Skip to content

Fkm/new session system #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Gabrimari merged 5 commits into from
Oct 23, 2025
Merged

Fkm/new session system #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
99ca1c5
Store session identifier in payment instead of cookie.
Gabrimari Sep 23, 2025
1b0f010
Update frontend to use new session identifiers.
Gabrimari Sep 23, 2025
7a90738
Update views such that email address is handled by reserve ticket ins…
Gabrimari Sep 24, 2025
fae0e5a
Update docs with new endpoint information.
Gabrimari Sep 24, 2025
f7ae42f
Atomically update payment started
JonathanGodar Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions backend/bittan/bittan/models/payment.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
import secrets
import string

from django.db import models

def generate_id(size: int=12) -> str:
return "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(size))

class PaymentStatus(models.TextChoices):
RESERVED = "RESERVED"
PAID = "PAID"
Expand All @@ -20,3 +26,4 @@ class Payment(models.Model):
payment_started = models.BooleanField(default=False)
payment_method = models.TextField(choices=PaymentMethod, null=True, blank=True)
time_paid = models.DateTimeField(null=True, blank=True)
id = models.CharField(primary_key=True, max_length=12, default=generate_id)
16 changes: 9 additions & 7 deletions backend/bittan/bittan/tests/cleaner/test_cleaner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ def test_cleans_correctly(self, mock_now):
"/reserve_ticket/",
{
"chapter_event": str(self.ce1.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -51,7 +52,7 @@ def test_cleans_correctly(self, mock_now):

call_command("run_cleaner")

payment_id = self.client.session["reserved_payment"]
payment_id = reservation_res.data
payment = Payment.objects.get(pk=payment_id)

self.assertEqual(payment.status, PaymentStatus.RESERVED, "Payment was cleaned when still alive. ")
Expand All @@ -67,6 +68,7 @@ def test_ignores_payment_started(self, mock_now):
"/reserve_ticket/",
{
"chapter_event": str(self.ce1.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -80,12 +82,12 @@ def test_ignores_payment_started(self, mock_now):
if reservation_res.status_code != 201:
raise Exception("Failed to perform reservation of tickets in preparation for testing test_expired_session_out_of_tickets.")

payment_id = self.client.session["reserved_payment"]
payment_id = reservation_res.data

_ = self.client.post(
"/start_payment/",
{
"email_address": "mail@mail.com"
"session_id": payment_id
}
)

Expand All @@ -109,26 +111,26 @@ def setUp(self):
swish_id = "a",
status = PaymentStatus.RESERVED,
email = "abc"
).id
).pk
self.payment_expires_future_id = Payment.objects.create(
expires_at = NOW + datetime.timedelta(minutes=5),
swish_id = "b",
status = PaymentStatus.RESERVED,
email = "abc"
).id
).pk
self.payment_paid_id = Payment.objects.create(
expires_at = NOW,
swish_id = "c",
status = PaymentStatus.PAID,
email = "abc"
).id
).pk
self.payment_started_id = Payment.objects.create(
expires_at = NOW,
swish_id = "d",
status = PaymentStatus.RESERVED,
email = "abc",
payment_started=True
).id
).pk

def test_disables_expired(self):
self.assertEqual(
Expand Down
26 changes: 20 additions & 6 deletions backend/bittan/bittan/tests/views/test_reserve_ticket.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ def test_reserve_ticket(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -42,14 +43,18 @@ def test_reserve_ticket(self):
},
content_type="application/json"
)
payment_pk = Payment.objects.first().pk
payment_email = Payment.objects.first().email
self.assertEqual(response.status_code, 201, "/reserve_ticket/ did not return status code 201 correctly. ")
self.assertIsNotNone(response.cookies.get("sessionid", None), "/reserve_ticket/ did not give a session cookie. ")
self.assertEqual(response.data, payment_pk)
self.assertEqual(payment_email, "mail@mail.com")

def test_too_many_tickets(self):
response = self.client.post(
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -66,6 +71,7 @@ def test_out_of_tickets(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -85,6 +91,7 @@ def test_out_of_tickets(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -101,6 +108,7 @@ def test_negative_tickets(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -117,6 +125,7 @@ def test_zero_tickets(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket2.pk,
Expand All @@ -134,6 +143,7 @@ def test_nonexisting_chapter_event(self):
"/reserve_ticket/",
{
"chapter_event": event_id,
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -154,6 +164,7 @@ def test_double_reservation(self):
"/reserve_ticket/",
{
"chapter_event": self.test_event.pk,
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -170,13 +181,14 @@ def test_double_reservation(self):
if r1.status_code != 201:
raise Exception("Failed to perform reservation of tickets in preparation for testing test_double_reservation.")

s1 = r1.cookies.get("sessionid")
p1_id = self.client.session["reserved_payment"]
p1_id = r1.data

r2 = self.client.post(
"/reserve_ticket/",
{
"chapter_event": self.test_event.pk,
"session_id": p1_id,
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -192,11 +204,10 @@ def test_double_reservation(self):
)
self.assertEqual(r2.status_code, 201)
p1 = Payment.objects.get(pk=p1_id)
s2 = r2.cookies.get("sessionid")
p2_id = self.client.session["reserved_payment"]
p2_id = r2.data
p2 = Payment.objects.get(pk=p2_id)

self.assertNotEqual(s1, s2, "/reserve_ticket/ did not replace the old session when double booking.")
self.assertNotEqual(p1_id, p2_id, "/reserve_ticket/ did not replace the old session when double booking.")
self.assertEqual(p1.status, PaymentStatus.FAILED_EXPIRED_RESERVATION)
self.assertEqual(p2.status, PaymentStatus.RESERVED)

Expand All @@ -205,6 +216,7 @@ def test_nonexisting_ticket_type(self):
"/reserve_ticket/",
{
"chapter_event": self.test_event.pk,
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": max(self.test_ticket.pk, self.test_ticket2.pk, self.secret_ticket.pk) + 1,
Expand All @@ -224,6 +236,7 @@ def test_nonexisting_ticket_type(self):
"/reserve_ticket/",
{
"chapter_event": self.test_event.pk,
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.secret_ticket.pk,
Expand All @@ -244,6 +257,7 @@ def test_invalid_json_format(self):
"/reserve_ticket/",
{
"chapter_event": self.test_event.pk,
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand Down
47 changes: 22 additions & 25 deletions backend/bittan/bittan/tests/views/test_start_payment.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ def setUp(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -38,6 +39,7 @@ def setUp(self):
},
content_type="application/json"
)
self.session_id = self.reservation_response.data

self.swish = Swish.get_instance()

Expand All @@ -46,14 +48,13 @@ def test_start_payment(self):
response = self.client.post(
"/start_payment/",
{
"email_address": mail_address
"session_id": self.session_id
}
)

self.assertEqual(response.status_code, 200)

payment_id = self.client.session["reserved_payment"]
payment = Payment.objects.get(pk=payment_id)
payment = Payment.objects.get(pk=self.session_id)
swish_payment_request = self.swish.get_payment_request(payment.swish_id)

self.assertEqual(payment.payment_started, True)
Expand All @@ -62,30 +63,27 @@ def test_start_payment(self):
self.assertEqual(payment.payment_method, PaymentMethod.SWISH)
self.assertEqual(swish_payment_request.amount, 4*self.test_ticket.price)

def test_invalid_mail(self):
def test_no_session_id(self):
response = self.client.post(
"/start_payment/",
{
"email_address": "dsjklasdfljka"
"email_address": "mail@mail.com",
}
)

self.assertEqual(response.status_code, 400)

def test_invalid_session_token(self):
new_client = Client()
response = new_client.post(
def test_non_existent_session_id(self):
response = self.client.post(
"/start_payment/",
{
"email_address": "mail@mail.com"
"email_address": "mail@mail.com",
"session_id": "Existerar ej"
}
)

self.assertEqual(response.status_code, 400)
self.assertEqual(response.status_code, 404)

def test_expired_session_out_of_tickets(self):
payment_id = self.client.session["reserved_payment"]
payment = Payment.objects.get(pk=payment_id)
payment = Payment.objects.get(pk=self.session_id)
payment.status = PaymentStatus.FAILED_EXPIRED_RESERVATION
payment.save()

Expand All @@ -94,6 +92,7 @@ def test_expired_session_out_of_tickets(self):
"/reserve_ticket/",
{
"chapter_event": str(self.test_event.pk),
"email_address": "mail@mail.com",
"tickets": [
{
"ticket_type": self.test_ticket.pk,
Expand All @@ -110,12 +109,12 @@ def test_expired_session_out_of_tickets(self):
response = self.client.post(
"/start_payment/",
{
"email_address": "mail@mail.com"
"session_id": self.session_id
}
)
self.assertEqual(response.status_code, 408)
payment_id = self.client.session["reserved_payment"]
payment = Payment.objects.get(pk=payment_id)

payment = Payment.objects.get(pk=self.session_id)
self.assertEqual(payment.status, PaymentStatus.FAILED_EXPIRED_RESERVATION)
self.assertEqual(payment.payment_started, False)

Expand All @@ -124,23 +123,21 @@ def test_expired_session_rebook_tickets(self, mock_now):
now = datetime(1970, 1, 1, tzinfo=timezone.timezone.utc)
mock_now.return_value = now

payment_id = self.client.session["reserved_payment"]
payment = Payment.objects.get(pk=payment_id)
payment = Payment.objects.get(pk=self.session_id)
payment.status = PaymentStatus.FAILED_EXPIRED_RESERVATION
payment.save()

mail_address = "mail@mail.com"
response = self.client.post(
"/start_payment/",
{
"email_address": mail_address
"session_id": self.session_id
}
)

self.assertEqual(response.status_code, 200)

payment_id = self.client.session["reserved_payment"]
payment = Payment.objects.get(pk=payment_id)
payment = Payment.objects.get(pk=self.session_id)
swish_payment_request = self.swish.get_payment_request(payment.swish_id)

self.assertEqual(payment.payment_started, True)
Expand All @@ -153,16 +150,16 @@ def test_expired_session_rebook_tickets(self, mock_now):
def test_already_paid_payment(self):
mail_address = "mail@mail.com"

payment_id = self.client.session["reserved_payment"]
payment = Payment.objects.get(pk=payment_id)
payment = Payment.objects.get(pk=self.session_id)
payment.status = PaymentStatus.PAID
payment.save()

response = self.client.post(
"/start_payment/",
{
"email_address": mail_address
"session_id": self.session_id
}
)

self.assertEqual(response.status_code, 403)

6 changes: 3 additions & 3 deletions backend/bittan/bittan/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,14 @@
path(_prefix+'get_chapterevents/', get_chapter_events),
path(_prefix+'validate_ticket/', validate_ticket),
path(_prefix+"reserve_ticket/", reserve_ticket),
path(_prefix+'session_payment_status/', get_session_payment_status),
path(_prefix+'session_payment_status/<slug:session_id>', get_session_payment_status),
path(_prefix+"start_payment/", start_payment),
path(_prefix+"generate_qr/<str:token>", get_qr),
path(_prefix+"accounts/login/", django_views.LoginView.as_view(), name="login"),
path(_prefix+"accounts/logout", django_views.LogoutView.as_view(), name="logout"),
path(_prefix+"staff/", staff_dashboard, name="staff_dashboard"),
path(_prefix+"staff/update_payment/<int:payment_id>/", update_payment, name="update_payment"),
path(_prefix+"staff/update_tickets/<int:payment_id>/", update_tickets, name="update_tickets"),
path(_prefix+"staff/update_payment/<slug:payment_id>/", update_payment, name="update_payment"),
path(_prefix+"staff/update_tickets/<slug:payment_id>/", update_tickets, name="update_tickets"),
path(_prefix+"staff/create_tickets", create_tickets , name="create_tickets"),
path(_prefix+"staff/resend_email", resend_email),
path(_prefix+"staff/filter_ticket_type_by_chapter_event/<int:chapter_event_id>/", filter_ticket_type_from_chapter_event),
Expand Down
Loading