elordenador/proyecto-final
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Add user purchase and receipt management

Browse Source 
- Implemented 'Mis Compras' and 'Mis Recibos' pages for users to view their orders and payment receipts.
- Enhanced address validation in 'editar_direccion.html' to ensure cities and postal codes belong to Almería.
- Added shipping address display in seller order details on 'pedidos_vendedor.html'.
- Updated user portal to include links to purchases and receipts.
- Introduced email verification functionality during user registration.
- Refactored email sending utility for better error handling and logging.
- Improved session management for checkout processes with selected shipping addresses.
This commit is contained in:
daniel
2026-03-10 13:08:10 +01:00
parent 01024bb97e
commit 162b63cae9
51 changed files with 1082 additions and 385 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tienda/views.py
+311 -36
View File
@@ -1,11 +1,21 @@
from django.shortcuts import render, redirect, get_object_or_404
from django.http import HttpRequest, JsonResponse
from django.http import HttpRequest, HttpResponse, JsonResponse
from django.contrib.auth import authenticate, login as auth_login, logout as auth_logout
from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required
from django.contrib import messages
from .models import Product, Category, Cart, CartItem, Image, Order, OrderItem, OrderMessage, ShippingAddress
from .vars import PAGE_SIZE
from .models import User, Product, Category, Cart, CartItem, Image, Order, OrderItem, OrderMessage, ShippingAddress, VerificationCode
from .utilities import send_email
from . import tasks
from .vars import (
PAGE_SIZE,
VAT_RATE,
SHIPPING_COUNTRY,
ALMERIA_POSTAL_CODE_PREFIX,
ALMERIA_MUNICIPALITIES_DISPLAY,
verify_message,
login_message
)
from django.conf import settings
from django.views.decorators.csrf import csrf_exempt
from django.urls import reverse
@@ -13,8 +23,78 @@ from decimal import Decimal, ROUND_HALF_UP
import stripe
from django.db import models, transaction
from django.core.cache import cache
import re
import unicodedata
import json
import random, string
import logging
# Create your views here.
logger = logging.getLogger("tienda")
audit_logger = logging.getLogger("tienda.audit")
def _normalize_location_text(value: str) -> str:
normalized = unicodedata.normalize("NFD", (value or ""))
without_accents = "".join(char for char in normalized if unicodedata.category(char) != "Mn")
without_symbols = re.sub(r"[^a-zA-Z0-9\s-]", "", without_accents)
collapsed = " ".join(without_symbols.replace("-", " ").lower().split())
return collapsed
ALMERIA_MUNICIPALITIES = {
_normalize_location_text(municipality)
for municipality in ALMERIA_MUNICIPALITIES_DISPLAY
}
ALMERIA_MUNICIPALITIES.update(
{
municipality.removeprefix("la ")
for municipality in ALMERIA_MUNICIPALITIES
if municipality.startswith("la ")
}
)
ALMERIA_MUNICIPALITIES.update(
{
municipality.removeprefix("los ")
for municipality in ALMERIA_MUNICIPALITIES
if municipality.startswith("los ")
}
)
def _is_almeria_postal_code(postal_code: str) -> bool:
"""Valida que el código postal pertenezca a la provincia de Almería (04xxx)."""
normalized = (postal_code or "").strip()
return len(normalized) == 5 and normalized.isdigit() and normalized.startswith(ALMERIA_POSTAL_CODE_PREFIX)
def _is_almeria_city(city: str) -> bool:
"""Valida que el municipio/pueblo pertenezca a la provincia de Almería."""
return _normalize_location_text(city) in ALMERIA_MUNICIPALITIES
def _address_form_context(direccion=None):
return {
"direccion": direccion,
"almeria_municipalities": ALMERIA_MUNICIPALITIES_DISPLAY,
}
def _get_client_ip(request: HttpRequest) -> str:
forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
if forwarded_for:
return forwarded_for.split(",")[0].strip()
return request.META.get("REMOTE_ADDR", "")
def get_price_with_vat_decimal(price) -> Decimal:
"""Retorna un precio con IVA aplicado y redondeado a 2 decimales."""
return (Decimal(str(price)) * (Decimal("1") + Decimal(str(VAT_RATE)))).quantize(
Decimal("0.01"),
rounding=ROUND_HALF_UP,
)
def home(request: HttpRequest):
"""Página de inicio del sitio"""
categorias = Category.objects.all()
@@ -50,32 +130,57 @@ def login(request: HttpRequest):
email = request.POST.get("email")
password = request.POST.get("password")
remember = request.POST.get("remember")
client_ip = _get_client_ip(request)
# Buscar usuario por email
try:
user_obj = User.objects.get(email=email)
username = user_obj.username
except User.DoesNotExist:
audit_logger.warning(
"LOGIN_FAILED email=%s reason=user_not_found ip=%s",
email,
client_ip,
)
messages.error(request, "Correo electrónico o contraseña incorrectos.")
return render(request, "tienda/login.html")
# Autenticar usuario
user = authenticate(request, username=username, password=password)
user = User.objects.get(username=user.username)
if user.registration_status == "CR":
audit_logger.info(
"LOGIN_FAILED email=%s reason=not_verified", email
)
messages.error(request, "No se puede iniciar sesión porque no has verificado tu cuenta, comprueba tu email. Si eliminaste el email pero querias verificarte, contacta con el soporte tecnico")
return render(request, "tienda/login.html")
if user is not None:
auth_login(request, user)
# Configurar duración de sesión
if not remember:
# Si no marca "Recordarme", la sesión expira al cerrar el navegador
request.session.set_expiry(0)
else:
# Si marca "Recordarme", la sesión dura 2 semanas
request.session.set_expiry(1209600) # 14 días en segundos
audit_logger.info(
"LOGIN_SUCCESS user_id=%s email=%s ip=%s remember=%s",
user.id,
user.email,
client_ip,
bool(remember),
)
tasks.enviar_correo_bienvenida.delay(user.email, "{} {}".format(user.first_name, user.last_name))
# result = send_email(user.email, "Inicio de sesión correcto", login_message.format(name = "{} {}".format(user.first_name, user.last_name)))
messages.success(request, f"¡Bienvenido {user.first_name or user.username}!")
return redirect("index")
else:
audit_logger.warning(
"LOGIN_FAILED email=%s reason=invalid_credentials ip=%s",
email,
client_ip,
)
messages.error(request, "Correo electrónico o contraseña incorrectos.")
return render(request, "tienda/login.html")
@@ -83,22 +188,28 @@ def login(request: HttpRequest):
def register(request: HttpRequest):
if request.user.is_authenticated:
return redirect("index")
if request.method == "POST":
name = request.POST.get("name")
email = request.POST.get("email")
password = request.POST.get("password")
password_confirm = request.POST.get("password_confirm")
client_ip = _get_client_ip(request)
# Validaciones
if password != password_confirm:
audit_logger.warning("REGISTER_FAILED email=%s reason=password_mismatch ip=%s", email, client_ip)
messages.error(request, "Las contraseñas no coinciden.")
return render(request, "tienda/register.html")
if len(password) < 8:
audit_logger.warning("REGISTER_FAILED email=%s reason=password_too_short ip=%s", email, client_ip)
messages.error(request, "La contraseña debe tener al menos 8 caracteres.")
return render(request, "tienda/register.html")
if User.objects.filter(email=email).exists():
audit_logger.warning("REGISTER_FAILED email=%s reason=email_exists ip=%s", email, client_ip)
messages.error(request, "Ya existe un usuario con este correo electrónico.")
return render(request, "tienda/register.html")
@@ -119,19 +230,37 @@ def register(request: HttpRequest):
password=password,
first_name=name
)
audit_logger.info(
"REGISTER_SUCCESS user_id=%s username=%s email=%s ip=%s",
user.id,
user.username,
user.email,
client_ip,
)
# Iniciar sesión automáticamente
auth_login(request, user)
request.session.set_expiry(1209600) # 14 días
ver_code = ''.join(random.choices(string.digits, k=12))
codigo = VerificationCode.objects.create(
user = user,
code = ver_code,
code_mode = VerificationCode.VerificationModes.VERIFY_ACCOUNT
)
message = verify_message.format(name = name, protocol = settings.PROTOCOL, domain = settings.DOMAIN, code = ver_code)
email_result = send_email(email, "Verificación de cuenta", message)
messages.success(request, f"¡Cuenta creada exitosamente! Bienvenido {name}.")
messages.success(request, f"¡Cuenta creada exitosamente! Por favor, verifica tu correo entrando al Link enviado.")
return redirect("index")
return render(request, "tienda/register.html")
def logout(request: HttpRequest):
user_id = request.user.id if request.user.is_authenticated else None
email = request.user.email if request.user.is_authenticated else None
client_ip = _get_client_ip(request)
auth_logout(request)
audit_logger.info("LOGOUT user_id=%s email=%s ip=%s", user_id, email, client_ip)
messages.success(request, "Has cerrado sesión exitosamente.")
return redirect("index")
@@ -178,25 +307,61 @@ def get_or_create_cart(request):
return cart
def create_order_from_cart(request, payment_method, payment_reference=""):
def _get_selected_shipping_address(request: HttpRequest):
"""Obtiene la dirección seleccionada desde JSON o form-data y valida pertenencia al usuario."""
shipping_address_id = request.POST.get("shipping_address_id")
if not shipping_address_id:
try:
payload = json.loads(request.body.decode("utf-8") or "{}")
shipping_address_id = payload.get("shipping_address_id")
except (json.JSONDecodeError, UnicodeDecodeError):
shipping_address_id = None
if not shipping_address_id:
return None
try:
shipping_address_id = int(shipping_address_id)
except (TypeError, ValueError):
return None
return ShippingAddress.objects.filter(id=shipping_address_id, user=request.user).first()
def create_order_from_cart(request, payment_method, payment_reference="", shipping_address=None):
"""Crea un pedido a partir del carrito actual y lo asigna a vendedores."""
cart = get_or_create_cart(request)
cart_items = cart.items.select_related("product", "product__creator")
cart_items = list(cart.items.select_related("product", "product__creator"))
if not cart_items.exists():
if not cart_items:
return None
order_total = Decimal("0.00")
items_with_totals = []
for item in cart_items:
product = item.product
unit_price_with_vat = get_price_with_vat_decimal(product.price)
line_total_with_vat = (unit_price_with_vat * item.quantity).quantize(
Decimal("0.01"),
rounding=ROUND_HALF_UP,
)
order_total += line_total_with_vat
items_with_totals.append((item, unit_price_with_vat, line_total_with_vat))
with transaction.atomic():
order = Order.objects.create(
buyer=request.user if request.user.is_authenticated else None,
shipping_address=shipping_address,
session_key=None if request.user.is_authenticated else request.session.session_key,
total=cart.get_total(),
total=float(order_total),
status=Order.STATUS_PAID,
payment_method=payment_method,
payment_reference=payment_reference or "",
)
for item in cart_items:
for item, unit_price_with_vat, line_total_with_vat in items_with_totals:
product = item.product
OrderItem.objects.create(
order=order,
@@ -204,8 +369,8 @@ def create_order_from_cart(request, payment_method, payment_reference=""):
product_name=product.name,
seller=product.creator,
quantity=item.quantity,
unit_price=product.price,
total_price=product.price * item.quantity,
unit_price=float(unit_price_with_vat),
total_price=float(line_total_with_vat),
)
cart.items.all().delete()
@@ -322,7 +487,7 @@ def mis_productos(request: HttpRequest):
def pedidos_vendedor(request: HttpRequest):
"""Muestra los pedidos asignados al vendedor autenticado"""
pedidos = OrderItem.objects.filter(seller=request.user).select_related(
'order', 'product', 'order__buyer'
'order', 'product', 'order__buyer', 'order__shipping_address'
).prefetch_related('messages__sender').order_by('-created_at')
return render(request, "tienda/pedidos_vendedor.html", {
@@ -540,9 +705,11 @@ def borrar_producto(request: HttpRequest, id: int):
def checkout(request: HttpRequest):
cart = get_or_create_cart(request)
cart_items = cart.items.select_related("product")
addresses = ShippingAddress.objects.filter(user=request.user)
return render(request, "tienda/checkout.html", {
"cart": cart,
"cart_items": cart_items
"cart_items": cart_items,
"addresses": addresses,
})
@csrf_exempt
@@ -561,6 +728,10 @@ def create_checkout_session(request: HttpRequest):
return JsonResponse({"error": "Método no permitido"}, status=405)
try:
shipping_address = _get_selected_shipping_address(request)
if shipping_address is None:
return JsonResponse({"error": "Debes seleccionar una dirección de envío válida."}, status=400)
cart = get_or_create_cart(request)
cart_items = cart.items.select_related("product")
@@ -571,7 +742,8 @@ def create_checkout_session(request: HttpRequest):
line_items = []
for item in cart_items:
unit_amount = int((Decimal(str(item.product.price)) * 100).quantize(0, rounding=ROUND_HALF_UP))
unit_price_with_vat = get_price_with_vat_decimal(item.product.price)
unit_amount = int((unit_price_with_vat * 100).quantize(Decimal("1"), rounding=ROUND_HALF_UP))
if unit_amount <= 0:
continue
line_items.append({
@@ -601,18 +773,23 @@ def create_checkout_session(request: HttpRequest):
)
request.session['stripe_session_id'] = session.id
request.session['selected_shipping_address_id'] = shipping_address.id
return JsonResponse({"sessionId": session.id})
except Exception as e:
print(f"Stripe error: {str(e)}")
logger.exception("STRIPE_CHECKOUT_SESSION_ERROR user_id=%s error=%s", request.user.id, str(e))
return JsonResponse({"error": f"Error al crear sesión de pago: {str(e)}"}, status=500)
def checkout_success(request: HttpRequest):
payment_reference = request.session.get('stripe_session_id', "")
create_order_from_cart(request, Order.PAYMENT_STRIPE, payment_reference)
shipping_address_id = request.session.get('selected_shipping_address_id')
shipping_address = ShippingAddress.objects.filter(id=shipping_address_id, user=request.user).first()
create_order_from_cart(request, Order.PAYMENT_STRIPE, payment_reference, shipping_address)
if 'stripe_session_id' in request.session:
del request.session['stripe_session_id']
if 'selected_shipping_address_id' in request.session:
del request.session['selected_shipping_address_id']
messages.success(request, "Pago realizado correctamente. ¡Gracias por tu compra!")
return render(request, "tienda/checkout_success.html", {})
@@ -652,6 +829,10 @@ def create_paypal_payment(request: HttpRequest):
return JsonResponse({"error": "Método no permitido"}, status=405)
try:
shipping_address = _get_selected_shipping_address(request)
if shipping_address is None:
return JsonResponse({"error": "Debes seleccionar una dirección de envío válida."}, status=400)
import paypalrestsdk
cart = get_or_create_cart(request)
@@ -669,16 +850,24 @@ def create_paypal_payment(request: HttpRequest):
# Crear lista de items para PayPal
payment_items = []
payment_total = Decimal("0.00")
for item in cart_items:
unit_price_with_vat = get_price_with_vat_decimal(item.product.price)
line_total_with_vat = (unit_price_with_vat * item.quantity).quantize(
Decimal("0.01"),
rounding=ROUND_HALF_UP,
)
payment_total += line_total_with_vat
payment_items.append({
"name": item.product.name,
"sku": f"product_{item.product.id}",
"price": str(round(float(item.product.price), 2)),
"price": format(unit_price_with_vat, ".2f"),
"currency": "EUR",
"quantity": item.quantity
})
total = str(round(float(cart.get_total()), 2))
total = format(payment_total, ".2f")
# Crear el pago
payment = paypalrestsdk.Payment({
@@ -713,6 +902,7 @@ def create_paypal_payment(request: HttpRequest):
if payment.create():
# Guardar el payment ID en sesión
request.session['paypal_payment_id'] = payment.id
request.session['selected_shipping_address_id'] = shipping_address.id
# Encontrar el link de aprobación
for link in payment.links:
@@ -723,16 +913,15 @@ def create_paypal_payment(request: HttpRequest):
else:
# Loguear el error
error_msg = str(payment.error) if hasattr(payment, 'error') else "Error desconocido"
print(f"PayPal Error: {error_msg}")
logger.error("PAYPAL_CREATE_ERROR user_id=%s error=%s", request.user.id, error_msg)
return JsonResponse({"error": f"Error al crear el pago: {error_msg}"}, status=400)
except ImportError:
logger.error("PAYPAL_SDK_NOT_INSTALLED")
return JsonResponse({"error": "SDK de PayPal no instalado"}, status=500)
except Exception as e:
error_msg = str(e)
print(f"PayPal Exception: {error_msg}")
import traceback
traceback.print_exc()
logger.exception("PAYPAL_CREATE_EXCEPTION user_id=%s error=%s", request.user.id, error_msg)
return JsonResponse({"error": f"Error: {error_msg}"}, status=500)
@@ -766,11 +955,15 @@ def paypal_execute(request: HttpRequest):
# Ejecutar el pago
if payment.execute({"payer_id": payer_id}):
# Pago exitoso - crear pedido y limpiar el carrito
create_order_from_cart(request, Order.PAYMENT_PAYPAL, payment_id)
shipping_address_id = request.session.get('selected_shipping_address_id')
shipping_address = ShippingAddress.objects.filter(id=shipping_address_id, user=request.user).first()
create_order_from_cart(request, Order.PAYMENT_PAYPAL, payment_id, shipping_address)
# Limpiar la sesión
if 'paypal_payment_id' in request.session:
del request.session['paypal_payment_id']
if 'selected_shipping_address_id' in request.session:
del request.session['selected_shipping_address_id']
messages.success(request, "¡Pago realizado correctamente con PayPal! Gracias por tu compra.")
return render(request, "tienda/checkout_success.html", {})
@@ -780,6 +973,7 @@ def paypal_execute(request: HttpRequest):
return redirect("checkout")
except Exception as e:
logger.exception("PAYPAL_EXECUTE_EXCEPTION user_id=%s error=%s", request.user.id, str(e))
messages.error(request, f"Error: {str(e)}")
return redirect("checkout")
def search_suggestions(request: HttpRequest):
@@ -829,6 +1023,31 @@ def portal_usuario(request: HttpRequest):
})
@login_required
def mis_compras(request: HttpRequest):
"""Lista completa de compras del usuario autenticado"""
orders = Order.objects.filter(buyer=request.user).prefetch_related('items').order_by('-created_at')
return render(request, "tienda/mis_compras.html", {
"orders": orders,
"total_orders": orders.count(),
})
@login_required
def mis_recibos(request: HttpRequest):
"""Lista de recibos (pedidos pagados) del usuario autenticado"""
receipts = Order.objects.filter(
buyer=request.user,
status=Order.STATUS_PAID
).prefetch_related('items').order_by('-created_at')
return render(request, "tienda/mis_recibos.html", {
"receipts": receipts,
"total_receipts": receipts.count(),
})
@login_required
def editar_perfil(request: HttpRequest):
"""Edita la información del perfil del usuario"""
@@ -908,14 +1127,22 @@ def crear_direccion(request: HttpRequest):
address_line_2 = request.POST.get("address_line_2", "").strip()
city = request.POST.get("city", "").strip()
postal_code = request.POST.get("postal_code", "").strip()
country = request.POST.get("country", "España").strip()
country = SHIPPING_COUNTRY
phone = request.POST.get("phone", "").strip()
is_default = request.POST.get("is_default") == "on"
# Validaciones
if not all([full_name, address_line_1, city, postal_code, phone]):
messages.error(request, "Por favor completa todos los campos obligatorios.")
return render(request, "tienda/editar_direccion.html")
return render(request, "tienda/editar_direccion.html", _address_form_context(request.POST))
if not _is_almeria_city(city):
messages.error(request, "El pueblo/ciudad debe pertenecer a la provincia de Almería.")
return render(request, "tienda/editar_direccion.html", _address_form_context(request.POST))
if not _is_almeria_postal_code(postal_code):
messages.error(request, "Solo realizamos envíos en la provincia de Almería (código postal 04xxx).")
return render(request, "tienda/editar_direccion.html", _address_form_context(request.POST))
# Crear dirección
ShippingAddress.objects.create(
@@ -933,7 +1160,7 @@ def crear_direccion(request: HttpRequest):
messages.success(request, "Dirección creada correctamente.")
return redirect("direcciones_usuario")
return render(request, "tienda/editar_direccion.html", {"direccion": None})
return render(request, "tienda/editar_direccion.html", _address_form_context())
@login_required
@@ -947,7 +1174,7 @@ def editar_direccion(request: HttpRequest, id: int):
direccion.address_line_2 = request.POST.get("address_line_2", "").strip()
direccion.city = request.POST.get("city", "").strip()
direccion.postal_code = request.POST.get("postal_code", "").strip()
direccion.country = request.POST.get("country", "España").strip()
direccion.country = SHIPPING_COUNTRY
direccion.phone = request.POST.get("phone", "").strip()
direccion.is_default = request.POST.get("is_default") == "on"
@@ -955,13 +1182,21 @@ def editar_direccion(request: HttpRequest, id: int):
if not all([direccion.full_name, direccion.address_line_1, direccion.city,
direccion.postal_code, direccion.phone]):
messages.error(request, "Por favor completa todos los campos obligatorios.")
return render(request, "tienda/editar_direccion.html", {"direccion": direccion})
return render(request, "tienda/editar_direccion.html", _address_form_context(direccion))
if not _is_almeria_city(direccion.city):
messages.error(request, "El pueblo/ciudad debe pertenecer a la provincia de Almería.")
return render(request, "tienda/editar_direccion.html", _address_form_context(direccion))
if not _is_almeria_postal_code(direccion.postal_code):
messages.error(request, "Solo realizamos envíos en la provincia de Almería (código postal 04xxx).")
return render(request, "tienda/editar_direccion.html", _address_form_context(direccion))
direccion.save()
messages.success(request, "Dirección actualizada correctamente.")
return redirect("direcciones_usuario")
return render(request, "tienda/editar_direccion.html", {"direccion": direccion})
return render(request, "tienda/editar_direccion.html", _address_form_context(direccion))
@login_required
@@ -990,3 +1225,43 @@ def mensajes_comprador(request: HttpRequest):
return render(request, "tienda/mensajes_comprador.html", {
"order_items": order_items
})
def send_test_email(request: HttpRequest):
message = """
Correo de prueba, deberias recibir esto bien
y esto deberia tener un enter
"""
result = send_email("danilacasito8@gmail.com", "Correo de Prueba", message)
if result[0]:
return HttpResponse("Mira tu bandeja")
else:
return HttpResponse(result[1])
def verify(request: HttpRequest, code: str):
obj = None
try:
obj = VerificationCode.objects.get(code=code)
except VerificationCode.DoesNotExist:
return HttpResponse("<h1>Error</h1><p>No existe el codigo de verificación</p>")
if obj:
if obj.code_mode == VerificationCode.VerificationModes.VERIFY_ACCOUNT:
obj.user.registration_status = obj.user.RegisterStatus.ACTIVE
obj.user.save()
obj.delete()
return redirect("index")
else:
return HttpResponse("<h1>Error</h1><p>No existe el codigo de verificación</p>")
def reset_password(request: HttpRequest):
if request.user.is_authenticated:
return redirect("index")
return render(request, "tienda/reset_password", {})