diff options
Diffstat (limited to 'talerblog/blog/blog.py')
-rw-r--r-- | talerblog/blog/blog.py | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py index 92b6de4..02d10d0 100644 --- a/talerblog/blog/blog.py +++ b/talerblog/blog/blog.py @@ -123,7 +123,6 @@ except ImportError: paid_articles_cache = SimpleCache() - # Triggers the refund by serving /refund/test?order_id=XY. # Will be triggered by a "refund button". @app.route("/refund/<order_id>", methods=["POST"]) @@ -152,7 +151,6 @@ def refund(order_id): json=resp, stack=traceback.format_exc()) - def render_article(article_name, data, order_id): article_info = ARTICLES.get(article_name) if article_info is None: @@ -163,7 +161,7 @@ def render_article(article_name, data, order_id): return flask.send_file(get_image_file(data)) m = "Supplemental file ({}) for article ({}) not found.".format( data, article_name) - err_abort(500, message=m) + err_abort(404, message=m) # the order_id is needed for refunds return flask.render_template("templates/article_frame.html", article_file=get_article_file(article_info), @@ -216,16 +214,17 @@ def article(article_name, data=None): pay_status = backend_get("check-payment", pay_params) - if pay_status.get("payment_redirect_url"): - return flask.redirect(pay_status["payment_redirect_url"]) - - if pay_status.get("refunded"): - return flask.render_template("templates/article_refunded.html", - article_name=article_name) - if pay_status.get("paid"): + if pay_status["contract_terms"]["extra"]["article_name"] != article_name: + err_abort(402, message="You did not pay for this article (nice try!)", json=pay_status) + if pay_status.get("refunded"): + return flask.render_template("templates/article_refunded.html", + article_name=article_name) paid_articles_cache.set(session_id + "-" + article_name, order_id) return render_article(article_name, data, order_id) + else: + if pay_status.get("payment_redirect_url"): + return flask.redirect(pay_status["payment_redirect_url"]) # no pay_redirect but article not paid, this should never happen! err_abort(500, message="Internal error, invariant failed", json=pay_status) |