bisco/azionelab
1
0
Fork 0
generated from bisco/codex-bootstrap
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: tighten check-in token handling

Browse Source
This commit is contained in:
bisco
2026-05-04 09:43:03 +02:00
parent c7c0657f6d
commit 978fe1a7ff
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
backend/checkins/test_services.py
View File

@@ -74,6 +74,17 @@ class CheckInServiceTests(TestCase):
with self.assertRaises(InvalidToken): with self.assertRaises(InvalidToken):
preview_check_in_token(raw_token, staff_user=self.staff_user) preview_check_in_token(raw_token, staff_user=self.staff_user)
def test_preview_rejects_expired_check_in_token(self):
reservation = self.create_reservation()
_, raw_token = ReservationToken.create_token(
reservation=reservation,
purpose=ReservationToken.Purpose.CHECK_IN,
expires_at=timezone.now() - timedelta(minutes=1),
)
with self.assertRaises(InvalidToken):
preview_check_in_token(raw_token, staff_user=self.staff_user)
def test_check_in_succeeds_for_confirmed_reservation(self): def test_check_in_succeeds_for_confirmed_reservation(self):
reservation = self.create_reservation() reservation = self.create_reservation()
_, raw_token = self.create_check_in_token(reservation) _, raw_token = self.create_check_in_token(reservation)
@@ -158,6 +169,14 @@ class CheckInServiceTests(TestCase):
with self.assertRaises(InvalidToken): with self.assertRaises(InvalidToken):
confirm_check_in_from_token(raw_token, staff_user=self.staff_user) confirm_check_in_from_token(raw_token, staff_user=self.staff_user)
def test_check_in_rejects_used_check_in_token(self):
reservation = self.create_reservation()
token, raw_token = self.create_check_in_token(reservation)
token.mark_used()
with self.assertRaises(InvalidToken):
confirm_check_in_from_token(raw_token, staff_user=self.staff_user)
def create_reservation(self, **overrides): def create_reservation(self, **overrides):
data = { data = {
"performance": self.performance, "performance": self.performance,

1
infra/docker/compose.yml
View File

@@ -11,6 +11,7 @@ services:
DJANGO_DEBUG: ${DJANGO_DEBUG:-false} DJANGO_DEBUG: ${DJANGO_DEBUG:-false}
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS} CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS}
SITE_BASE_URL: ${SITE_BASE_URL} SITE_BASE_URL: ${SITE_BASE_URL}
EMAIL_BACKEND: ${EMAIL_BACKEND}
TIME_ZONE: ${TIME_ZONE:-Europe/Rome} TIME_ZONE: ${TIME_ZONE:-Europe/Rome}
DATABASE_URL: ${DATABASE_URL} DATABASE_URL: ${DATABASE_URL}
POSTGRES_DB: ${POSTGRES_DB} POSTGRES_DB: ${POSTGRES_DB}