lingo: check user is logged in before paying basket items (#18267)
This commit is contained in:
parent
9697bc9c7c
commit
9cc28f57be
|
@ -295,7 +295,9 @@ class PayView(View):
|
|||
@atomic
|
||||
def post(self, request, *args, **kwargs):
|
||||
regie_id = request.POST.get('regie')
|
||||
next_url = request.POST.get('next_url')
|
||||
next_url = request.POST.get('next_url') or '/'
|
||||
|
||||
user = request.user if request.user.is_authenticated() else None
|
||||
|
||||
remote_items = []
|
||||
items = []
|
||||
|
@ -303,11 +305,15 @@ class PayView(View):
|
|||
regie = Regie.objects.get(pk=regie_id)
|
||||
# get all items data from regie webservice
|
||||
for item_id in request.POST.getlist('item'):
|
||||
remote_items.append(regie.get_invoice(request.user, item_id))
|
||||
remote_items.append(regie.get_invoice(user, item_id))
|
||||
else:
|
||||
if user is None:
|
||||
messages.error(request, _(u'Payment requires to be logged in.'))
|
||||
return HttpResponseRedirect(next_url)
|
||||
|
||||
if not regie_id:
|
||||
# take all items but check they're from the same regie
|
||||
items = BasketItem.get_items_to_be_paid(user=self.request.user)
|
||||
items = BasketItem.get_items_to_be_paid(user=user)
|
||||
regie_id = items[0].regie_id
|
||||
for item in items:
|
||||
if item.regie_id != regie_id:
|
||||
|
@ -316,15 +322,15 @@ class PayView(View):
|
|||
|
||||
regie = Regie.objects.get(id=regie_id)
|
||||
|
||||
regie.compute_extra_fees(user=self.request.user)
|
||||
items = BasketItem.get_items_to_be_paid(user=self.request.user).filter(regie=regie)
|
||||
regie.compute_extra_fees(user=user)
|
||||
items = BasketItem.get_items_to_be_paid(user=user).filter(regie=regie)
|
||||
|
||||
transaction = Transaction()
|
||||
if request.user.is_authenticated():
|
||||
transaction.user = request.user
|
||||
email = request.user.email
|
||||
firstname = request.user.first_name
|
||||
lastname = request.user.last_name
|
||||
if user:
|
||||
transaction.user = user
|
||||
email = user.email
|
||||
firstname = user.first_name
|
||||
lastname = user.last_name
|
||||
else:
|
||||
transaction.user = None
|
||||
if not request.POST.get('email'):
|
||||
|
|
|
@ -239,6 +239,19 @@ def test_pay_multiple_regies(app, key, regie, user):
|
|||
qs = urlparse.parse_qs(urlparse.urlparse(resp.location).query)
|
||||
assert qs['amount'] == ['22.23']
|
||||
|
||||
def test_pay_as_anonymous_user(app, key, regie, user):
|
||||
test_add_amount_to_basket(key, regie, user)
|
||||
|
||||
page = Page(title='xxx', slug='test_basket_cell', template_name='standard')
|
||||
page.save()
|
||||
cell = LingoBasketCell(page=page, placeholder='content', order=0)
|
||||
cell.save()
|
||||
|
||||
resp = login_app(app).get(page.get_online_url())
|
||||
app.cookiejar.clear(domain='testserver.local', path='/', name='sessionid')
|
||||
resp = resp.forms[0].submit().follow()
|
||||
assert 'Payment requires to be logged in.' in resp.body
|
||||
|
||||
def test_cancel_basket_item(key, regie, user):
|
||||
user_email = 'foo@example.com'
|
||||
User.objects.get_or_create(email=user_email)
|
||||
|
|
Loading…
Reference in New Issue