From eabde6adf79cb62b0b9b9ecfe33a30dc20d6cf3f Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 23 Nov 2023 22:40:54 +0100
Subject: [PATCH] Allow both full-url and partial-key-only tokens when storing
 scans

---
 postgresqleu/confreg/checkin.py      | 16 ++++++++++++++--
 postgresqleu/confsponsor/scanning.py |  8 +++++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/postgresqleu/confreg/checkin.py b/postgresqleu/confreg/checkin.py
index 29c439944..a688eaeb6 100644
--- a/postgresqleu/confreg/checkin.py
+++ b/postgresqleu/confreg/checkin.py
@@ -320,7 +320,13 @@ def api(request, urlname, regtoken, what):
         if not conference.checkinactive:
             return HttpResponse("Check-in not open", status=412)
 
-        reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, idtoken=request.POST['token'])
+        # Accept both full URL version of token and just the key part
+        m = _tokenmatcher.match(request.POST['token'])
+        if m:
+            token = m.group(1)
+        else:
+            token = request.POST['token']
+        reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, idtoken=token)
         if reg.checkedinat:
             return HttpResponse("Already checked in.", status=412)
         reg.checkedinat = timezone.now()
@@ -366,8 +372,14 @@ def checkin_field_api(request, urlname, regtoken, fieldname, what):
         if not conference.checkinactive:
             return HttpResponse("Check-in not open", status=412)
 
+        m = _publictokenmatcher.match(request.POST['token'])
+        if m:
+            token = m.group(1)
+        else:
+            token = request.POST['token']
+
         with transaction.atomic():
-            reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, idtoken=request.POST['token'])
+            reg = get_object_or_404(ConferenceRegistration, conference=conference, payconfirmedat__isnull=False, canceledat__isnull=True, publictoken=token)
             reglog(reg, "Marked scanner field {}".format(fieldname), request.user)
             reg.dynaprops[fieldname] = datetime_string(timezone.now())
             reg.save(update_fields=['dynaprops'])
diff --git a/postgresqleu/confsponsor/scanning.py b/postgresqleu/confsponsor/scanning.py
index 0a9416b54..878cb52a3 100644
--- a/postgresqleu/confsponsor/scanning.py
+++ b/postgresqleu/confsponsor/scanning.py
@@ -328,7 +328,13 @@ def scanning_api(request, scannertoken, what):
                 return _json_response(r, 200, scan.note, 'Attendee {} scan stored successfully.'.format(r.fullname))
         elif request.method == 'POST' and what == 'store':
             with transaction.atomic():
-                r = _get_scanned_attendee(sponsor, request.POST['token'])
+                # Accept both full URL version of token and just the key part
+                m = _tokenmatcher.match(request.POST['token'])
+                if m:
+                    token = m.group(1)
+                else:
+                    token = request.POST['token']
+                r = _get_scanned_attendee(sponsor, token)
                 if isinstance(r, HttpResponse):
                     return r