fix(security): separate booking and check-in tokens

backend/bookings/test_admin.py

@@ -53,18 +53,19 @@ class ReservationAdminTests(TestCase):
         self.assertContains(response, "The reservation stays pending")
 
     def test_admin_can_create_manual_reservation_with_standard_email_flow(self):
-        response = self.client.post(
-            reverse("admin:bookings_reservation_add"),
-            {
-                "performance": self.performance.id,
-                "name": "Maria Rossi",
-                "email": "maria@example.com",
-                "phone": "+390600000000",
-                "party_size": 2,
-                "notes": "Entered by staff at the venue desk.",
-                "_save": "Save",
-            },
-        )
+        with self.captureOnCommitCallbacks(execute=True):
+            response = self.client.post(
+                reverse("admin:bookings_reservation_add"),
+                {
+                    "performance": self.performance.id,
+                    "name": "Maria Rossi",
+                    "email": "maria@example.com",
+                    "phone": "+390600000000",
+                    "party_size": 2,
+                    "notes": "Entered by staff at the venue desk.",
+                    "_save": "Save",
+                },
+            )
 
         reservation = Reservation.objects.get()
         self.assertEqual(response.status_code, 302)