fix(api): do not persist donations in database

api/desecapi/migrations/0012_volatile_donations.py

@@ -0,0 +1,17 @@
+# Generated by Django 2.2.7 on 2019-11-27 15:30
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('desecapi', '0011_user_id_to_uuid'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='donation',
+            options={'managed': False},
+        ),
+    ]

api/desecapi/models.py

@@ -326,12 +326,8 @@ class Donation(models.Model):
     mref = models.CharField(max_length=32, default=get_default_value_mref)
     email = models.EmailField(max_length=255, blank=True)
 
-    def save(self, *args, **kwargs):
-        self.iban = self.iban[:6] + "xxx"  # do NOT save account details
-        super().save(*args, **kwargs)
-
     class Meta:
-        ordering = ('created',)
+        managed = False
 
 
 class RRsetManager(Manager):

api/desecapi/templates/emails/donation/desec-attachment-jameica.txt

@@ -18,7 +18,7 @@
     <empfaenger_name type="java.lang.String">{{ donation.name | clean }}</empfaenger_name>
 
     {# IBAN of the account that will be charged [sic!] #}
-    <empfaenger_konto type="java.lang.String">{{ complete_iban | clean }}</empfaenger_konto>
+    <empfaenger_konto type="java.lang.String">{{ donation.iban | clean }}</empfaenger_konto>
 
     {# 0 means this transaction was not yet executed #}
     <ausgefuehrt type="java.lang.Integer">0</ausgefuehrt>

api/desecapi/tests/test_donations.py

@@ -14,21 +14,20 @@ class DonationTests(DesecTestCase):
 
     def test_create_donation(self):
         url = reverse('v1:donation')
-        data = \
-            {
-                'name': 'Komplizierter Vörnämü-ßßß 马大为',
-                'iban': 'DE89370400440532013000',
-                'bic': 'BYLADEM1SWU',
-                'amount': 123.45,
-                'message': 'hi there, thank you. Also, some random chars:  ™ • ½ ¼ ¾ ⅓ ⅔ † ‡ µ ¢ £ € « » ♤ ♧ ♥ ♢ ¿ ',
-                'email': 'email@example.com',
-            }
+        data = {
+            'name': 'Komplizierter Vörnämü-ßßß 马大为',
+            'iban': 'DE89370400440532013000',
+            'bic': 'BYLADEM1SWU',
+            'amount': 123.45,
+            'message': 'hi there, thank you. Also, some random chars:  ™ • ½ ¼ ¾ ⅓ ⅔ † ‡ µ ¢ £ € « » ♤ ♧ ♥ ♢ ¿ ',
+            'email': 'email@example.com',
+        }
         response = self.client.post(url, data)
         self.assertTrue(mail.outbox)
         email_internal = str(mail.outbox[0].message())
         direct_debit = str(mail.outbox[0].attachments[0][1])
         self.assertStatus(response, status.HTTP_201_CREATED)
         self.assertEqual(len(mail.outbox), 2)
-        self.assertEqual(response.data['iban'], 'DE8937xxx')
+        self.assertEqual(response.data['iban'], data['iban'])
         self.assertTrue('Komplizierter Vornamu' in direct_debit)
         self.assertTrue(data['iban'] in email_internal)

api/desecapi/views.py

@@ -332,46 +332,41 @@ class DonationList(generics.CreateAPIView):
     serializer_class = serializers.DonationSerializer
 
     def perform_create(self, serializer):
-        iban = serializer.validated_data['iban']
-        obj = serializer.save()
-
-        def send_donation_emails(donation):
-            context = {
-                'donation': donation,
-                'creditoridentifier': settings.SEPA['CREDITOR_ID'],
-                'creditorname': settings.SEPA['CREDITOR_NAME'],
-                'complete_iban': iban
-            }
-
-            # internal desec notification
-            content_tmpl = get_template('emails/donation/desec-content.txt')
-            subject_tmpl = get_template('emails/donation/desec-subject.txt')
-            attachment_tmpl = get_template('emails/donation/desec-attachment-jameica.txt')
-            from_tmpl = get_template('emails/from.txt')
+        instance = self.serializer_class.Meta.model(**serializer.validated_data)
+
+        context = {
+            'donation': instance,
+            'creditoridentifier': settings.SEPA['CREDITOR_ID'],
+            'creditorname': settings.SEPA['CREDITOR_NAME'],
+        }
+
+        # internal desec notification
+        content_tmpl = get_template('emails/donation/desec-content.txt')
+        subject_tmpl = get_template('emails/donation/desec-subject.txt')
+        attachment_tmpl = get_template('emails/donation/desec-attachment-jameica.txt')
+        from_tmpl = get_template('emails/from.txt')
+        email = EmailMessage(subject_tmpl.render(context),
+                             content_tmpl.render(context),
+                             from_tmpl.render(context),
+                             ['donation@desec.io'],
+                             attachments=[
+                                 ('jameica-directdebit.xml',
+                                  attachment_tmpl.render(context),
+                                  'text/xml')
+                             ])
+        email.send()
+
+        # donor notification
+        if instance.email:
+            content_tmpl = get_template('emails/donation/donor-content.txt')
+            subject_tmpl = get_template('emails/donation/donor-subject.txt')
+            footer_tmpl = get_template('emails/footer.txt')
             email = EmailMessage(subject_tmpl.render(context),
-                                 content_tmpl.render(context),
+                                 content_tmpl.render(context) + footer_tmpl.render(),
                                  from_tmpl.render(context),
-                                 ['donation@desec.io'],
-                                 attachments=[
-                                     ('jameica-directdebit.xml',
-                                      attachment_tmpl.render(context),
-                                      'text/xml')
-                                 ])
+                                 [instance.email])
             email.send()
 
-            # donor notification
-            if donation.email:
-                content_tmpl = get_template('emails/donation/donor-content.txt')
-                subject_tmpl = get_template('emails/donation/donor-subject.txt')
-                email = EmailMessage(subject_tmpl.render(context),
-                                     content_tmpl.render(context),
-                                     from_tmpl.render(context),
-                                     [donation.email])
-                email.send()
-
-        # send emails
-        send_donation_emails(obj)
-
 
 class AccountCreateView(generics.CreateAPIView):
     serializer_class = serializers.RegisterAccountSerializer

test/e2e/spec/donation_spec.js

@@ -49,12 +49,6 @@ describe("donating", function () {
             return expect(response).to.have.schema(apiDonationSchema);
         });
 
-        it("does not return the full iban", function () {
-            return response.then(function (donationResponse) {
-                expect(donationResponse.body.iban).to.equal("DE8937xxx");
-            });
-        });
-
     });
 
     it("does not require an email address", function () {