QR code validation #677
Draft
QR code validation #677
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…out and updated when any cart is validated before checkout
* Merge master into ticketing * Move ticketing migration to end
This reverts commit 03214af.
Merge frontend ticketing branch into main ticketing feature branch. --------- Co-authored-by: Rohan Gupta <[email protected]> Co-authored-by: dfeng678 <[email protected]> Co-authored-by: alnasir7 <[email protected]> Co-authored-by: Mohamed Abaker <[email protected]> Co-authored-by: DiiZyy <[email protected]> Co-authored-by: printer83mph <[email protected]> Co-authored-by: Avi Upadhyayula <[email protected]> Co-authored-by: cphalen <[email protected]> Co-authored-by: Alexander Kyimpopkin <[email protected]> Co-authored-by: Joy Liu <[email protected]> Co-authored-by: Rohan Moniz <[email protected]> Co-authored-by: joel8019 <[email protected]> Co-authored-by: Eunsoo Shin <[email protected]>
Make TicketsTab not crash
* Add check on event deletion * add cybersource package * Capture context generation + local dev setup instructions (#645) * capture context view * fix populate * move capture context generation to checkout view * Optimize Django ops in cart validation * Use Q objects in cart validation * switch out nginx for local-ssl-proxy --------- Co-authored-by: aviupadhyayula <[email protected]> * fix target origin url * Closes #632 (#648) * This commit resolves #632: - Add logic to interact with the CyberSource API to validate transaction data and also confirm the payment. - Add appropriate error handling for API invocation failures causing transaction failure. - Store the transaction data in a new model `TicketTransactionRecord` for bookkeeping purposes. Each ticket is also associated with an instance of this class. - On transaction success, assign the ticket to the user, remove holds and from cart, and send out confirmation email. * Address PR comments, query opt, and others - More judicious use of `select_for_update`: only lock when updating holder/owner. - Better prefetching/bulk updating throughout the query logic - Return HTTP status codes - Refactor as per PR comments * Validate the transient token's signature - I tested the workflow from `initiate_checkout` to `complete_checkout` and was able to get it working. - Ironed out a few bugs - Add the `reconciliation_id` as a field on the transaction record; could be useful to generate reports. We'll need to figure out what else to store to interact with their reporting API. * Make reconciliation_id nullable to support free tickets * Address nit, refactor ticket count logic to SQL * merge migrations... * pipenv lock again * Pin uwsgi...2.0.25 breaks CI --------- Co-authored-by: aviupadhyayula <[email protected]> Co-authored-by: Rohan Moniz <[email protected]>
* Set & enforce order limit on ticket purchases * Add migration * Default tix order limit to 10 * Consolidate migrations * Check each carted event's order limit * Move limit validation to `add_to_cart` * Fix typo 😔 * Address nits with validation logic * Minor refactor
* Integrate ticket price field into ticket creation/list views, as well into ticket creation frontend. * Enforce non-negative ticket prices at creation * Add frontend checks for fractional/negative ticket count and cost. * Prevent users from entering negative/fractional ticket counts/price for now. --------- Co-authored-by: aviupadhyayula <[email protected]>
* Add group discount fields to ticket model * Ingest group discount info at ticket creation * Add validator for group size * Add comments * Apply discounts when checking out * Remove model-level validators * Remove validators from migration * Improve comments * Minor refactor * Default group_discount to 0 * Remove check for discount in cart calculation * Consolidate validation checks upon ticket creation * Fix typo in validation upon ticket creation
* Owned tickets tab skeleton code. * 🎉 Functional but suspicious code * 🧹 Fix some good practice --------- Co-authored-by: Julian Weng <[email protected]>
* Add test cases for backend ticketing APIs Long overdue addition of tests to the ticketing backend. Tests and fixes all the APIs under the Event and Ticket models. There are more complex workflows with race conditions etc that are not tested, but should be at some point. Unmerged functionality is also not tested yet. * Don't use locked rows to groupby * Set cybersource settings in CI * Address feedback
* Add to cart feature (styling is borked) * 🐛 Broken code * 🐛 fixed * 🎨 Readd event preview * 🧹 Less jank way of doing group discount visibility * 🎨 Address comments and actually type things * 🎨 Address nit --------- Co-authored-by: Julian Weng <[email protected]> Co-authored-by: Eunsoo Shin <[email protected]>
* Use capture context to verify transient token * Add migration * Minor changes to documentation * Add tests * Add comment explaining max char length
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## ticketing #677 +/- ##
=============================================
- Coverage 70.36% 70.15% -0.21%
=============================================
Files 31 31
Lines 6694 6721 +27
=============================================
+ Hits 4710 4715 +5
- Misses 1984 2006 +22 ☔ View full report in Codecov by Sentry. |
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 10282361 | Triggered | Generic High Entropy Secret | 428dd7e | backend/pennclubs/settings/development.py | View secret |
| 9451515 | Triggered | Generic Password | 50b9c0b | .github/workflows/cdkactions_build-and-deploy.yaml | View secret |
| 9451515 | Triggered | Generic Password | 03214af | .github/workflows/cdkactions_build-and-deploy.yaml | View secret |
| 9451515 | Triggered | Generic Password | 80e8201 | .github/workflows/cdkactions_build-and-deploy.yaml | View secret |
| 10282361 | Triggered | Generic High Entropy Secret | 40fb7f7 | backend/pennclubs/settings/ci.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #676