diff options
-rw-r--r-- | talerblog/blog/blog.py | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py index fc39150..a0a9784 100644 --- a/talerblog/blog/blog.py +++ b/talerblog/blog/blog.py @@ -207,14 +207,20 @@ def confirm_refund(order_id): # the refund protocol in a transparent way. @app.route("/refund/<order_id>", methods=["POST"]) def refund(order_id): - article_name = flask.request.form.get("article_name") - if not article_name: - return flask.jsonify(dict(error="No article_name found in form")), 400 - LOGGER.info("Looking for %s to refund" % article_name) if not order_id: return flask.jsonify( dict(error="Aborting refund: article not payed") ), 401 + session_id = flask.session.get("session_id", "") + pay_params = dict(order_id=order_id, session_id=session_id) + pay_status = backend_get("check-payment", pay_params) + if not pay_status.paid: + err_abort( + 402, + message="You did not pay for this article (nice try!)", + json=pay_status + ) + article_name = pay_status["contract_terms"]["extra"]["article_name"] refund_spec = dict( order_id=order_id, reason="Demo reimbursement", @@ -223,8 +229,6 @@ def refund(order_id): resp = backend_post("refund", refund_spec) try: # delete from paid article cache - article_name = resp["contract_terms"]["extra"]["article_name"] - session_id = flask.session.get("session_id", "") paid_articles_cache.delete(session_id + "-" + article_name) taler_refund_uri = resp["taler_refund_uri"] qrcode_svg = get_qrcode_svg(taler_refund_uri) |