Allow both full-url and partial-key-only tokens when storing scans

pgeu · Nov 23, 2023 · eabde6a · eabde6a
1 parent 19b0e30
commit eabde6a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/postgresqleu/confreg/checkin.py b/postgresqleu/confreg/checkin.py
@@ -320,7 +320,13 @@ def api(request, urlname, regtoken, what):
         if not conference.checkinactive:
             return HttpResponse("Check-in not open", status=412)
 
-        reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, idtoken=request.POST['token'])
+        # Accept both full URL version of token and just the key part
+        m = _tokenmatcher.match(request.POST['token'])
+        if m:
+            token = m.group(1)
+        else:
+            token = request.POST['token']
+        reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, idtoken=token)
         if reg.checkedinat:
             return HttpResponse("Already checked in.", status=412)
         reg.checkedinat = timezone.now()
@@ -366,8 +372,14 @@ def checkin_field_api(request, urlname, regtoken, fieldname, what):
         if not conference.checkinactive:
             return HttpResponse("Check-in not open", status=412)
 
+        m = _publictokenmatcher.match(request.POST['token'])
+        if m:
+            token = m.group(1)
+        else:
+            token = request.POST['token']
+
         with transaction.atomic():
-            reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, idtoken=request.POST['token'])
+            reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, publictoken=token)
             reglog(reg, "Marked scanner field {}".format(fieldname), request.user)
             reg.dynaprops[fieldname] = datetime_string(timezone.now())
             reg.save(update_fields=['dynaprops'])

diff --git a/postgresqleu/confsponsor/scanning.py b/postgresqleu/confsponsor/scanning.py
@@ -328,7 +328,13 @@ def scanning_api(request, scannertoken, what):
                 return _json_response(r, 200, scan.note, 'Attendee {} scan stored successfully.'.format(r.fullname))
         elif request.method == 'POST' and what == 'store':
             with transaction.atomic():
-                r = _get_scanned_attendee(sponsor, request.POST['token'])
+                # Accept both full URL version of token and just the key part
+                m = _tokenmatcher.match(request.POST['token'])
+                if m:
+                    token = m.group(1)
+                else:
+                    token = request.POST['token']
+                r = _get_scanned_attendee(sponsor, token)
                 if isinstance(r, HttpResponse):
                     return r