bisco/azionelab
1
0
Fork 0
generated from bisco/codex-bootstrap
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'fix/admin-token-visibility' into develop

Browse Source
This commit is contained in:
bisco
2026-04-29 22:48:27 +02:00
parent 33307a5de2 7a46e288cf
commit a8f2a7c803
2 changed files with 31 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/bookings/admin.py
View File

@@ -40,8 +40,8 @@ class ReservationAdminForm(forms.ModelForm):
class ReservationTokenInline(admin.TabularInline): class ReservationTokenInline(admin.TabularInline):
model = ReservationToken model = ReservationToken
extra = 0 extra = 0
readonly_fields = ("token_hash", "used_at", "created_at") readonly_fields = ("used_at", "created_at")
fields = ("purpose", "token_hash", "expires_at", "used_at", "created_at") fields = ("purpose", "expires_at", "used_at", "created_at")
can_delete = False can_delete = False
@@ -231,13 +231,10 @@ class ReservationAdmin(admin.ModelAdmin):
@admin.register(ReservationToken) @admin.register(ReservationToken)
class ReservationTokenAdmin(admin.ModelAdmin): class ReservationTokenAdmin(admin.ModelAdmin):
list_display = ("reservation", "purpose", "expires_at", "used_at", "created_at", "token_preview") list_display = ("reservation", "purpose", "expires_at", "used_at", "created_at")
list_filter = ("purpose", "expires_at", "used_at", "created_at") list_filter = ("purpose", "expires_at", "used_at", "created_at")
search_fields = ("reservation__name", "reservation__email", "token_hash") search_fields = ("reservation__name", "reservation__email", "token_hash")
readonly_fields = ("token_hash", "created_at", "used_at") readonly_fields = ("created_at", "used_at")
exclude = ("token_hash",)
list_select_related = ("reservation", "reservation__performance") list_select_related = ("reservation", "reservation__performance")
autocomplete_fields = ("reservation",) autocomplete_fields = ("reservation",)
@admin.display(description="Token hash")
def token_preview(self, obj):
return obj.token_hash[:12]

26
backend/bookings/test_admin.py
View File

@@ -83,3 +83,29 @@ class ReservationAdminTests(TestCase):
"https://tickets.azionelab.example/api/reservations/confirm/?token=", "https://tickets.azionelab.example/api/reservations/confirm/?token=",
mail.outbox[0].body, mail.outbox[0].body,
) )
def test_token_hash_is_hidden_in_token_admin_views(self):
reservation = Reservation.objects.create(
performance=self.performance,
name="Maria Rossi",
email="maria@example.com",
party_size=2,
)
token, _ = ReservationToken.create_token(
reservation=reservation,
purpose=ReservationToken.Purpose.CONFIRMATION,
expires_at=timezone.now() + timedelta(hours=2),
)
changelist_response = self.client.get(reverse("admin:bookings_reservationtoken_changelist"))
change_response = self.client.get(
reverse("admin:bookings_reservationtoken_change", args=[token.id]),
)
self.assertEqual(changelist_response.status_code, 200)
self.assertEqual(change_response.status_code, 200)
self.assertNotContains(changelist_response, token.token_hash)
self.assertNotContains(change_response, token.token_hash)
self.assertContains(change_response, token.get_purpose_display())
self.assertContains(change_response, "Expires at")
self.assertContains(change_response, "Used at")