Merge branch 'enext' into organizer-creation

Author: mariobehling

app/.gitignore

@@ -8,4 +8,4 @@ dist/
 *.bak
 eventyay/static/jsi18n/
 node_modules/
-
+.zed

app/eventyay/agenda/templates/agenda/schedule.html

@@ -24,7 +24,7 @@
             </a>
             <hr>
             {% for exporter in exporters %}
-                <a class="dropdown-item" href="{{ exporter.urls.base }}" role="menuitem" tabindex="-1">
+                <a class="dropdown-item" href="{{ exporter.urls.base }}" role="menuitem" tabindex="-1" target="_blank">
                     {% if exporter.icon|slice:":3" == "fa-" %}
                         <span class="fa {{ exporter.icon }} export-icon"></span>
                     {% else %}

app/eventyay/agenda/views/talk.py

@@ -1,5 +1,9 @@
+from enum import StrEnum
+import logging
 import datetime as dt
-from urllib.parse import unquote, urlparse
+from http import HTTPStatus
+from urllib.parse import unquote, urlparse, urljoin
+from typing import TypeVar
 
 import jwt
 import requests
@@ -23,11 +27,27 @@
     PermissionRequired,
     SocialMediaCardMixin,
 )
-from eventyay.base.models import TalkSlot
+from eventyay.base.models import Event, TalkSlot, User
 from eventyay.submission.forms import FeedbackForm
 from eventyay.base.models import Submission, SubmissionStates
 
 
+logger = logging.getLogger(__name__)
+
+
+class TicketCheckResult(StrEnum):
+    HAS_TICKET = 'has_ticket'
+    MISCONFIGURED = 'missing_configuration'
+    NO_TICKET = 'no_ticket'
+
+
+class VideoJoinError(StrEnum):
+    # The string value looks diffrent from the enum name
+    # because other code may depend on this string value.
+    NOT_ALLOWED = 'user_not_allowed'
+    MISCONFIGURED = 'missing_configuration'
+
+
 class TalkMixin(PermissionRequired):
     permission_required = 'base.view_public_submission'
 
@@ -253,82 +273,117 @@ class OnlineVideoJoin(EventPermissionRequired, View):
     permission_required = 'base.view_schedule'
 
     def get(self, request, *args, **kwargs):
-        # First check video is configured or not
-        if (
-            'eventyay_venueless' not in request.event.plugin_list
-            or not request.event.venueless_settings
-            or not request.event.venueless_settings.join_url
-            or not request.event.venueless_settings.secret
-            or not request.event.venueless_settings.issuer
-            or not request.event.venueless_settings.audience
-        ):
-            return HttpResponse(status=403, content='missing_configuration')
-
         if not request.user.is_authenticated:
-            # redirect to login page if user not logged in yet
-            return HttpResponse(status=403, content='user_not_allowed')
-
-        # prepare event data to check from ticket
-        if 'ticket_link' not in request.event.display_settings:
-            return HttpResponse(status=403, content='missing_configuration')
-
-        base_url, organizer, event = self.retrieve_info_from_url(request.event.display_settings['ticket_link'])
-
-        if not organizer or not event or not base_url:
-            return HttpResponse(status=403, content='missing_configuration')
-
-        check_payload = {'user_email': request.user.email}
-
-        # call to ticket to check if user order ticket yet or not
-        response = requests.post(f'{base_url}/api/v1/{organizer}/{event}/ticket-check', json=check_payload)
-
-        if response.status_code != 200:
-            return HttpResponse(status=403, content='user_not_allowed')
-
-        else:
-            # Redirect user to online event
-            iat = dt.datetime.utcnow()
-            exp = iat + dt.timedelta(days=30)
-            profile = {
-                'display_name': request.user.name,
-                'fields': {
-                    'eventyay_id': request.user.code,
-                },
-            }
-            if request.user.avatar_url:
-                profile['profile_picture'] = request.user.get_avatar_url(request.event)
-
-            payload = {
-                'iss': request.event.venueless_settings.issuer,
-                'aud': request.event.venueless_settings.audience,
-                'exp': exp,
-                'iat': iat,
-                'uid': encode_email(request.user.email),
-                'profile': profile,
-                'traits': list(
-                    {
-                        f'eventyay-video-event-{request.event.slug}',
-                    }
-                ),
-            }
-            token = jwt.encode(payload, request.event.venueless_settings.secret, algorithm='HS256')
-
-            return JsonResponse(
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.NOT_ALLOWED)
+
+        # First check video is configured or not
+        if 'pretalx_venueless' not in request.event.plugin_list:
+            logger.info('pretalx_venueless plugin is not enabled.')
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+        event = request.event
+        logger.info('To check settings for event %s', event)
+        if not (venueless_settings := event.venueless_settings):
+            logger.info('venueless settings is missing.')
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+        if not venueless_settings.join_url:
+            logger.info('venueless_settings.join_url is missing.')
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+        if not venueless_settings.secret:
+            logger.info('venueless_settings.secret is missing.')
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+        if not venueless_settings.issuer:
+            logger.info('venueless_settings.issuer is missing.')
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+        if not venueless_settings.audience:
+            logger.info('venueless_settings.audience is missing.')
+            return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+
+        # If the logged-in user does not have "orga.view_schedule" permission, we check
+        # if he/she owns a ticket.
+        if not request.user.has_perm('agenda.view_schedule', event):
+            res = check_user_owning_ticket(request.user, event)
+            if res == TicketCheckResult.NO_TICKET:
+                return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.NOT_ALLOWED)
+            if res == TicketCheckResult.MISCONFIGURED:
+                return HttpResponse(status=HTTPStatus.FORBIDDEN, content=VideoJoinError.MISCONFIGURED)
+
+        # Redirect user to online event
+        iat = dt.datetime.now(dt.UTC)
+        exp = iat + dt.timedelta(days=30)
+        profile = {
+            "display_name": request.user.name,
+            "fields": {
+                "pretalx_id": request.user.code,
+            },
+        }
+        if request.user.avatar_url:
+            profile["profile_picture"] = request.user.get_avatar_url(request.event)
+
+        payload = {
+            "iss": venueless_settings.issuer,
+            "aud": venueless_settings.audience,
+            "exp": exp,
+            "iat": iat,
+            "uid": encode_email(request.user.email),
+            "profile": profile,
+            "traits": list(
                 {
-                    'redirect_url': '{}/#token={}'.format(request.event.venueless_settings.join_url, token).replace(
-                        '//#', '/#'
-                    )
-                },
-                status=200,
-            )
+                    f"eventyay-video-event-{request.event.slug}",
+                }
+            ),
+        }
+        token = jwt.encode(
+            payload, venueless_settings.secret, algorithm="HS256"
+        )
+        redirect_url = urljoin(venueless_settings.join_url, f'#token={token}')
+        logger.info('Redirect URL to Video: %s', redirect_url)
+        return JsonResponse(
+            {
+                'redirect_url': redirect_url
+            },
+            status=HTTPStatus.OK,
+        )
+
 
-    def retrieve_info_from_url(self, url):
-        parsed_url = urlparse(url)
-        ticket_host = settings.EVENTYAY_TICKET_BASE_PATH
-        path = parsed_url.path
-        parts = path.strip('/').split('/')
-        if len(parts) >= 2:
-            organizer, event = parts[-2:]
-            return ticket_host, unquote(organizer), unquote(event)
-        else:
-            return ticket_host, None, None
+_T = TypeVar('_T', str, None)
+# We use TypeVar because the 2nd and 3rd items must be both `str` or both `None` at the same time.
+# The annotation `tuple[str, str | None, str | None]` doesn't satisfy this requirement.
+def extract_event_info_from_url(url: str) -> tuple[str, _T, _T]:
+    parsed_url = urlparse(url)
+    ticket_host = settings.EVENTYAY_TICKET_BASE_PATH
+    path = parsed_url.path
+    parts = path.strip("/").split("/")
+    if len(parts) >= 2:
+        organizer, event = parts[-2:]
+        return ticket_host, unquote(organizer), unquote(event)
+    return ticket_host, None, None
+
+
+def check_user_owning_ticket(user: User, event: Event) -> TicketCheckResult:
+    """
+    Call eventyay-ticket API to check if user owns ticket for this event.
+
+    # NOTE: It doesn't work with the Docker setup for development, because we use fake domain then,
+    and inside the container, the fake domain points to the container itself, not the host.
+    """
+    if 'ticket_link' not in event.display_settings:
+        logger.info('display_settings[ticket_link] is missing.')
+        return TicketCheckResult.MISCONFIGURED
+    base_url, organizer, event = extract_event_info_from_url(
+            event.display_settings['ticket_link']
+        )
+    if not organizer or not event or not base_url:
+        logger.info('display_settings[ticket_link] is not valid.')
+        return TicketCheckResult.MISCONFIGURED
+    check_payload = {'user_email': user.email}
+    # call to ticket to check if user order ticket yet or not
+    api_url = urljoin(base_url, f'api/v1/{organizer}/{event}/ticket-check')
+    logger.info('To call API %s', api_url)
+    # In development, we disable the SSL verification.
+    response = requests.post(api_url, json=check_payload, verify=(not settings.DEBUG))
+
+    if response.status_code != HTTPStatus.OK:
+        logger.debug('Response from eventyay-ticket: %s', response.text)
+        logger.info('user is not allowed to join online event.')
+        return TicketCheckResult.NO_TICKET
+    return TicketCheckResult.HAS_TICKET

app/eventyay/agenda/views/utils.py

@@ -16,7 +16,7 @@
 
 def is_visible(exporter, request, public=False):
     if not public:
-        return request.user.has_perm('base.orga_view_schedule', request.event)
+        return request.user.is_authenticated
     if not request.user.has_perm('base.list_schedule', request.event):
         return False
     if hasattr(exporter, 'is_public'):

app/eventyay/api/serializers/event.py

@@ -778,6 +778,7 @@ class EventSettingsSerializer(SettingsSerializer):
         'primary_font',
         'logo_image',
         'logo_image_large',
+        'event_logo_image',
         'logo_show_title',
         'og_image',
     ]

app/eventyay/base/configurations/default_setting.py

@@ -2055,10 +2055,32 @@ def primary_font_kwargs():
             label=_('Header image'),
             ext_whitelist=('.png', '.jpg', '.gif', '.jpeg'),
             max_size=10 * 1024 * 1024,
+            help_text=_(
+                'If you provide a header image, it will be displayed instead of your event’s color '
+                'and/or header pattern at the top of all event pages. It will be center-aligned, '
+                'so when the window shrinks, the center parts will continue to be displayed, you '
+                'can increase the size with the setting below. The image will not be stretched. ' 
+                'Please do not upload files larger than 10.0MB!'
+            ),
+        ),
+        'serializer_class': UploadedFileField,
+        'serializer_kwargs': dict(
+            allowed_types=['image/png', 'image/jpeg', 'image/gif'],
+            max_size=10 * 1024 * 1024,
+        ),
+    },
+    'event_logo_image': {
+        'default': None,
+        'type': File,
+        'form_class': ExtFileField,
+        'form_kwargs': dict(
+            label=_('Logo'),
+            ext_whitelist=('.png', '.jpg', '.gif', '.jpeg'),
+            max_size=10 * 1024 * 1024,
             help_text=_(
                 'If you provide a logo image, we will by default not show your event name and date '
-                'in the page header. By default, we show your logo with a size of up to 1140x120 pixels. You '
-                'can increase the size with the setting below. We recommend not using small details on the picture '
+                'in the page header. By default, the logo will be scaled down to a height of 140px. '
+                'We recommend not using small details on the picture '
                 'as it will be resized on smaller screens.'
             ),
         ),
@@ -2084,7 +2106,7 @@ def primary_font_kwargs():
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
         'form_kwargs': dict(
-            label=_('Show event title even if a header image is present'),
+            label=_('Show event title even if a logo image is present'),
             help_text=_('The title will only be shown on the event front page.'),
         ),
     },

app/eventyay/base/email.py

@@ -10,6 +10,7 @@
 from itertools import groupby
 from pathlib import Path
 from smtplib import SMTPResponseException
+from typing import Iterable
 
 from css_inline import inline as inline_css
 from django.conf import settings
@@ -385,7 +386,7 @@ def render_sample(self, event):
             return self._sample
 
 
-def get_available_placeholders(event, base_parameters):
+def get_available_placeholders(event: Event, base_parameters: Iterable[str]) -> dict[str, BaseMailTextPlaceholder]:
     if 'order' in base_parameters:
         base_parameters.append('invoice_address')
         base_parameters.append('position_or_address')
@@ -419,6 +420,7 @@ def get_email_context(**kwargs):
         for v in val:
             if all(rp in kwargs for rp in v.required_context):
                 ctx[v.identifier] = v.render(kwargs)
+    logger.info('Email context: %s', ctx)
     return ctx
 
 
@@ -469,12 +471,15 @@ def generate_sample_video_url():
 
 
 @receiver(register_mail_placeholders, dispatch_uid='pretixbase_register_mail_placeholders')
-def base_placeholders(sender, **kwargs):
+def base_placeholders(sender: Event, **kwargs):
     from eventyay.multidomain.urlreverse import (
         build_absolute_uri,
         build_join_video_url,
     )
-
+    def render_video_join_link(event: Event, order) -> str:
+        url = build_join_video_url(event, order)
+        # TODO: Make the label translatable.
+        return f'<a href="{url}" class="button">Join online event</a>'
     ph = [
         SimpleFunctionalMailTextPlaceholder('event', ['event'], lambda event: event.name, lambda event: event.name),
         SimpleFunctionalMailTextPlaceholder(
@@ -783,10 +788,12 @@ def base_placeholders(sender, **kwargs):
             SimpleFunctionalMailTextPlaceholder(
                 'join_online_event',
                 ['order', 'event'],
-                lambda order, event: build_join_video_url(event=event, order=order),
+                lambda order, event: render_video_join_link(event, order),
                 generate_sample_video_url(),
             ),
         )
+    else:
+        logger.info('pretix_venueless plugin not found, skipping join_online_event placeholder')
     name_scheme = PERSON_NAME_SCHEMES[sender.settings.name_scheme]
     for f, l, w in name_scheme['fields']:
         if f == 'full_name':