feat: add reservation QR retrieval

2026-04-29 10:59:47 +02:00
parent 0c679391ed
commit 635a9a5c63
7 changed files with 124 additions and 6 deletions
--- a/backend/bookings/serializers.py
+++ b/backend/bookings/serializers.py
@@ -31,6 +31,12 @@ class ReservationConfirmSerializer(StrictSerializer):
    token = serializers.CharField(trim_whitespace=True, allow_blank=False)


+class ReservationQRResponseSerializer(serializers.Serializer):
+    reservation_id = serializers.IntegerField(source="reservation.id")
+    qr_code_url = serializers.CharField()
+    qr_code_image = serializers.CharField()
+
+
 class ReservationConfirmResponseSerializer(serializers.Serializer):
    reservation_id = serializers.IntegerField(source="reservation.id")
    status = serializers.CharField(source="reservation.status")
--- a/backend/bookings/services.py
+++ b/backend/bookings/services.py
@@ -40,6 +40,10 @@ class AlreadyConfirmedReservation(BookingServiceError):
    pass


+class ReservationNotConfirmed(BookingServiceError):
+    pass
+
+
@dataclass(frozen=True)
 class PendingReservationResult:
    reservation: Reservation
@@ -59,6 +63,13 @@ class ConfirmedReservationResult:
    qr_code_url: str


+@dataclass(frozen=True)
+class ReservationQRResult:
+    reservation: Reservation
+    qr_code_image: str
+    qr_code_url: str
+
+
 def calculate_available_seats(performance):
    confirmed_seats = (
        Reservation.objects.filter(
@@ -184,9 +195,32 @@ def confirm_reservation_from_token(raw_token):
        available_seats=available_seats - reservation.party_size,
        qr_code_image=generate_check_in_qr_base64(
            reservation=reservation,
-            raw_check_in_token=raw_check_in_token,
+            raw_check_in_token=raw_token,
        ),
-        qr_code_url=build_check_in_preview_url(raw_check_in_token),
+        qr_code_url=build_check_in_preview_url(raw_token),
+    )
+
+
+def retrieve_reservation_qr_from_token(raw_token):
+    try:
+        confirmation_token = ReservationToken.objects.select_related("reservation").get(
+            token_hash=ReservationToken.hash_token(raw_token),
+            purpose=ReservationToken.Purpose.CONFIRMATION,
+        )
+    except ReservationToken.DoesNotExist as exc:
+        raise InvalidToken("Confirmation token is invalid.") from exc
+
+    reservation = confirmation_token.reservation
+    if reservation.status != Reservation.Status.CONFIRMED:
+        raise ReservationNotConfirmed("Reservation must be confirmed before QR retrieval.")
+
+    return ReservationQRResult(
+        reservation=reservation,
+        qr_code_image=generate_check_in_qr_base64(
+            reservation=reservation,
+            raw_check_in_token=raw_token,
+        ),
+        qr_code_url=build_check_in_preview_url(raw_token),
    )


--- a/backend/bookings/test_api.py
+++ b/backend/bookings/test_api.py
@@ -170,6 +170,54 @@ class BookingApiTests(APITestCase):
        self.assertEqual(second_response.status_code, status.HTTP_409_CONFLICT)
        self.assertEqual(second_response.data["status"], "already_confirmed")

+    @override_settings(SITE_BASE_URL="https://tickets.azionelab.example")
+    def test_qr_retrieval_success_for_confirmed_reservation(self):
+        reservation = self.create_reservation()
+        _, raw_token = generate_confirmation_token(reservation)
+        self.client.post(
+            reverse("api-reservation-confirm"),
+            {"token": raw_token},
+            format="json",
+        )
+
+        response = self.client.get(
+            reverse("api-reservation-qr"),
+            {"token": raw_token},
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["reservation_id"], reservation.id)
+        self.assertTrue(
+            response.data["qr_code_url"].startswith(
+                "https://tickets.azionelab.example/api/check-ins/preview/?token="
+            )
+        )
+        self.assertTrue(response.data["qr_code_image"].startswith("data:image/png;base64,"))
+        self.assertNotIn("email", response.data)
+        self.assertNotIn("name", response.data)
+
+    def test_qr_retrieval_fails_for_invalid_token(self):
+        response = self.client.get(
+            reverse("api-reservation-qr"),
+            {"token": "invalid-token"},
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertEqual(response.data["status"], "invalid_token")
+
+    def test_qr_retrieval_fails_for_pending_reservation(self):
+        reservation = self.create_reservation()
+        _, raw_token = generate_confirmation_token(reservation)
+
+        response = self.client.get(
+            reverse("api-reservation-qr"),
+            {"token": raw_token},
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_409_CONFLICT)
+        self.assertEqual(response.data["status"], "reservation_not_confirmed")
+        self.assertEqual(reservation.status, Reservation.Status.PENDING)
+
    def create_reservation(self, **overrides):
        data = {
            "performance": self.performance,
--- a/backend/bookings/test_services.py
+++ b/backend/bookings/test_services.py
@@ -130,7 +130,7 @@ class BookingServiceTests(TestCase):
        self.assertEqual(result.available_seats, 1)
        self.assertEqual(
            result.qr_code_url,
-            build_check_in_preview_url(result.raw_check_in_token),
+            build_check_in_preview_url(raw_token),
        )
        self.assertTrue(
            result.qr_code_url.startswith(
--- a/backend/bookings/urls.py
+++ b/backend/bookings/urls.py
@@ -10,4 +10,5 @@ urlpatterns = [
        name="api-reservation-create",
    ),
    path("reservations/confirm/", views.confirm_reservation, name="api-reservation-confirm"),
+    path("reservations/qr/", views.retrieve_reservation_qr, name="api-reservation-qr"),
 ]
--- a/backend/bookings/views.py
+++ b/backend/bookings/views.py
@@ -10,6 +10,7 @@ from .serializers import (
    ReservationConfirmSerializer,
    ReservationCreateResponseSerializer,
    ReservationCreateSerializer,
+    ReservationQRResponseSerializer,
 )
 from .services import (
    AlreadyConfirmedReservation,
@@ -17,8 +18,10 @@ from .services import (
    InvalidToken,
    NotEnoughSeats,
    PerformanceNotAvailable,
+    ReservationNotConfirmed,
    confirm_reservation_from_token,
    create_pending_reservation,
+    retrieve_reservation_qr_from_token,
 )


@@ -87,3 +90,25 @@ def confirm_reservation(request):

    response_serializer = ReservationConfirmResponseSerializer(result)
    return Response(response_serializer.data)
+
+
+@api_view(["GET"])
+def retrieve_reservation_qr(request):
+    serializer = ReservationConfirmSerializer(data=request.query_params)
+    serializer.is_valid(raise_exception=True)
+
+    try:
+        result = retrieve_reservation_qr_from_token(serializer.validated_data["token"])
+    except InvalidToken as exc:
+        return Response(
+            {"status": "invalid_token", "detail": str(exc)},
+            status=status.HTTP_404_NOT_FOUND,
+        )
+    except ReservationNotConfirmed as exc:
+        return Response(
+            {"status": "reservation_not_confirmed", "detail": str(exc)},
+            status=status.HTTP_409_CONFLICT,
+        )
+
+    response_serializer = ReservationQRResponseSerializer(result)
+    return Response(response_serializer.data)