(id=regie_id)
regie.compute_extra_fees(user=self.request.user)
items = BasketItem.get_items_to_be_paid(user=self.request.user).filter(regie=regie)
regie.compute_extra_fees(user=user)
items = BasketItem.get_items_to_be_paid(user=user).filter(regie=regie)
transaction = Transaction()
if request.user.is_authenticated():
transaction.user = request.user
email = request.user.email
firstname = request.user.first_name
lastname = request.user.last_name
if user:
transaction.user = user
email = user.email
firstname = user.first_name
lastname = user.last_name
else:
transaction.user = None
if not request.POST.get('email'):

View File

@ -239,6 +239,19 @@ def test_pay_multiple_regies(app, key, regie, user):
qs = urlparse.parse_qs(urlparse.urlparse(resp.location).query)
assert qs['amount'] == ['22.23']
def test_pay_as_anonymous_user(app, key, regie, user):
test_add_amount_to_basket(key, regie, user)
page = Page(title='xxx', slug='test_basket_cell', template_name='standard')
page.save()
cell = LingoBasketCell(page=page, placeholder='content', order=0)
cell.save()
resp = login_app(app).get(page.get_online_url())
app.cookiejar.clear(domain='testserver.local', path='/', name='sessionid')
resp = resp.forms[0].submit().follow()
assert 'Payment requires to be logged in.' in resp.body
def test_cancel_basket_item(key, regie, user):
user_email = 'foo@example.com'
User.objects.get_or_create(email=user_email)