From b6375a63b828731e84544e6122318eafd3427a21 Mon Sep 17 00:00:00 2001
From: Michal Kolodziejski <michal.kolodziejski@cern.ch>
Date: Wed, 22 Nov 2017 14:23:42 +0100
Subject: [PATCH 1/5] Payment/Paypal: Don't reencode registration data

---
 payment_paypal/indico_payment_paypal/plugin.py | 4 ++--
 payment_paypal/setup.py                        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/payment_paypal/indico_payment_paypal/plugin.py b/payment_paypal/indico_payment_paypal/plugin.py
index 510d4f4..3a98ef6 100644
--- a/payment_paypal/indico_payment_paypal/plugin.py
+++ b/payment_paypal/indico_payment_paypal/plugin.py
@@ -69,8 +69,8 @@ class PaypalPaymentPlugin(PaymentPluginMixin, IndicoPlugin):
     def adjust_payment_form_data(self, data):
         event = data['event']
         registration = data['registration']
-        data['item_name'] = '{}: registration for {}'.format(remove_accents(registration.full_name),
-                                                             remove_accents(event.title))
+        data['item_name'] = '{}: registration for {}'.format(remove_accents(registration.full_name, reencode=False),
+                                                             remove_accents(event.title, reencode=False))
         data['return_url'] = url_for_plugin('payment_paypal.success', registration.locator.uuid, _external=True)
         data['cancel_url'] = url_for_plugin('payment_paypal.cancel', registration.locator.uuid, _external=True)
         data['notify_url'] = url_for_plugin('payment_paypal.notify', registration.locator.uuid, _external=True)
diff --git a/payment_paypal/setup.py b/payment_paypal/setup.py
index 1e9b92b..a3d3f92 100644
--- a/payment_paypal/setup.py
+++ b/payment_paypal/setup.py
@@ -21,7 +21,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='indico-plugin-payment-paypal',
-    version='1.0rc1',
+    version='1.0rc2',
     description='PayPal payments for Indico event registration fees',
     url='https://github.com/indico/indico-plugins',
     license='https://www.gnu.org/licenses/gpl-3.0.txt',

From 88b8a188f67d6586ec8d0ac14235930178c6e6b4 Mon Sep 17 00:00:00 2001
From: Adrian Moennich <adrian.moennich@cern.ch>
Date: Thu, 7 Dec 2017 16:02:38 +0100
Subject: [PATCH 2/5] Piwik: Do not choke on malformed URLs

---
 piwik/indico_piwik/plugin.py | 4 +++-
 piwik/setup.py               | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/piwik/indico_piwik/plugin.py b/piwik/indico_piwik/plugin.py
index 485f2d4..223266d 100644
--- a/piwik/indico_piwik/plugin.py
+++ b/piwik/indico_piwik/plugin.py
@@ -111,9 +111,11 @@ class PiwikPlugin(IndicoPlugin):
             return {}
         params = {'site_id_events': site_id_events}
         if request.blueprint in ('event', 'events', 'contributions') and 'confId' in request.view_args:
+            if not unicode(request.view_args['confId']).isdigit():
+                return {}
             params['event_id'] = request.view_args['confId']
             contrib_id = request.view_args.get('contrib_id')
-            if contrib_id is not None:
+            if contrib_id is not None and unicode(contrib_id).isdigit():
                 contribution = Contribution.find_first(event_id=params['event_id'], id=contrib_id)
                 if contribution:
                     cid = (contribution.legacy_mapping.legacy_contribution_id if contribution.legacy_mapping
diff --git a/piwik/setup.py b/piwik/setup.py
index 7e88d02..ddb30c0 100644
--- a/piwik/setup.py
+++ b/piwik/setup.py
@@ -21,7 +21,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='indico-plugin-piwik',
-    version='1.0rc1',
+    version='1.0rc2',
     description='Piwik integration for global and event-specific statistics in Indico',
     url='https://github.com/indico/indico-plugins',
     license='https://www.gnu.org/licenses/gpl-3.0.txt',

From f9e043c7022cfced9b0aa0dc1e79a5fbb3e88a73 Mon Sep 17 00:00:00 2001
From: Adrian Moennich <adrian.moennich@cern.ch>
Date: Thu, 7 Dec 2017 16:14:39 +0100
Subject: [PATCH 3/5] Payment/PayPal: Check receiver_<id|email> as well

---
 payment_paypal/indico_payment_paypal/controllers.py | 10 ++++++----
 payment_paypal/tests/controllers_test.py            | 13 ++++++++-----
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/payment_paypal/indico_payment_paypal/controllers.py b/payment_paypal/indico_payment_paypal/controllers.py
index 9ada365..1bbf8c8 100644
--- a/payment_paypal/indico_payment_paypal/controllers.py
+++ b/payment_paypal/indico_payment_paypal/controllers.py
@@ -85,11 +85,13 @@ class RHPaypalIPN(RH):
 
     def _verify_business(self):
         expected = current_plugin.event_settings.get(self.registration.registration_form.event, 'business')
-        business = request.form.get('business')
-        if expected == business:
+        candidates = {request.form.get('business'),
+                      request.form.get('receiver_id'),
+                      request.form.get('receiver_email')}
+        if expected in candidates:
             return True
-        current_plugin.logger.warning("Unexpected business: %s != %s", business, expected)
-        current_plugin.logger.warning("Request data was: %s", request.form)
+        current_plugin.logger.warning("Unexpected business: %s not in %r (request data: %r)", expected, candidates,
+                                      request.form)
         return False
 
     def _verify_amount(self):
diff --git a/payment_paypal/tests/controllers_test.py b/payment_paypal/tests/controllers_test.py
index df6c861..e751989 100644
--- a/payment_paypal/tests/controllers_test.py
+++ b/payment_paypal/tests/controllers_test.py
@@ -25,16 +25,19 @@ from indico_payment_paypal.plugin import PaypalPaymentPlugin
 
 
 @pytest.mark.usefixtures('db', 'request_context')
-@pytest.mark.parametrize(('business', 'expected'), (
-    ('test', True),
-    ('foo',  False)
+@pytest.mark.parametrize(('formdata', 'expected'), (
+    ({'business': 'test'},       True),
+    ({'receiver_id': 'test'},    True),
+    ({'receiver_email': 'test'}, True),
+    ({'business': 'foo'},        False),
+    ({},                         False)
 ))
-def test_ipn_verify_business(business, expected, dummy_event):
+def test_ipn_verify_business(formdata, expected, dummy_event):
     rh = RHPaypalIPN()
     rh.registration = MagicMock()
     rh.registration.registration_form.event = dummy_event
     PaypalPaymentPlugin.event_settings.set(dummy_event, 'business', 'test')
-    request.form = {'business': business}
+    request.form = formdata
     with PaypalPaymentPlugin.instance.plugin_context():
         assert rh._verify_business() == expected
 

From cc42f3bbd93c9f16d1d98003723bd79cd9cbe798 Mon Sep 17 00:00:00 2001
From: Adrian Moennich <adrian.moennich@cern.ch>
Date: Thu, 7 Dec 2017 16:57:27 +0100
Subject: [PATCH 4/5] Payment/PayPal: Use ascii-only item name

This hopefully fixes certain weird IPN validation failures...
---
 payment_paypal/indico_payment_paypal/plugin.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/payment_paypal/indico_payment_paypal/plugin.py b/payment_paypal/indico_payment_paypal/plugin.py
index 3a98ef6..778fc75 100644
--- a/payment_paypal/indico_payment_paypal/plugin.py
+++ b/payment_paypal/indico_payment_paypal/plugin.py
@@ -23,7 +23,7 @@ from wtforms.validators import DataRequired, Optional
 from indico.core.plugins import IndicoPlugin, url_for_plugin
 from indico.modules.events.payment import (PaymentEventSettingsFormBase, PaymentPluginMixin,
                                            PaymentPluginSettingsFormBase)
-from indico.util.string import remove_accents
+from indico.util.string import remove_accents, unicode_to_ascii
 from indico.web.forms.validators import UsedIf
 
 from indico_payment_paypal import _
@@ -69,8 +69,10 @@ class PaypalPaymentPlugin(PaymentPluginMixin, IndicoPlugin):
     def adjust_payment_form_data(self, data):
         event = data['event']
         registration = data['registration']
-        data['item_name'] = '{}: registration for {}'.format(remove_accents(registration.full_name, reencode=False),
-                                                             remove_accents(event.title, reencode=False))
+        data['item_name'] = '{}: registration for {}'.format(
+            unicode_to_ascii(remove_accents(registration.full_name, reencode=False)),
+            unicode_to_ascii(remove_accents(event.title, reencode=False))
+        )
         data['return_url'] = url_for_plugin('payment_paypal.success', registration.locator.uuid, _external=True)
         data['cancel_url'] = url_for_plugin('payment_paypal.cancel', registration.locator.uuid, _external=True)
         data['notify_url'] = url_for_plugin('payment_paypal.notify', registration.locator.uuid, _external=True)

From 7e606cc045227254057de294f875d48a751c5406 Mon Sep 17 00:00:00 2001
From: Adrian Moennich <adrian.moennich@cern.ch>
Date: Fri, 8 Dec 2017 09:42:42 +0100
Subject: [PATCH 5/5] Prepare 2.0rc2 release

---
 _meta/setup.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_meta/setup.py b/_meta/setup.py
index 73edcd6..893b2fd 100644
--- a/_meta/setup.py
+++ b/_meta/setup.py
@@ -28,8 +28,8 @@ plugins_require = [
     'indico-plugin-livesync==1.0rc1',
     'indico-plugin-livesync-invenio==1.0rc1',
     'indico-plugin-payment-manual==1.0rc1',
-    'indico-plugin-payment-paypal==1.0rc1',
-    'indico-plugin-piwik==1.0rc1',
+    'indico-plugin-payment-paypal==1.0rc2',
+    'indico-plugin-piwik==1.0rc2',
     'indico-plugin-previewer-code==1.0rc1',
     'indico-plugin-previewer-jupyter==1.0rc1',
     'indico-plugin-search==1.0rc1',
@@ -43,7 +43,7 @@ extras_require = {
 
 setup(
     name='indico-plugins',
-    version='1.0rc1',
+    version='1.0rc2',
     description='A meta-package containing the official Indico plugins',
     url='https://github.com/indico/indico-plugins',
     license='https://www.gnu.org/licenses/gpl-3.0.txt',