diff --git a/fragdenstaat_de/fds_donation/forms.py b/fragdenstaat_de/fds_donation/forms.py index 9545a1f8..4c70c021 100644 --- a/fragdenstaat_de/fds_donation/forms.py +++ b/fragdenstaat_de/fds_donation/forms.py @@ -361,6 +361,8 @@ def create_related_object(self, order, data): recurring=order.is_recurring, first_recurring=order.is_recurring, method=data.get("payment_method", ""), + extra_action_url=self.settings.get("next_url", ""), + extra_action_label=self.settings.get("next_label", ""), ) return donation diff --git a/fragdenstaat_de/fds_donation/migrations/0047_donation_extra_action_label_and_more.py b/fragdenstaat_de/fds_donation/migrations/0047_donation_extra_action_label_and_more.py new file mode 100644 index 00000000..529a5c44 --- /dev/null +++ b/fragdenstaat_de/fds_donation/migrations/0047_donation_extra_action_label_and_more.py @@ -0,0 +1,23 @@ +# Generated by Django 4.2.16 on 2024-12-09 13:18 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("fds_donation", "0046_donationformcmsplugin_next_label"), + ] + + operations = [ + migrations.AddField( + model_name="donation", + name="extra_action_label", + field=models.TextField(blank=True), + ), + migrations.AddField( + model_name="donation", + name="extra_action_url", + field=models.CharField(blank=True, max_length=255), + ), + ] diff --git a/fragdenstaat_de/fds_donation/models.py b/fragdenstaat_de/fds_donation/models.py index ceb4d4d9..afe81e4f 100644 --- a/fragdenstaat_de/fds_donation/models.py +++ b/fragdenstaat_de/fds_donation/models.py @@ -4,11 +4,13 @@ from django.conf import settings from django.contrib.postgres.fields import HStoreField +from django.core.exceptions import ValidationError from django.db import models from django.db.models.functions import RowNumber from django.urls import reverse from django.utils import timezone from django.utils.functional import cached_property +from django.utils.http import url_has_allowed_host_and_scheme from django.utils.translation import gettext_lazy as _ from django.utils.translation import pgettext @@ -360,6 +362,9 @@ class Donation(models.Model): choices=DONATION_PROJECTS, ) + extra_action_url = models.CharField(max_length=255, blank=True) + extra_action_label = models.TextField(blank=True) + objects = DonationManager() class Meta: @@ -498,6 +503,13 @@ def __str__(self): return str(self.category) +def validate_allowed_host_and_scheme(value): + if not url_has_allowed_host_and_scheme( + value, allowed_hosts=settings.ALLOWED_REDIRECT_HOSTS + ): + raise ValidationError("Not a valid url") + + class DonationFormCMSPlugin(CMSPlugin): title = models.CharField(max_length=255, blank=True) interval = models.CharField(max_length=20, choices=INTERVAL_SETTINGS_CHOICES) @@ -522,7 +534,9 @@ class DonationFormCMSPlugin(CMSPlugin): ) form_action = models.CharField(max_length=255, blank=True) - next_url = models.CharField(max_length=255, blank=True) + next_url = models.CharField( + max_length=255, blank=True, validators=[validate_allowed_host_and_scheme] + ) next_label = models.CharField(max_length=255, blank=True) open_in_new_tab = models.BooleanField(default=False) diff --git a/fragdenstaat_de/fds_donation/templates/fds_donation/donor_detail.html b/fragdenstaat_de/fds_donation/templates/fds_donation/donor_detail.html index 323aaf04..c70fe8a0 100644 --- a/fragdenstaat_de/fds_donation/templates/fds_donation/donor_detail.html +++ b/fragdenstaat_de/fds_donation/templates/fds_donation/donor_detail.html @@ -9,13 +9,6 @@

Vielen Dank für Ihre Spende!

{% include "fds_donation/includes/banktransfer.html" with payment=last_donation.payment order=last_donation.payment.order %} {% endif %} - {% if extra_action_url %} -
- {{ extra_action_label }} -
- {% endif %}

Spenderdaten aktualisieren @@ -58,6 +51,13 @@

Dauerspenden

{% else %} {% if donation.received_timestamp %}Bestätigt{% endif %} {% endif %} + {% if donation.extra_action_url %} +
+ {{ donation.extra_action_label }} +
+ {% endif %} {% endfor %} diff --git a/fragdenstaat_de/fds_donation/views.py b/fragdenstaat_de/fds_donation/views.py index 7d162b61..1cc2bda8 100644 --- a/fragdenstaat_de/fds_donation/views.py +++ b/fragdenstaat_de/fds_donation/views.py @@ -56,9 +56,6 @@ def get_form(self, form_class=None): def form_valid(self, form): order, related_obj = form.save() method = form.cleaned_data["payment_method"] - if form.settings["next_url"]: - self.request.session["extra_action_url"] = form.settings["next_url"] - self.request.session["extra_action_label"] = form.settings["next_label"] return redirect(order.get_absolute_payment_url(method)) @@ -136,8 +133,6 @@ def get_context_data(self, **kwargs): "subscriptions": self.object.subscriptions.filter(canceled=None), "donations": donations, "last_donation": last_donation, - "extra_action_url": self.request.session.pop("extra_action_url"), - "extra_action_label": self.request.session.pop("extra_action_label"), } ) return ctx