diff options
| -rw-r--r-- | talerbank/app/views.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py index 920bd04..3762ddf 100644 --- a/talerbank/app/views.py +++ b/talerbank/app/views.py @@ -900,11 +900,6 @@ def api_withdraw_operation(request, withdraw_id): host = request.get_host() if request.method == "POST": - if op.selection_done or op.withdraw_done: - return JsonResponse( - dict(error="selection of withdraw parameters already done"), - status=409 - ) data = json.loads(request.body.decode("utf-8")) exchange_payto_uri = data.get("selected_exchange") try: @@ -919,12 +914,23 @@ def api_withdraw_operation(request, withdraw_id): return JsonResponse( dict(error="bank accound in payto URI unknown"), status=400 ) - op.selected_exchange_account = exchange_acct selected_reserve_pub = data.get("reserve_pub") if not isinstance(selected_reserve_pub, str): return JsonResponse( dict(error="reserve_pub must be a string"), status=400 ) + if op.selection_done or op.withdraw_done: + if ( + op.selected_exchange_account != exchange_acct + or op.selected_reserve_pub != selected_reserve_pub + ): + return JsonResponse( + dict(error="selection of withdraw parameters already done"), + status=409 + ) + # No conflict, same data! + return JsonResponse(dict(), status=200) + op.selected_exchange_account = exchange_acct op.selected_reserve_pub = selected_reserve_pub op.selection_done = True op.save() |