npm - nodebb-plugin-onekite-calendar - Versions diffs - 2.0.94 → 2.0.96 - Mend

nodebb-plugin-onekite-calendar 2.0.94 → 2.0.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/lib/admin.js +7 -116
package/lib/api.js +18 -6
package/lib/helloassoWebhook.js +99 -17
package/lib/scheduler.js +2 -352
package/lib/syncPayment.js +141 -0
package/library.js +1 -0
package/package.json +1 -1
package/public/client.js +53 -16
package/templates/admin/plugins/calendar-onekite.tpl +0 -17
package/templates/emails/calendar-onekite_approved.tpl +1 -4
package/templates/emails/calendar-onekite_reminder.tpl +1 -4

package/lib/admin.js CHANGED Viewed

@@ -23,6 +23,7 @@ const dbLayer = require('./db');
 const helloasso = require('./helloasso');
 const discord = require('./discord');
 const { buildCheckoutIntent } = require('./checkout');
+const { syncPayment: syncPaymentHelper } = require('./syncPayment');
 const ADMIN_PRIV = 'admin:settings';
@@ -166,10 +167,9 @@ admin.approveReservation = async function (req, res) {
         pickupLon: r.pickupLon || '',
         mapUrl,
         ...(buildCalendarLinks({
-          rid: String(r.rid),
-          uid: requesterUid,
+          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
           itemNames: arrayifyNames(r),
-          pickupAddress: r.pickupAddress || '',
+          pickupAddress: r.pickupAddress || '', allDay: true,
           startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
           endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
         })),
@@ -690,126 +690,17 @@ admin.exportAccountingCsv = async function (req, res) {
 // Sync payment status from HelloAsso for a reservation stuck in awaiting_payment.
 // Uses the stored checkoutIntentId to query HelloAsso's API directly.
 admin.syncPaymentFromHelloAsso = async function (req, res) {
+  if (!req.uid) return res.status(401).json({ error: 'not-logged-in' });
   const rid = String(req.params.rid || '').trim();
   if (!rid) return res.status(400).json({ error: 'missing-rid' });
   const r = await dbLayer.getReservation(rid);
   if (!r) return res.status(404).json({ error: 'not-found' });
-  if (r.status === 'paid') {
-    return res.json({ ok: true, alreadyPaid: true, status: r.status });
-  }
-  const checkoutIntentId = r.checkoutIntentId ? String(r.checkoutIntentId) : null;
-  if (!checkoutIntentId) {
-    return res.json({ ok: false, reason: 'no-checkout-intent-id', status: r.status });
-  }
   const settings = await getSettings();
-  const token = await helloasso.getAccessToken({
-    env: settings.helloassoEnv || 'prod',
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-  if (!token) {
-    return res.json({ ok: false, reason: 'helloasso-auth-failed' });
-  }
-  const details = await helloasso.getCheckoutIntentDetails({
-    env: settings.helloassoEnv || 'prod',
-    token,
-    organizationSlug: settings.helloassoOrganizationSlug,
-    checkoutIntentId,
-  });
-  if (!details) {
-    return res.json({ ok: false, reason: 'checkout-intent-not-found', checkoutIntentId });
-  }
-  // Determine payment state from checkout intent details
-  const order = (details && details.order) ? details.order : details;
-  const orderState = String((order && (order.state || order.status)) || '').toLowerCase();
-  const paymentsArr = (order && Array.isArray(order.payments)) ? order.payments : [];
-  const paymentState = paymentsArr.length
-    ? String((paymentsArr[0].state || paymentsArr[0].status) || '').toLowerCase()
-    : '';
-  const okStates = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'];
-  const isPaid = okStates.includes(orderState) || okStates.includes(paymentState);
-  if (!isPaid) {
-    return res.json({ ok: false, reason: 'not-paid-on-helloasso', orderState, paymentState });
-  }
-  // Mark as paid
-  const prevStatus = r.status;
-  r.status = 'paid';
-  r.paidAt = Date.now();
-  r.syncedFromHelloAsso = true;
-  r.syncedBy = req.uid;
-  const paymentId = paymentsArr.length ? String(paymentsArr[0].id || '') : '';
-  const paymentReceiptUrl = paymentsArr.length
-    ? String(paymentsArr[0].paymentReceiptUrl || paymentsArr[0].receiptUrl || '')
-    : '';
-  if (paymentId) r.paymentId = paymentId;
-  if (paymentReceiptUrl) r.paymentReceiptUrl = paymentReceiptUrl;
-  await dbLayer.saveReservation(r);
-  try {
-    await dbLayer.addAuditEntry({
-      ts: Date.now(), year: new Date().getFullYear(),
-      action: 'reservation_sync_paid',
-      targetType: 'reservation', targetId: String(r.rid),
-      reservationUid: Number(r.uid) || 0,
-      reservationUsername: String(r.username || ''),
-      actorUid: req.uid || 0,
-      prevStatus,
-    });
-  } catch (e) {}
-  realtime.emitCalendarUpdated({ kind: 'reservation', action: 'paid', rid: String(r.rid), status: 'paid' });
-  try {
-    const requesterUid = parseInt(r.uid, 10);
-    if (requesterUid) {
-      const requester = await user.getUserFields(requesterUid, ['username']);
-      const latNum = Number(r.pickupLat);
-      const lonNum = Number(r.pickupLon);
-      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
-        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
-        : '';
-      await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
-        uid: requesterUid,
-        username: requester && requester.username ? requester.username : '',
-        itemName: arrayifyNames(r).join(', '),
-        itemNames: arrayifyNames(r),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-        paymentReceiptUrl: r.paymentReceiptUrl || '',
-        pickupTime: r.pickupTime || '',
-        pickupAddress: r.pickupAddress || '',
-        mapUrl,
-        ...(buildCalendarLinks({
-          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
-          itemNames: arrayifyNames(r),
-          pickupAddress: r.pickupAddress || '', allDay: true,
-          startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
-          endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
-        })),
-      });
-    }
-  } catch (e) {}
-  try {
-    const requester = await user.getUserFields(parseInt(r.uid, 10), ['username']);
-    await discord.notifyPaymentReceived(settings, {
-      rid: r.rid, uid: r.uid,
-      username: (requester && requester.username) ? requester.username : (r.username || ''),
-      itemIds: arrayifyIds(r),
-      itemNames: arrayifyNames(r),
-      start: r.start, end: r.end, status: r.status,
-    });
-  } catch (e) {}
-  return res.json({ ok: true, synced: true, prevStatus, paymentId: r.paymentId || '' });
+  const result = await syncPaymentHelper({ r, settings, actorUid: req.uid });
+  return res.json(result);
 };
 admin.purgeAccounting = async function (req, res) {

package/lib/api.js CHANGED Viewed

@@ -36,6 +36,7 @@ const helloasso = require('./helloasso');
 const discord = require('./discord');
 const realtime = require('./realtime');
 const { buildCheckoutIntent } = require('./checkout');
+const { syncPayment: syncPaymentHelper } = require('./syncPayment');
 function overlap(aStart, aEnd, bStart, bEnd) {
@@ -793,8 +794,6 @@ api.leaveSpecialEvent = async function (req, res) {
 api.getCapabilities = async function (req, res) {
   const settings = await getSettings();
   const uid = req.uid || 0;
-  const pendingHoldMinutes = parseInt(getSetting(settings, 'pendingHoldMinutes', '5'), 10) || 5;
-  const paymentHoldMinutes = parseInt(getSetting(settings, 'paymentHoldMinutes', getSetting(settings, 'holdMinutes', '60')), 10) || 60;
   if (!uid) {
     return res.json({
       canModerate: false,
@@ -803,8 +802,6 @@ api.getCapabilities = async function (req, res) {
       canCreateOuting: false,
       canCreateReservation: false,
       specialEventCategoryCid: 0,
-      pendingHoldMinutes,
-      paymentHoldMinutes,
     });
   }
   const [canMod, canSpecialC, canSpecialD, canReq] = await Promise.all([
@@ -821,8 +818,6 @@ api.getCapabilities = async function (req, res) {
     canCreateOuting: canMod || canReq,
     canCreateReservation: canReq,
     specialEventCategoryCid: parseInt(settings && settings.specialEventCategoryId, 10) || 0,
-    pendingHoldMinutes,
-    paymentHoldMinutes,
   });
 };
@@ -1879,6 +1874,23 @@ api.cancelReservation = async function (req, res) {
   return res.json({ ok: true, status: 'cancelled' });
 };
+// Validator: sync payment status from HelloAsso (fallback when webhook fails).
+api.syncPaymentFromHelloAsso = async function (req, res) {
+  const uid = req.uid;
+  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
+  const settings = await getSettings();
+  if (!(await canValidate(uid, settings))) return res.status(403).json({ error: 'not-allowed' });
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.status(400).json({ error: 'missing-rid' });
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+  const result = await syncPaymentHelper({ r, settings, actorUid: uid });
+  return res.json(result);
+};
 // --------------------
 // Maintenance (simple ON/OFF)
 // --------------------

package/lib/helloassoWebhook.js CHANGED Viewed

@@ -1,5 +1,7 @@
 'use strict';
+const crypto = require('crypto');
 const db = require.main.require('./src/database');
 const meta = require.main.require('./src/meta');
 const user = require.main.require('./src/user');
@@ -62,11 +64,32 @@ function getClientIp(req) {
   return String(req.ip || '').trim();
 }
+// HelloAsso sends two distinct webhook formats:
+//   Format A – global webhook:     { eventType: "Payment", data: { id, state, checkoutIntentId, ... } }
+//   Format B – notificationUrl:    checkout intent object directly: { id, state, metadata, order: { payments } }
+//
+// All extraction helpers normalise both by using `payload.data` when present,
+// falling back to `payload` itself (Format B).
+function _payloadData(payload) {
+  if (!payload) return null;
+  // Format A: wrapped under .data
+  if (payload.data && typeof payload.data === 'object') return payload.data;
+  // Format B: direct checkout intent object from notificationUrl.
+  // Require BOTH a numeric/string id AND (state OR order) to avoid misidentifying
+  // arbitrary JSON (e.g. health-check responses, error objects) as valid intents.
+  if (!payload.eventType && payload.id !== undefined &&
+      (payload.state !== undefined || (payload.order && typeof payload.order === 'object'))) {
+    return payload;
+  }
+  return null;
+}
 // Extract reservationId from the metadata field of a webhook payload.
 // HelloAsso uses several payload shapes depending on event type and API version.
 function getReservationIdFromPayload(payload) {
   try {
-    const data = payload && payload.data ? payload.data : null;
+    const data = _payloadData(payload);
     if (!data) return null;
     const metaCandidates = [
@@ -96,10 +119,12 @@ function getReservationIdFromPayload(payload) {
 function getCheckoutIntentIdFromPayload(payload) {
   try {
-    const data = payload && payload.data ? payload.data : null;
+    const data = _payloadData(payload);
     if (!data) return null;
     const candidates = [
       data.checkoutIntentId,
+      // Format B: the top-level .id is the checkout intent ID
+      (!payload.data && data.id) ? data.id : undefined,
       data.checkoutIntent && (data.checkoutIntent.id || data.checkoutIntent.checkoutIntentId),
       data.order && (data.order.checkoutIntentId || (data.order.checkoutIntent && data.order.checkoutIntent.id)),
     ].filter(Boolean);
@@ -111,17 +136,30 @@ function getCheckoutIntentIdFromPayload(payload) {
 // Returns true for event types and states that represent a completed payment.
 function isConfirmedPayment(payload) {
   try {
-    if (!payload || !payload.data) return false;
+    if (!payload) return false;
+    const data = _payloadData(payload);
+    if (!data) return false;
     const eventType = String(payload.eventType || '').toLowerCase();
-    const state = String(payload.data.state || payload.data.status || payload.data.paymentState || '').toLowerCase();
+    // For Format B (direct checkout intent): state is at data.state or nested in order/payments.
+    const orderPayments = (data.order && Array.isArray(data.order.payments)) ? data.order.payments : [];
+    const state = String(
+      data.state || data.status || data.paymentState ||
+      (orderPayments.length ? (orderPayments[0].state || orderPayments[0].status) : '') ||
+      (data.order && (data.order.state || data.order.status)) ||
+      ''
+    ).toLowerCase();
     const okState = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'].includes(state);
+    // Format A – wrapped event types
     if (eventType === 'payment') return okState;
     if (eventType === 'order' || eventType === 'checkout') {
       // Order/Checkout payloads sometimes omit the state field; accept when missing.
       return !state || okState;
     }
-    // For any other event type, accept if state is clearly positive.
+    // Format B – no eventType: direct checkout intent object from notificationUrl
+    if (!eventType) return okState;
+    // Any other event type: accept if state is clearly positive.
     if (okState) return true;
     return false;
   } catch (e) {
@@ -233,12 +271,39 @@ async function handler(req, res, next) {
       }
     }
+    // Verify HelloAsso HMAC-SHA256 signature when the header is present.
+    // HelloAsso signs with the client secret; header format: x-ha-signature: sha256=<hex>
+    const sigHeader = String(req.headers && req.headers['x-ha-signature'] || '').trim();
+    if (sigHeader) {
+      const clientSecret = String((settings && settings.helloassoClientSecret) || '').trim();
+      if (!clientSecret) {
+        // eslint-disable-next-line no-console
+        console.warn('[calendar-onekite] HelloAsso webhook: x-ha-signature present but helloassoClientSecret not configured — rejecting');
+        return res.status(401).json({ ok: false, error: 'signature-config-missing' });
+      }
+      const rawBody = req.rawBody ? req.rawBody : Buffer.from(JSON.stringify(payload || {}));
+      const expected = `sha256=${crypto.createHmac('sha256', clientSecret).update(rawBody).digest('hex')}`;
+      const isValid = crypto.timingSafeEqual(
+        Buffer.from(expected, 'utf8'),
+        Buffer.from(sigHeader, 'utf8')
+      );
+      if (!isValid) {
+        // eslint-disable-next-line no-console
+        console.warn('[calendar-onekite] HelloAsso webhook: invalid x-ha-signature — rejected');
+        return res.status(401).json({ ok: false, error: 'invalid-signature' });
+      }
+    }
+    const _d = _payloadData(payload);
+    const _isFormatB = !!payload && !payload.eventType && !!_d;
     // eslint-disable-next-line no-console
     console.info('[calendar-onekite] HelloAsso webhook received', {
+      format: _isFormatB ? 'direct-checkoutIntent' : 'wrapped-event',
       eventType: payload && payload.eventType,
-      state: payload && payload.data && (payload.data.state || payload.data.status || payload.data.paymentState),
-      paymentId: payload && payload.data && (payload.data.id || payload.data.paymentId),
-      checkoutIntentId: payload && payload.data && (payload.data.checkoutIntentId || (payload.data.order && payload.data.order.checkoutIntentId)),
+      state: _d && (_d.state || _d.status || _d.paymentState || (_d.order && (_d.order.state || _d.order.status))),
+      paymentId: _d && (_d.id || _d.paymentId || (_d.order && Array.isArray(_d.order.payments) && _d.order.payments[0] && _d.order.payments[0].id)),
+      checkoutIntentId: _d && (_d.checkoutIntentId || (_isFormatB ? _d.id : undefined) || (_d.order && _d.order.checkoutIntentId)),
+      hasMetadata: !!(_d && (_d.metadata || _d.meta)),
       hasBody: !!payload,
       contentType: req.headers && req.headers['content-type'],
     });
@@ -246,9 +311,10 @@ async function handler(req, res, next) {
     if (!isConfirmedPayment(payload)) {
       // eslint-disable-next-line no-console
       console.warn('[calendar-onekite] HelloAsso webhook: payment not confirmed — ignored', {
+        format: _isFormatB ? 'direct-checkoutIntent' : 'wrapped-event',
         eventType: payload && payload.eventType,
-        state: payload && payload.data && (payload.data.state || payload.data.status || payload.data.paymentState),
-        hasData: !!(payload && payload.data),
+        state: _d && (_d.state || _d.status || _d.paymentState || (_d.order && (_d.order.state || _d.order.status))),
+        hasBody: !!payload,
       });
       return res.json({ ok: true, ignored: true });
     }
@@ -261,16 +327,22 @@ async function handler(req, res, next) {
     if (eventType === 'payment' && !rid && !checkoutIntentId) {
       // eslint-disable-next-line no-console
       console.warn('[calendar-onekite] HelloAsso webhook: Payment event has no metadata.reservationId and no checkoutIntentId', {
-        paymentId: payload && payload.data && payload.data.id,
-        dataKeys: payload && payload.data ? Object.keys(payload.data) : [],
+        paymentId: _d && _d.id,
+        dataKeys: _d ? Object.keys(_d) : [],
       });
       return res.json({ ok: true, ignored: true, incompletePayment: true });
     }
-    const paymentId = payload && payload.data ? (payload.data.id || payload.data.paymentId) : null;
+    // Extract paymentId.
+    // Format A: data.id is the payment ID.
+    // Format B: order.payments[0].id is the payment ID (data.id is the checkout intent ID).
+    const _payments = (_d && _d.order && Array.isArray(_d.order.payments)) ? _d.order.payments : [];
+    const paymentId = payload.data
+      ? (_d.id || _d.paymentId)
+      : (_payments.length ? _payments[0].id : null);
     if (!paymentId) {
       // eslint-disable-next-line no-console
-      console.warn('[calendar-onekite] HelloAsso webhook: missing payment id', { eventType, dataKeys: payload && payload.data ? Object.keys(payload.data) : [] });
+      console.warn('[calendar-onekite] HelloAsso webhook: missing payment id', { eventType, dataKeys: _d ? Object.keys(_d) : [] });
       return res.json({ ok: true, ignored: true, missingPaymentId: true });
     }
@@ -301,15 +373,25 @@ async function handler(req, res, next) {
       return res.json({ ok: true, processed: true, reservationNotFound: true });
     }
+    // Idempotency: already paid → just mark as processed and return.
+    if (r.status === 'paid') {
+      await markProcessed(paymentId);
+      return res.json({ ok: true, processed: true, alreadyPaid: true });
+    }
     // eslint-disable-next-line no-console
     console.info('[calendar-onekite] HelloAsso webhook: marking reservation paid', { rid: resolvedRid, prevStatus: r.status, paymentId });
     r.status = 'paid';
     r.paidAt = Date.now();
     r.paymentId = String(paymentId);
-    if (payload.data && payload.data.paymentReceiptUrl) {
-      r.paymentReceiptUrl = String(payload.data.paymentReceiptUrl);
-    }
+    // paymentReceiptUrl: Format A = data.paymentReceiptUrl, Format B = order.payments[0].paymentReceiptUrl
+    const _receiptUrl = (payload.data && payload.data.paymentReceiptUrl)
+      ? String(payload.data.paymentReceiptUrl)
+      : (_payments.length && (_payments[0].paymentReceiptUrl || _payments[0].receiptUrl))
+        ? String(_payments[0].paymentReceiptUrl || _payments[0].receiptUrl)
+        : '';
+    if (_receiptUrl) r.paymentReceiptUrl = _receiptUrl;
     await dbLayer.saveReservation(r);
     await auditLog('reservation_paid', 0, {

package/lib/scheduler.js CHANGED Viewed

@@ -1,338 +1,9 @@
 'use strict';
 const nconf = require.main.require('nconf');
-const db = require.main.require('./src/database');
-const user = require.main.require('./src/user');
-const dbLayer = require('./db');
-const discord = require('./discord');
-const realtime = require('./realtime');
-const { getSettings } = require('./settings');
-const shared = require('./shared');
-const {
-  getSetting,
-  formatFR,
-  arrayifyNames,
-  forumBaseUrl,
-  normalizeAllowedGroups,
-  normalizeUids,
-  getMembersByGroupIdentifier,
-  sendEmail,
-} = shared;
 let timer = null;
-// Some NodeBB database adapters don't expose setAdd/setRemove helpers.
-// Use a safe "add once" guard to avoid crashing the scheduler.
-async function addOnce(key, value) {
-  const v = String(value);
-  if (!v) return false;
-  // Best-effort atomic guard across multi-process / multi-instance.
-  // incrObjectField is implemented by most NodeBB DB adapters (Redis/Mongo).
-  // If it exists, it gives us a reliable "first winner" (value === 1).
-  if (typeof db.incrObjectField === 'function') {
-    try {
-      const n = await db.incrObjectField(key, v);
-      return Number(n) === 1;
-    } catch (e) {
-      // fall through
-    }
-  }
-  // Preferred atomic helper (Redis + some adapters)
-  if (typeof db.setAdd === 'function') {
-    try {
-      return !!(await db.setAdd(key, v));
-    } catch (e) {
-      // fall through
-    }
-  }
-  // Fallback: store a marker in an object map.
-  // Not perfectly atomic across clustered processes, but avoids a hard failure.
-  try {
-    const existing = await db.getObjectField(key, v);
-    if (existing) return false;
-    await db.setObjectField(key, v, 1);
-    return true;
-  } catch (e) {
-    // Last resort: allow sending rather than silently doing nothing.
-    // This may duplicate emails in edge cases, but avoids "expires with no email".
-    return true;
-  }
-}
-// Helpers imported from shared.js above
-async function getValidatorUids(settings) {
-  const out = new Set();
-  // Always include administrators
-  try {
-    const admins = await getMembersByGroupIdentifier('administrators');
-    normalizeUids(admins).forEach((u) => out.add(u));
-  } catch (e) {}
-  const groupsCsv = normalizeAllowedGroups(settings && settings.validatorGroups);
-  for (const g of groupsCsv) {
-    try {
-      const members = await getMembersByGroupIdentifier(g);
-      normalizeUids(members).forEach((u) => out.add(u));
-    } catch (e) {}
-  }
-  return Array.from(out);
-}
-async function getNotifyUids(settings) {
-  const out = new Set();
-  const groupsCsv = normalizeAllowedGroups(settings && settings.notifyGroups);
-  for (const g of groupsCsv) {
-    try {
-      const members = await getMembersByGroupIdentifier(g);
-      normalizeUids(members).forEach((u) => out.add(u));
-    } catch (e) {}
-  }
-  return Array.from(out);
-}
-async function getNotifiedValidatorUids(settings) {
-  const [validators, notified] = await Promise.all([
-    getValidatorUids(settings),
-    getNotifyUids(settings),
-  ]);
-  const notifiedSet = new Set((notified || []).map((u) => parseInt(u, 10)).filter(Number.isFinite));
-  return (validators || []).filter((u) => notifiedSet.has(parseInt(u, 10)));
-}
-// Pending holds: short lock after a user creates a request (defaults to 5 minutes)
-async function expirePending(preIds, preReservations) {
-  const settings = await getSettings();
-  const holdMins = parseInt(getSetting(settings, 'pendingHoldMinutes', '5'), 10) || 5;
-  const validatorReminderMins = parseInt(getSetting(settings, 'validatorReminderMinutesPending', '0'), 10) || 0;
-  const now = Date.now();
-  const adminUrl = (() => {
-    const base = forumBaseUrl();
-    return base ? `${base}/admin/plugins/calendar-onekite` : '/admin/plugins/calendar-onekite';
-  })();
-  const validatorUids = validatorReminderMins > 0 ? await getNotifiedValidatorUids(settings) : [];
-  const ids = preIds || await dbLayer.listAllReservationIds(5000);
-  if (!ids || !ids.length) return;
-  const reservations = preReservations || await dbLayer.getReservations(ids);
-  for (let i = 0; i < ids.length; i += 1) {
-    const rid = ids[i];
-    const resv = reservations[i];
-    if (!resv || resv.status !== 'pending') {
-      continue;
-    }
-    const createdAt = parseInt(resv.createdAt, 10) || 0;
-    const expiresAt = createdAt + holdMins * 60 * 1000;
-    // Reminder to validators while still pending
-    if (validatorReminderMins > 0 && createdAt && now >= (createdAt + validatorReminderMins * 60 * 1000) && now < expiresAt) {
-      const reminderKey = 'calendar-onekite:email:validatorReminder:pending';
-      const first = await addOnce(reminderKey, rid);
-      if (first && validatorUids.length) {
-        const requesterUid = parseInt(resv.uid, 10) || 0;
-        const requester = requesterUid ? await user.getUserFields(requesterUid, ['username']) : null;
-        const requesterUsername = requester && requester.username ? requester.username : (resv.username || '');
-        for (const vuid of validatorUids) {
-          await sendEmail('calendar-onekite_validator_reminder', vuid, 'Location matériel - Demande en attente', {
-            rid,
-            requesterUsername,
-            itemNames: arrayifyNames(resv),
-            dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-            adminUrl,
-            kind: 'pending',
-            delayMinutes: validatorReminderMins,
-          });
-        }
-      }
-    }
-    if (now > expiresAt) {
-      // Expire (remove from calendar) + notify requester + validators
-      const expiredKey = 'calendar-onekite:email:expiredSent:pending';
-      const firstExpired = await addOnce(expiredKey, rid);
-      const requesterUid = parseInt(resv.uid, 10) || 0;
-      const requester = requesterUid ? await user.getUserFields(requesterUid, ['username']) : null;
-      const requesterUsername = requester && requester.username ? requester.username : (resv.username || '');
-      const reason = 'Demande non prise en charge dans le temps imparti.';
-      if (firstExpired && requesterUid) {
-        await sendEmail('calendar-onekite_expired', requesterUid, 'Location matériel - Demande expirée', {
-          uid: requesterUid,
-          username: requesterUsername,
-          itemNames: arrayifyNames(resv),
-          dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-          delayMinutes: holdMins,
-          reason,
-        });
-      }
-      // Validators info email (best-effort)
-      if (firstExpired) {
-        const validators = await getNotifiedValidatorUids(settings);
-        for (const vuid of validators) {
-          await sendEmail('calendar-onekite_validator_expired', vuid, 'Location matériel - Demande expirée', {
-            rid,
-            requesterUsername,
-            itemNames: arrayifyNames(resv),
-            dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-            adminUrl,
-            reason,
-          });
-        }
-      }
-      await dbLayer.removeReservation(rid);
-      // Real-time refresh for all viewers
-      realtime.emitCalendarUpdated({ kind: 'reservation', action: 'expired', rid: String(rid), status: 'expired' });
-    }
-  }
-}
-// Payment window logic:
-// - When a reservation is validated it becomes awaiting_payment
-// - We send a reminder after `paymentHoldMinutes` (default 60)
-// - We expire (and remove) after `2 * paymentHoldMinutes`
-async function processAwaitingPayment(preIds, preReservations) {
-  const settings = await getSettings();
-  const holdMins = parseInt(
-    getSetting(settings, 'paymentHoldMinutes', getSetting(settings, 'holdMinutes', '60')),
-    10
-  ) || 60;
-  const now = Date.now();
-  const ids = preIds || await dbLayer.listAllReservationIds(5000);
-  if (!ids || !ids.length) return;
-  const adminUrl = (() => {
-    const base = forumBaseUrl();
-    return base ? `${base}/admin/plugins/calendar-onekite` : '/admin/plugins/calendar-onekite';
-  })();
-  const reservations = preReservations || await dbLayer.getReservations(ids);
-  for (let i = 0; i < ids.length; i += 1) {
-    const rid = ids[i];
-    const r = reservations[i];
-    if (!r || r.status !== 'awaiting_payment') continue;
-    const approvedAt = parseInt(r.approvedAt || r.validatedAt || 0, 10) || 0;
-    if (!approvedAt) continue;
-    const reminderAt = approvedAt + holdMins * 60 * 1000;
-    const expireAt = approvedAt + 2 * holdMins * 60 * 1000;
-    if (!r.reminderSent && now >= reminderAt && now < expireAt) {
-      // Send reminder once (guarded across clustered NodeBB processes)
-      const reminderKey = 'calendar-onekite:email:reminderSent';
-      const first = await addOnce(reminderKey, rid);
-      if (!first) {
-        // another process already sent it
-        r.reminderSent = true;
-        r.reminderAt = now;
-        await dbLayer.saveReservation(r);
-        continue;
-      }
-      const toUid = parseInt(r.uid, 10);
-      const u = await user.getUserFields(toUid, ['username']);
-      if (toUid) {
-        await sendEmail('calendar-onekite_reminder', toUid, 'Location matériel - Rappel', {
-          uid: toUid,
-          username: (u && u.username) ? u.username : '',
-          itemName: arrayifyNames(r).join(', '),
-          itemNames: arrayifyNames(r),
-          dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-          paymentUrl: r.paymentUrl || '',
-          calendarUrl: `${forumBaseUrl()}/calendar`,
-          delayMinutes: holdMins,
-          pickupLine: r.pickupTime ? (r.adminNote ? `${r.pickupTime} à ${r.adminNote}` : r.pickupTime) : '',
-        });
-      }
-      r.reminderSent = true;
-      r.reminderAt = now;
-      await dbLayer.saveReservation(r);
-      continue;
-    }
-    if (now >= expireAt) {
-      // Expire: remove reservation so it disappears from calendar and frees items
-      // Guard email send across clustered NodeBB processes
-      const expiredKey = 'calendar-onekite:email:expiredSent';
-      const firstExpired = await addOnce(expiredKey, rid);
-      const shouldEmail = !!firstExpired;
-      // Guard Discord notification across clustered NodeBB processes
-      const discordKey = 'calendar-onekite:discord:cancelledSent';
-      const firstDiscord = await addOnce(discordKey, rid);
-      const shouldDiscord = !!firstDiscord;
-      const toUid = parseInt(r.uid, 10);
-      const u = await user.getUserFields(toUid, ['username']);
-      if (shouldEmail && toUid) {
-        await sendEmail('calendar-onekite_expired', toUid, 'Location matériel - Demande expirée', {
-          uid: toUid,
-          username: (u && u.username) ? u.username : '',
-          itemName: arrayifyNames(r).join(', '),
-          itemNames: arrayifyNames(r),
-          dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-          delayMinutes: holdMins,
-          reason: 'Paiement non reçu dans le temps imparti.',
-        });
-      }
-      // Validators info email (best-effort)
-      if (shouldEmail) {
-        const validators = await getNotifiedValidatorUids(settings);
-        for (const vuid of validators) {
-          await sendEmail('calendar-onekite_validator_expired', vuid, 'Location matériel - Demande expirée', {
-            rid: r.rid || rid,
-            requesterUsername: (u && u.username) ? u.username : (r.username || ''),
-            itemNames: arrayifyNames(r),
-            dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-            adminUrl,
-            reason: 'Paiement non reçu dans le temps imparti.',
-            paymentUrl: r.paymentUrl || '',
-          });
-        }
-      }
-      if (shouldDiscord) {
-        try {
-          await discord.notifyReservationCancelled(settings, {
-            rid: r.rid || rid,
-            uid: r.uid,
-            username: (u && u.username) ? u.username : (r.username || ''),
-            itemIds: r.itemIds || [],
-            itemNames: r.itemNames || [],
-            start: r.start,
-            end: r.end,
-            status: 'cancelled',
-            cancelledAt: now,
-            cancelledBy: 'system',
-          });
-        } catch (e) {}
-      }
-      await dbLayer.removeReservation(rid);
-      // Real-time refresh for all viewers
-      realtime.emitCalendarUpdated({ kind: 'reservation', action: 'expired', rid: String(rid), status: 'expired' });
-    }
-  }
-}
 function start() {
   const runJobs = nconf.get('runJobs');
   if (runJobs === false || runJobs === 'false' || runJobs === 0 || runJobs === '0') {
@@ -340,24 +11,8 @@ function start() {
     console.info('[calendar-onekite] Scheduler disabled (runJobs=false)');
     return;
   }
-  if (timer) return;
   // eslint-disable-next-line no-console
-  console.info('[calendar-onekite] Scheduler enabled');
-  timer = setInterval(async () => {
-    try {
-      // Single DB fetch shared between both jobs (avoids duplicate listAll + getReservations)
-      const ids = await dbLayer.listAllReservationIds(5000);
-      const reservations = ids && ids.length ? await dbLayer.getReservations(ids) : [];
-      await expirePending(ids, reservations).catch((err) => {
-        console.warn('[calendar-onekite] Scheduler error in expirePending', err && err.message ? err.message : err);
-      });
-      await processAwaitingPayment(ids, reservations).catch((err) => {
-        console.warn('[calendar-onekite] Scheduler error in processAwaitingPayment', err && err.message ? err.message : err);
-      });
-    } catch (err) {
-      console.warn('[calendar-onekite] Scheduler tick error', err && err.message ? err.message : err);
-    }
-  }, 60 * 1000);
+  console.info('[calendar-onekite] Scheduler started (no expiry timers configured)');
 }
 function stop() {
@@ -367,9 +22,4 @@ function stop() {
   }
 }
-module.exports = {
-  start,
-  stop,
-  expirePending,
-  processAwaitingPayment,
-};
+module.exports = { start, stop };

package/lib/syncPayment.js ADDED Viewed

@@ -0,0 +1,141 @@
+'use strict';
+/**
+ * Shared helper: verify payment status from HelloAsso for a reservation
+ * stuck in awaiting_payment, and mark it as paid if confirmed.
+ *
+ * Used by both api.syncPaymentFromHelloAsso (validator-level) and
+ * admin.syncPaymentFromHelloAsso (admin-level). Auth checks are the
+ * caller's responsibility.
+ *
+ * @param {object} opts
+ * @param {object} opts.r          Reservation object (mutated and saved on success)
+ * @param {object} opts.settings   Plugin settings
+ * @param {number} opts.actorUid   UID of the user triggering the sync (for audit)
+ * @returns {Promise<{ok: boolean, synced?: boolean, alreadyPaid?: boolean,
+ *   reason?: string, prevStatus?: string, paymentId?: string,
+ *   orderState?: string, paymentState?: string}>}
+ */
+const user = require.main.require('./src/user');
+const dbLayer = require('./db');
+const helloasso = require('./helloasso');
+const discord = require('./discord');
+const realtime = require('./realtime');
+const shared = require('./shared');
+const { formatFR, sendEmail, buildCalendarLinks, arrayifyIds, arrayifyNames } = shared;
+const OK_STATES = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'];
+async function syncPayment({ r, settings, actorUid }) {
+  if (r.status === 'paid') return { ok: true, alreadyPaid: true, status: r.status };
+  if (r.status !== 'awaiting_payment') return { ok: false, reason: 'wrong-status', status: r.status };
+  const checkoutIntentId = r.checkoutIntentId ? String(r.checkoutIntentId) : null;
+  if (!checkoutIntentId) return { ok: false, reason: 'no-checkout-intent-id' };
+  const token = await helloasso.getAccessToken({
+    env: settings.helloassoEnv || 'prod',
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+  if (!token) return { ok: false, reason: 'helloasso-auth-failed' };
+  const details = await helloasso.getCheckoutIntentDetails({
+    env: settings.helloassoEnv || 'prod',
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    checkoutIntentId,
+  });
+  if (!details) return { ok: false, reason: 'checkout-intent-not-found' };
+  const order = details.order ? details.order : details;
+  const orderState = String((order.state || order.status) || '').toLowerCase();
+  const paymentsArr = Array.isArray(order.payments) ? order.payments : [];
+  const paymentState = paymentsArr.length
+    ? String((paymentsArr[0].state || paymentsArr[0].status) || '').toLowerCase()
+    : '';
+  if (!OK_STATES.includes(orderState) && !OK_STATES.includes(paymentState)) {
+    return { ok: false, reason: 'not-paid-on-helloasso', orderState, paymentState };
+  }
+  const prevStatus = r.status;
+  const paymentId = paymentsArr.length ? String(paymentsArr[0].id || '') : '';
+  const paymentReceiptUrl = paymentsArr.length
+    ? String(paymentsArr[0].paymentReceiptUrl || paymentsArr[0].receiptUrl || '')
+    : '';
+  r.status = 'paid';
+  r.paidAt = Date.now();
+  r.syncedFromHelloAsso = true;
+  r.syncedBy = actorUid || 0;
+  if (paymentId) r.paymentId = paymentId;
+  if (paymentReceiptUrl) r.paymentReceiptUrl = paymentReceiptUrl;
+  await dbLayer.saveReservation(r);
+  try {
+    await dbLayer.addAuditEntry({
+      ts: Date.now(), year: new Date().getFullYear(),
+      action: 'reservation_sync_paid',
+      targetType: 'reservation', targetId: String(r.rid),
+      reservationUid: Number(r.uid) || 0,
+      reservationUsername: String(r.username || ''),
+      actorUid: actorUid || 0,
+      itemIds: arrayifyIds(r), itemNames: arrayifyNames(r),
+      startDate: r.startDate || '', endDate: r.endDate || '',
+      prevStatus,
+    });
+  } catch (e) {}
+  realtime.emitCalendarUpdated({ kind: 'reservation', action: 'paid', rid: String(r.rid), status: 'paid' });
+  try {
+    const requesterUid = parseInt(r.uid, 10);
+    if (requesterUid) {
+      const requester = await user.getUserFields(requesterUid, ['username']);
+      const latNum = Number(r.pickupLat);
+      const lonNum = Number(r.pickupLon);
+      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
+        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
+        : '';
+      await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
+        uid: requesterUid,
+        username: requester && requester.username ? requester.username : '',
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
+        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+        paymentReceiptUrl: r.paymentReceiptUrl || '',
+        pickupTime: r.pickupTime || '',
+        pickupAddress: r.pickupAddress || '',
+        mapUrl,
+        ...(buildCalendarLinks({
+          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
+          itemNames: arrayifyNames(r),
+          pickupAddress: r.pickupAddress || '', allDay: true,
+          startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate)))
+            ? String(r.startDate)
+            : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
+          endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate)))
+            ? String(r.endDate)
+            : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
+        })),
+      });
+    }
+  } catch (e) {}
+  try {
+    const requester2 = await user.getUserFields(parseInt(r.uid, 10), ['username']);
+    await discord.notifyPaymentReceived(settings, {
+      rid: r.rid, uid: r.uid,
+      username: (requester2 && requester2.username) ? requester2.username : (r.username || ''),
+      itemIds: arrayifyIds(r), itemNames: arrayifyNames(r),
+      start: r.start, end: r.end, status: r.status,
+    });
+  } catch (e) {}
+  return { ok: true, synced: true, prevStatus, paymentId: r.paymentId || '' };
+}
+module.exports = { syncPayment };

package/library.js CHANGED Viewed

@@ -80,6 +80,7 @@ Plugin.init = async function (params) {
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/approve', ...publicExpose, api.approveReservation);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/refuse', ...publicExpose, api.refuseReservation);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/cancel', ...publicExpose, api.cancelReservation);
+  router.post('/api/v3/plugins/calendar-onekite/reservations/:rid/sync-payment', ...publicExpose, api.syncPaymentFromHelloAsso);
   router.post('/api/v3/plugins/calendar-onekite/special-events', ...publicExpose, api.createSpecialEvent);
   router.get('/api/v3/plugins/calendar-onekite/special-events/:eid', ...publicExpose, api.getSpecialEventDetails);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-onekite-calendar",
-  "version": "2.0.94",
+  "version": "2.0.96",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/public/client.js CHANGED Viewed

@@ -608,10 +608,11 @@ define('forum/calendar-onekite', ['alerts', 'bootbox', 'hooks'], function (alert
   function statusLabel(s) {
     const map = {
-      pending: 'En attente de validation de validation',
+      pending: 'En attente de validation',
       awaiting_payment: 'Validée – paiement en attente',
       paid: 'Payée',
-      rejected: 'Rejetée',
+      refused: 'Rejetée',
+      cancelled: 'Annulée',
       expired: 'Expirée',
     };
     return map[String(s || '')] || String(s || '');
@@ -1244,14 +1245,6 @@ function toDatetimeLocalValue(date) {
       </div>
     ` : '';
-    const holdPending = parseInt((opts && opts.pendingHoldMinutes), 10) || 5;
-    const holdPayment = parseInt((opts && opts.paymentHoldMinutes), 10) || 60;
-    const delayBannerHtml = `
-      <div class="mt-2 p-2 rounded" style="font-size: 12px; background: var(--bs-info-bg-subtle, #cff4fc); border: 1px solid var(--bs-info-border-subtle, #9eeaf9); color: var(--bs-info-text-emphasis, #055160);">
-        <strong>Délais :</strong>
-        validation sous <strong>${fmtDuration(holdPending)}</strong> · paiement sous <strong>${fmtDuration(holdPayment)}</strong> après validation
-      </div>
-    `;
     const messageHtml = `
       <div class="mb-2" id="onekite-period"><strong>Période</strong><br>${formatDt(start)} → ${formatDt(endDisplay)} <span class="text-muted" id="onekite-days">(${days} jour${days > 1 ? 's' : ''})</span></div>
@@ -1269,7 +1262,6 @@ function toDatetimeLocalValue(date) {
         <div id="onekite-total" style="font-size: 18px;"><strong>0,00 €</strong></div>
       </div>
       <div class="text-muted" style="font-size: 12px;">Les matériels grisés sont déjà réservés ou en attente.</div>
-      ${delayBannerHtml}
     `;
     return new Promise((resolve) => {
@@ -1446,9 +1438,6 @@ function toDatetimeLocalValue(date) {
     const canCreateReservation = !!caps.canCreateReservation;
     const isValidator = !!caps.isValidator;
     const specialEventCategoryCid = parseInt(caps.specialEventCategoryCid, 10) || 0;
-    const pendingHoldMinutes = parseInt(caps.pendingHoldMinutes, 10) || 5;
-    const paymentHoldMinutes = parseInt(caps.paymentHoldMinutes, 10) || 60;
     // Creation chooser: Location / Prévision de sortie / Évènement (si autorisé).
     // Inject lightweight responsive CSS once.
@@ -1596,7 +1585,7 @@ function toDatetimeLocalValue(date) {
               showAlert('error', 'Aucun matériel disponible (items HelloAsso non chargés).');
               return;
             }
-            const chosen = await openReservationDialog(sel, items, { isValidator, pendingHoldMinutes, paymentHoldMinutes });
+            const chosen = await openReservationDialog(sel, items, { isValidator });
             if (!chosen || !chosen.itemIds || !chosen.itemIds.length) return;
             const startDate = toLocalYmd(sel.start);
             const endDate = (chosen && chosen.endDate) ? String(chosen.endDate) : toLocalYmd(sel.end);
@@ -1688,7 +1677,7 @@ function toDatetimeLocalValue(date) {
               showAlert('error', 'Aucun matériel disponible (items HelloAsso non chargés).');
               return;
             }
-            const chosen = await openReservationDialog(sel, items, { isValidator, pendingHoldMinutes, paymentHoldMinutes });
+            const chosen = await openReservationDialog(sel, items, { isValidator });
             if (!chosen || !chosen.itemIds || !chosen.itemIds.length) return;
             const startDate = toLocalYmd(sel.start);
             const endDate = (chosen && chosen.endDate) ? String(chosen.endDate) : toLocalYmd(sel.end);
@@ -2423,6 +2412,37 @@ function toDatetimeLocalValue(date) {
             },
           };
         }
+        if (canModerate && status === 'awaiting_payment') {
+          buttons.syncPayment = {
+            label: 'Vérifier paiement',
+            className: 'btn-outline-info',
+            callback: () => {
+              (async () => {
+                try {
+                  const resp = await fetchJson(
+                    `/api/v3/plugins/calendar-onekite/reservations/${encodeURIComponent(String(rid))}/sync-payment`,
+                    { method: 'POST' }
+                  );
+                  if (resp && (resp.alreadyPaid || resp.synced)) {
+                    const msg = resp.alreadyPaid
+                      ? 'Paiement déjà confirmé.'
+                      : 'Paiement confirmé chez HelloAsso — statut mis à jour.';
+                    showAlert('success', msg);
+                    invalidateEventsCache();
+                    scheduleRefetch(calendar);
+                    try { bootbox.hideAll(); } catch (e) {}
+                  } else {
+                    const reason = (resp && resp.reason) || 'inconnu';
+                    showAlert('warning', `Paiement non confirmé chez HelloAsso (${reason}).`);
+                  }
+                } catch (e) {
+                  showAlert('error', 'Erreur lors de la vérification du paiement.');
+                }
+              })();
+              return false;
+            },
+          };
+        }
         if (showModeration) {
           buttons.refuse = {
             label: 'Refuser',
@@ -3154,6 +3174,23 @@ function autoInit(data) {
 // Live refresh when the calendar changes (reservation status, new reservation,
 // new special event, maintenance toggles, webhook payment, etc.)
+// Refresh when returning to the tab after paying on HelloAsso — registered
+// independently of socket so it works even when socket is unavailable.
+try {
+  if (!window.__oneKiteVisibilityBound) {
+    window.__oneKiteVisibilityBound = true;
+    document.addEventListener('visibilitychange', function () {
+      if (document.visibilityState !== 'visible') return;
+      try {
+        const cal = window.oneKiteCalendar;
+        if (!cal) return;
+        invalidateEventsCache();
+        scheduleRefetch(cal);
+      } catch (e) {}
+    });
+  }
+} catch (e) {}
 try {
   if (!window.__oneKiteSocketBound && typeof socket !== 'undefined' && socket && typeof socket.on === 'function') {
     window.__oneKiteSocketBound = true;

package/templates/admin/plugins/calendar-onekite.tpl CHANGED Viewed

@@ -51,23 +51,6 @@
             <input class="form-control" name="notifyGroups" placeholder="ex: administrators">
           </div>
-          <div class="mb-3">
-            <label class="form-label">Durée de blocage en attente (minutes)</label>
-            <input class="form-control" name="pendingHoldMinutes" placeholder="5">
-          </div>
-          <div class="mb-3">
-            <label class="form-label">Rappel validateurs (demande en attente) après (minutes)</label>
-            <input class="form-control" name="validatorReminderMinutesPending" placeholder="0">
-            <div class="form-text">Si &gt; 0, un email de rappel est envoyé aux validateurs après ce délai tant que la demande est toujours en attente.</div>
-          </div>
-          <div class="mb-3">
-            <label class="form-label">Délai rappel paiement (minutes)</label>
-            <input class="form-control" name="paymentHoldMinutes" placeholder="60">
-            <div class="form-text">Après validation (statut <code>paiement en attente</code>), un rappel est envoyé après ce délai. La réservation est ensuite expirée après <strong>2×</strong> ce délai.</div>
-          </div>
           <div class="mb-3">
             <label class="form-label">Location longue durée (jours) pour validateurs</label>
             <input class="form-control" name="validatorFreeMaxDays" placeholder="0">

package/templates/emails/calendar-onekite_approved.tpl CHANGED Viewed

@@ -43,13 +43,10 @@
 <!-- IF calendarUrl -->
 <p>
   <a href="{calendarUrl}" style="display:inline-block;padding:12px 18px;border-radius:6px;text-decoration:none;border:1px solid #333;">
-    Accéder au calendrier pour payer
+    Accéder au calendrier
   </a>
 </p>
 <p style="font-size: 12px; color: #666;">
   Sur le calendrier, cliquez sur votre réservation puis sur le bouton <strong>« Payer maintenant »</strong>.
-  <!-- IF paymentUrl -->
-  <br>Vous pouvez aussi payer directement via ce lien (valable quelques heures) : <a href="{paymentUrl}">{paymentUrl}</a>
-  <!-- ENDIF paymentUrl -->
 </p>
 <!-- ENDIF calendarUrl -->

package/templates/emails/calendar-onekite_reminder.tpl CHANGED Viewed

@@ -13,13 +13,10 @@
 <!-- IF calendarUrl -->
 <p>
   <a href="{calendarUrl}" style="display:inline-block;padding:12px 18px;border-radius:6px;text-decoration:none;border:1px solid #333;">
-    Accéder au calendrier pour payer
+    Accéder au calendrier
   </a>
 </p>
 <p style="font-size: 12px; color: #666;">
   Sur le calendrier, cliquez sur votre réservation puis sur le bouton <strong>« Payer maintenant »</strong>.
-  <!-- IF paymentUrl -->
-  <br>Vous pouvez aussi payer directement via ce lien (valable quelques heures) : <a href="{paymentUrl}">{paymentUrl}</a>
-  <!-- ENDIF paymentUrl -->
 </p>
 <!-- ENDIF calendarUrl -->