Django>=1.11

pinax-theme-bootstrap==7.3.0

pinax-eventlog==1.1.1

django-formset-js==0.5.0

dj-static==0.0.6

dj-database-url==0.4.2

pylibmc==1.5.1

django-debug-toolbar>=1.7

django-bootstrap-form

djangosaml2

django-gapc-storage>=0.4.1

# database

mysqlclient>=1.3.3

# For testing

django-nose>=1.4.4

coverage==4.0.3

# Symposion reqs

django-appconf==1.0.1

django-model-utils>=3.0.0

django-reversion==1.10.1

django-sitetree>=1.8.0

django-taggit==0.18.0

django-timezone-field>=2.0

easy-thumbnails>=2.4.1

bleach

pytz==2015.7

django-ical==1.4

django-nested-admin==2.2.6

# Registripe

django-countries>=4.3

pinax-stripe==3.2.1

requests>=2.11.1

stripe==1.38.0

from .reporting import views as rv

from django.conf.urls import include

from django.conf.urls import url

from .views import (

    amend_registration,

    user_badge,

    badge,

    badger,

    checkout,

    credit_note,

    edit_profile,

    extend_reservation,

    guided_registration,

    invoice,

    invoice_access,

    invoice_mailout,

    manual_payment,

    product_category,

    refund,

    review,

    voucher_code,

)

public = [

    url(r"^amend/([0-9]+)$", amend_registration, name="amend_registration"),

    url(r"^mybadge$", user_badge, name="user_badge"),

    url(r"^badge/([0-9]+)$", badge, name="badge"),

    url(r"^badger/([A-Za-z0-9]+)$", badger, name="badger"),

    url(r"^badger/", badger, name="badger"),

    url(r"^category/([0-9]+)$", product_category, name="product_category"),

    url(r"^checkout$", checkout, name="checkout"),

    url(r"^checkout/([0-9]+)$", checkout, name="checkout"),

    url(r"^credit_note/([0-9]+)$", credit_note, name="credit_note"),

    url(r"^extend/([0-9]+)$", extend_reservation, name="extend_reservation"),

    url(r"^invoice/([0-9]+)$", invoice, name="invoice"),

    url(r"^invoice/([0-9]+)/([A-Z0-9]+)$", invoice, name="invoice"),

    url(r"^invoice/([0-9]+)/manual_payment$",

        manual_payment, name="manual_payment"),

    url(r"^invoice/([0-9]+)/refund$",

        refund, name="refund"),

    url(r"^invoice_access/([A-Z0-9]+)$", invoice_access,

        name="invoice_access"),

    url(r"^invoice_mailout$", invoice_mailout, name="invoice_mailout"),

    url(r"^profile$", edit_profile, name="attendee_edit"),

    url(r"^review$", review, name="review"),

    url(r"^voucher$", voucher_code, name="voucher_code"),

    url(r"^register$", guided_registration, name="guided_registration"),

    url(r"^register/([0-9]+)$", guided_registration,

        name="guided_registration"),

]

reports = [

    url(r"^$", rv.reports_list, name="reports_list"),

    url(r"^attendee/?$", rv.attendee, name="attendee"),

    url(r"^attendee_data/?$", rv.attendee_data, name="attendee_data"),

    url(r"^attendee/([0-9]*)$", rv.attendee, name="attendee"),

    url(r"^credit_notes/?$", rv.credit_notes, name="credit_notes"),

    url(r"^limits/?$", rv.limits, name="reconciliation"),

    url(r"^manifest/?$", rv.manifest, name="manifest"),

    url(

        r"^product_line_items/?$",

        rv.product_line_items,

        name="product_line_items",

    ),

    url(r"^discount_status/?$", rv.discount_status, name="discount_status"),

    url(r"^invoices/?$", rv.invoices, name="invoices"),

    url(

        r"^paid_invoices_by_date/?$",

        rv.paid_invoices_by_date,

        name="paid_invoices_by_date"

    ),

    url(r"^product_status/?$", rv.product_status, name="product_status"),

    url(r"^reconciliation/?$", rv.reconciliation, name="reconciliation"),

    url(

        r"^speaker_registrations/?$",

        rv.speaker_registrations,

        name="speaker_registrations",

    ),

]

urlpatterns = [

    url(r"^reports/", include(reports)),

    url(r"^", include(public))  # This one must go last.

]

import datetime

import zipfile

import os

import logging

from django.contrib import messages

from . import forms

from . import util

from .models import commerce

from .models import inventory

from .models import people

from .controllers.batch import BatchController

from .controllers.cart import CartController

from .controllers.category import CategoryController

from .controllers.credit_note import CreditNoteController

from .controllers.discount import DiscountController

from .controllers.invoice import InvoiceController

from .controllers.item import ItemController

from .controllers.product import ProductController

from .exceptions import CartValidationError

from collections import namedtuple

from django import forms as django_forms

from django.conf import settings

from django.contrib.auth.decorators import login_required

from django.contrib.auth.decorators import user_passes_test

from django.contrib.auth.models import User

from django.contrib import messages

from django.core.exceptions import ObjectDoesNotExist

from django.core.exceptions import ValidationError

from django.core.mail import send_mass_mail

from django.http import Http404, HttpResponse

from django.shortcuts import redirect

from django.shortcuts import render

from django.template import Context, Template, loader

from lxml import etree

from copy import deepcopy

from registrasion.forms import BadgeForm, ticket_selection

from registrasion.contrib.badger import (

                                         collate,

                                         svg_badge,

                                         InvalidTicketChoiceError

                                         )

_GuidedRegistrationSection = namedtuple(

    "GuidedRegistrationSection",

    (

        "title",

        "discounts",

        "description",

        "form",

    )

)

@util.all_arguments_optional

class GuidedRegistrationSection(_GuidedRegistrationSection):

    ''' Represents a section of a guided registration page.

    Attributes:

       title (str): The title of the section.

       discounts ([registrasion.contollers.discount.DiscountAndQuantity, ...]):

            A list of discount objects that are available in the section. You

            can display ``.clause`` to show what the discount applies to, and

            ``.quantity`` to display the number of times that discount can be

            applied.

       description (str): A description of the section.

       form (forms.Form): A form to display.

    '''

    pass

@login_required

def guided_registration(request, page_number=None):

    ''' Goes through the registration process in order, making sure user sees

    all valid categories.

    The user must be logged in to see this view.

    Parameter:

        page_number:

            1) Profile form (and e-mail address?)

            2) Ticket type

            3) Remaining products

            4) Mark registration as complete

    Returns:

        render: Renders ``registrasion/guided_registration.html``,

            with the following data::

                {

                    "previous_step": int(),  # Previous step

                    "current_step": int(),  # The current step in the

                                            # registration

                    "sections": sections,   # A list of

                                            # GuidedRegistrationSections

                    "title": str(),         # The title of the page

                    "total_steps": int(),   # The total number of steps

                }

    '''

    PAGE_PROFILE = 1

    PAGE_TICKET = 2

    PAGE_TERMS = 3

    PAGE_PRODUCTS = 4

    PAGE_PRODUCTS_MAX = 5

    TOTAL_PAGES = 5

    ticket_category = inventory.Category.objects.get(

        id=settings.TICKET_PRODUCT_CATEGORY

    )

    cart = CartController.for_user(request.user)

    attendee = people.Attendee.get_instance(request.user)

    # This guided registration process is only for people who have

    # not completed registration (and has confusing behaviour if you go

    # back to it.)

    if attendee.completed_registration:

        return redirect(review)

    # Calculate the current maximum page number for this user.

    has_profile = hasattr(attendee, "attendeeprofilebase")

    if not has_profile:

        # If there's no profile, they have to go to the profile page.

        max_page = PAGE_PROFILE

        redirect_page = PAGE_PROFILE

    else:

        # We have a profile.

        # Do they have a ticket?

        products = inventory.Product.objects.filter(

            productitem__cart=cart.cart

        )

        tickets = products.filter(category=ticket_category)

        if tickets.count() == 0:

            # If no ticket, they can only see the profile or ticket page.

            max_page = PAGE_TICKET

            redirect_page = PAGE_TICKET

        elif products.count() == 1:

            # They have a ticket, now to accept terms and conditions

            max_page = PAGE_TERMS

            redirect_page = PAGE_TERMS

        else:

            # If there's a ticket, they should *see* the general products page#

            # but be able to go to the overflow page if needs be.

            max_page = PAGE_PRODUCTS_MAX

            redirect_page = PAGE_PRODUCTS

    if page_number is None or int(page_number) > max_page:

        return redirect("guided_registration", redirect_page)

    page_number = int(page_number)

    prev_step = page_number - 1

    next_step = redirect("guided_registration", page_number + 1)

    with BatchController.batch(request.user):

        # This view doesn't work if the conference has sold out.

        available = ProductController.available_products(

            request.user, category=ticket_category

        )

        if not available:

            messages.error(request, "There are no more tickets available.")

            return redirect("dashboard")

        sections = []

        # Build up the list of sections

        if page_number == PAGE_PROFILE:

            # Profile bit

            title = "Attendee information"

            sections = _guided_registration_profile_and_voucher(request)

        elif page_number == PAGE_TICKET:

            # Select ticket

            title = "Select ticket type"

            sections = _guided_registration_products(

                request, GUIDED_MODE_TICKETS_ONLY

            )

        elif page_number == PAGE_TERMS:

            # Accept terms

            title = "Terms and Conditions"

            sections = _guided_registration_products(

                request, GUIDED_MODE_TERMS

            )

        elif page_number == PAGE_PRODUCTS:

            # Select additional items

            title = "Additional items"

            sections = _guided_registration_products(

                request, GUIDED_MODE_ALL_ADDITIONAL

            )

        elif page_number == PAGE_PRODUCTS_MAX:

            # Items enabled by things on page 3 -- only shows things

            # that have not been marked as complete.

            title = "More additional items"

            sections = _guided_registration_products(

                request, GUIDED_MODE_EXCLUDE_COMPLETE

            )

        if not sections:

            # We've filled in every category

            attendee.completed_registration = True

            attendee.save()

            return redirect("review")

        if sections and request.method == "POST":

            for section in sections:

                if section.form.errors:

                    break

            else:

                # We've successfully processed everything

                return next_step

    data = {

        "previous_step": prev_step,

        "current_step": page_number,

        "sections": sections,

        "title": title,

        "total_steps": TOTAL_PAGES,

    }

    return render(request, "registrasion/guided_registration.html", data)

GUIDED_MODE_TICKETS_ONLY = 2

GUIDED_MODE_TERMS = 3

GUIDED_MODE_ALL_ADDITIONAL = 4

GUIDED_MODE_EXCLUDE_COMPLETE =5

@login_required

def _guided_registration_products(request, mode):

    sections = []

    SESSION_KEY = "guided_registration"

    MODE_KEY = "mode"

    CATS_KEY = "cats"

    attendee = people.Attendee.get_instance(request.user)

    # Get the next category

    cats = inventory.Category.objects.order_by("order")  # TODO: default order?

    # Fun story: If _any_ of the category forms result in an error, but other

    # new products get enabled with a flag, those new products will appear.

    # We need to make sure that we only display the products that were valid

    # in the first place. So we track them in a session, and refresh only if

    # the page number does not change. Cheap!

    if SESSION_KEY in request.session:

        session_struct = request.session[SESSION_KEY]

        old_mode = session_struct[MODE_KEY]

        old_cats = session_struct[CATS_KEY]

    else:

        old_mode = None

        old_cats = []

    if mode == old_mode:

        cats = cats.filter(id__in=old_cats)

    elif mode == GUIDED_MODE_TICKETS_ONLY:

        cats = cats.filter(id=settings.TICKET_PRODUCT_CATEGORY)

    elif mode == GUIDED_MODE_ALL_ADDITIONAL:

        cats = cats.exclude(id=settings.TICKET_PRODUCT_CATEGORY)

    elif mode == GUIDED_MODE_EXCLUDE_COMPLETE:

        cats = cats.exclude(id=settings.TICKET_PRODUCT_CATEGORY)

        cats = cats.exclude(id__in=old_cats)

    # We update the session key at the end of this method

    # once we've found all the categories that have available products

    all_products = inventory.Product.objects.filter(

        category__in=cats,

    ).select_related("category")

    seen_categories = []

    with BatchController.batch(request.user):

        available_products = set(ProductController.available_products(

            request.user,

            products=all_products,

        ))

        if len(available_products) == 0:

            return []

        has_errors = False

        for category in cats:

            products = [

                i for i in available_products

                if i.category == category

            ]

            prefix = "category_" + str(category.id)

            p = _handle_products(request, category, products, prefix)

            products_form, discounts, products_handled = p

            section = GuidedRegistrationSection(

                title=category.name,

                description=category.description,

                discounts=discounts,

                form=products_form,

            )

            if products:

                # This product category has items to show.

                sections.append(section)

                seen_categories.append(category)

    # Update the cache with the newly calculated values

    cat_ids = [cat.id for cat in seen_categories]

    request.session[SESSION_KEY] = {MODE_KEY: mode, CATS_KEY: cat_ids}

    return sections

@login_required

def _guided_registration_profile_and_voucher(request):

    voucher_form, voucher_handled = _handle_voucher(request, "voucher")

    profile_form, profile_handled = _handle_profile(request, "profile")

    voucher_section = GuidedRegistrationSection(

        title="Voucher Code",

        form=voucher_form,

    )

    profile_section = GuidedRegistrationSection(

        title="Profile and Personal Information",

        form=profile_form,

        description=("<div class=\"text-info\"><em>You can come back and edit these details any time before January 15, "

                     "2018.</em></div>"),

    )

    return [voucher_section, profile_section]

@login_required

def review(request):

    ''' View for the review page. '''

    return render(

        request,

        "registrasion/review.html",

        {},

    )

@login_required

def edit_profile(request):

    ''' View for editing an attendee's profile

    The user must be logged in to edit their profile.

    Returns:

        redirect or render:

            In the case of a ``POST`` request, it'll redirect to ``dashboard``,

            or otherwise, it will render ``registrasion/profile_form.html``

            with data::

                {

                    "form": form,  # Instance of ATTENDEE_PROFILE_FORM.

                }

    '''

    form, handled = _handle_profile(request, "profile")

    if handled and not form.errors:

        messages.success(

            request,

            "Your attendee profile was updated.",

        )

        return redirect("dashboard")

    data = {

        "form": form,

    }

    return render(request, "registrasion/profile_form.html", data)

# Define the attendee profile form, or get a default.

try:

    ProfileForm = util.get_object_from_name(settings.ATTENDEE_PROFILE_FORM)

except:

    class ProfileForm(django_forms.ModelForm):

        class Meta:

            model = util.get_object_from_name(settings.ATTENDEE_PROFILE_MODEL)

            exclude = ["attendee"]

def _handle_profile(request, prefix):

    ''' Returns a profile form instance, and a boolean which is true if the

    form was handled. '''

    attendee = people.Attendee.get_instance(request.user)

    try:

        profile = attendee.attendeeprofilebase

        profile = people.AttendeeProfileBase.objects.get_subclass(

            pk=profile.id,

        )

    except ObjectDoesNotExist:

        profile = None

    # Load a pre-entered name from the speaker's profile,

    # if they have one.

    try:

        speaker_profile = request.user.speaker_profile

        speaker_name = speaker_profile.name

    except ObjectDoesNotExist:

        speaker_name = None

    name_field = ProfileForm.Meta.model.name_field()

    initial = {}

    if profile is None and name_field is not None:

        initial[name_field] = speaker_name

    form = ProfileForm(

        request.POST or None,

        initial=initial,

        instance=profile,

        prefix=prefix

    )

    handled = True if request.POST else False

    if request.POST and form.is_valid():

        form.instance.attendee = attendee

        form.save()

    return form, handled

@login_required

def product_category(request, category_id):

    ''' Form for selecting products from an individual product category.

    Arguments:

        category_id (castable to int): The id of the category to display.

    Returns:

        redirect or render:

            If the form has been sucessfully submitted, redirect to

            ``dashboard``. Otherwise, render

            ``registrasion/product_category.html`` with data::

                {

                    "category": category,         # An inventory.Category for

                                                  # category_id

                    "discounts": discounts,       # A list of

                                                  # DiscountAndQuantity

                    "form": products_form,        # A form for selecting

                                                  # products

                    "voucher_form": voucher_form, # A form for entering a

                                                  # voucher code

                }

    '''

    PRODUCTS_FORM_PREFIX = "products"

    VOUCHERS_FORM_PREFIX = "vouchers"

    # Handle the voucher form *before* listing products.

    # Products can change as vouchers are entered.

    v = _handle_voucher(request, VOUCHERS_FORM_PREFIX)

    voucher_form, voucher_handled = v

    category_id = int(category_id)  # Routing is [0-9]+

    category = inventory.Category.objects.get(pk=category_id)

    with BatchController.batch(request.user):

        products = ProductController.available_products(

            request.user,

            category=category,

        )

        if not products:

            messages.warning(

                request,

                (

                    "There are no products available from category: " +

                    category.name

                ),

            )

            return redirect("dashboard")

        p = _handle_products(request, category, products, PRODUCTS_FORM_PREFIX)

        products_form, discounts, products_handled = p

    if request.POST and not voucher_handled and not products_form.errors:

        # Only return to the dashboard if we didn't add a voucher code

        # and if there's no errors in the products form

        if products_form.has_changed():

            messages.success(

                request,

                "Your reservations have been updated.",

            )

        return redirect(review)

    data = {

        "category": category,

        "discounts": discounts,

        "form": products_form,

        "voucher_form": voucher_form,

    }

    return render(request, "registrasion/product_category.html", data)

def voucher_code(request):

    ''' A view *just* for entering a voucher form. '''

    VOUCHERS_FORM_PREFIX = "vouchers"

    # Handle the voucher form *before* listing products.

    # Products can change as vouchers are entered.

    v = _handle_voucher(request, VOUCHERS_FORM_PREFIX)

    voucher_form, voucher_handled = v

    if voucher_handled:

        messages.success(request, "Your voucher code was accepted.")

        return redirect("dashboard")

    data = {

        "voucher_form": voucher_form,

    }

    return render(request, "registrasion/voucher_code.html", data)

def _handle_products(request, category, products, prefix):

    ''' Handles a products list form in the given request. Returns the

    form instance, the discounts applicable to this form, and whether the

    contents were handled. '''

    current_cart = CartController.for_user(request.user)

    ProductsForm = forms.ProductsForm(category, products)

    # Create initial data for each of products in category

    items = commerce.ProductItem.objects.filter(

        product__in=products,

        cart=current_cart.cart,

def _set_quantities_from_products_form(products_form, current_cart):

    # Makes id_to_quantity, a dictionary from product ID to its quantity

    quantities = list(products_form.product_quantities())

    id_to_quantity = dict(quantities)

    # Get the actual product objects

    pks = [i[0] for i in quantities]

    products = inventory.Product.objects.filter(

        id__in=pks,

    ).select_related("category").order_by("id")

    quantities.sort(key=lambda i: i[0])

    # Match the product objects to their quantities

    product_quantities = [

        (product, id_to_quantity[product.id]) for product in products

    ]

    try:

        current_cart.set_quantities(product_quantities)

    except CartValidationError as ve:

        for ve_field in ve.error_list:

            product, message = ve_field.message

            products_form.add_product_error(product, message)

def _handle_voucher(request, prefix):

    ''' Handles a voucher form in the given request. Returns the voucher

    form instance, and whether the voucher code was handled. '''

    voucher_form = forms.VoucherForm(request.POST or None, prefix=prefix)

    current_cart = CartController.for_user(request.user)

    if (voucher_form.is_valid() and

            voucher_form.cleaned_data["voucher"].strip()):

        voucher = voucher_form.cleaned_data["voucher"]

        voucher = inventory.Voucher.normalise_code(voucher)

        if len(current_cart.cart.vouchers.filter(code=voucher)) > 0:

            # This voucher has already been applied to this cart.

            # Do not apply code

            handled = False

        else:

            try:

                current_cart.apply_voucher(voucher)

            except Exception as e:

                voucher_form.add_error("voucher", e)

            handled = True

    else:

        handled = False

    return (voucher_form, handled)

@login_required

def checkout(request, user_id=None):

    ''' Runs the checkout process for the current cart.

    If the query string contains ``fix_errors=true``, Registrasion will attempt

    to fix errors preventing the system from checking out, including by

    cancelling expired discounts and vouchers, and removing any unavailable

    products.

    Arguments:

        user_id (castable to int):

            If the requesting user is staff, then the user ID can be used to

            run checkout for another user.

    Returns:

        render or redirect:

            If the invoice is generated successfully, or there's already a

            valid invoice for the current cart, redirect to ``invoice``.

            If there are errors when generating the invoice, render

            ``registrasion/checkout_errors.html`` with the following data::

                {

                    "error_list", [str, ...]  # The errors to display.

                }

    '''

    if user_id is not None:

        if request.user.is_staff:

            user = User.objects.get(id=int(user_id))

        else:

            raise Http404()

    else:

        user = request.user

    current_cart = CartController.for_user(user)

    if "fix_errors" in request.GET and request.GET["fix_errors"] == "true":

        current_cart.fix_simple_errors()

    try:

        current_invoice = InvoiceController.for_cart(current_cart.cart)

    except ValidationError as ve:

        return _checkout_errors(request, ve)

    return redirect("invoice", current_invoice.invoice.id)

def _checkout_errors(request, errors):

    error_list = []

    for error in errors.error_list:

        if isinstance(error, tuple):

            error = error[1]

        error_list.append(error)

    data = {

        "error_list": error_list,

    }

    return render(request, "registrasion/checkout_errors.html", data)

def invoice_access(request, access_code):

    ''' Redirects to an invoice for the attendee that matches the given access

    code, if any.

    If the attendee has multiple invoices, we use the following tie-break:

    - If there's an unpaid invoice, show that, otherwise

    - If there's a paid invoice, show the most recent one, otherwise

    - Show the most recent invoid of all

    Arguments:

        access_code (castable to int): The access code for the user whose

            invoice you want to see.

    Returns:

        redirect:

            Redirect to the selected invoice for that user.

    Raises:

        Http404: If the user has no invoices.

    '''

    invoices = commerce.Invoice.objects.filter(

        user__attendee__access_code=access_code,

    ).order_by("-issue_time")

    if not invoices:

        raise Http404()

    unpaid = invoices.filter(status=commerce.Invoice.STATUS_UNPAID)

    paid = invoices.filter(status=commerce.Invoice.STATUS_PAID)

    if unpaid:

        invoice = unpaid[0]  # (should only be 1 unpaid invoice?)

    elif paid:

        invoice = paid[0]  # Most recent paid invoice

    else:

        invoice = invoices[0]  # Most recent of any invoices

    return redirect("invoice", invoice.id, access_code)

def invoice(request, invoice_id, access_code=None):

    ''' Displays an invoice.

    This view is not authenticated, but it will only allow access to either:

    the user the invoice belongs to; staff; or a request made with the correct

    access code.

    Arguments:

        invoice_id (castable to int): The invoice_id for the invoice you want

            to view.

        access_code (Optional[str]): The access code for the user who owns

            this invoice.

    Returns:

        render: