summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-08-13 23:14:23 +0200
committerChristian Grothoff <christian@grothoff.org>2021-08-13 23:14:23 +0200
commit2268e4b9c7de07f753dc817616e730766eacffe9 (patch)
treef54e953d5aa8553389ad3bed823debf0926f49df
parente6d539ae9efaeac6c515b36084552e237e386068 (diff)
downloaddocs-2268e4b9c7de07f753dc817616e730766eacffe9.tar.gz
docs-2268e4b9c7de07f753dc817616e730766eacffe9.tar.bz2
docs-2268e4b9c7de07f753dc817616e730766eacffe9.zip
-comments for Florian
-rw-r--r--merchant-spec/public-orders-get.ts5
1 files changed, 5 insertions, 0 deletions
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts
index 130f53f5..ef9eee3f 100644
--- a/merchant-spec/public-orders-get.ts
+++ b/merchant-spec/public-orders-get.ts
@@ -63,6 +63,11 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp {
// Client is trying to get the order status of a claimed,
// unpaid order. However, the client is not showing authentication.
//
+ // CG-FIXME: Eh, nothing here suggests the order is _claimed_.
+ // The branch above is wrong, as an unclaimed order without
+ // requireClaimToken must not end up here! So I think
+ // we here need authMissing && !authOk in the branch above!
+ //
// This can happen when the fulfillment URL includes the order ID,
// and the storefront redirects the user to the backend QR code
// page, because the order is not paid under the current session.