summaryrefslogtreecommitdiff
path: root/design-documents/007-payment.rst
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-08-09 12:38:50 +0200
committerChristian Grothoff <christian@grothoff.org>2020-08-09 12:38:50 +0200
commit0d714498d331d5ff3bdded8f42e3656cc6df6eba (patch)
treefa73a02da3d32bb06c25abae10b15f0973ef74b3 /design-documents/007-payment.rst
parent551739c033f29fd21d6110def4f8ad87615b1b93 (diff)
downloaddocs-0d714498d331d5ff3bdded8f42e3656cc6df6eba.tar.gz
docs-0d714498d331d5ff3bdded8f42e3656cc6df6eba.tar.bz2
docs-0d714498d331d5ff3bdded8f42e3656cc6df6eba.zip
revise storefront
Diffstat (limited to 'design-documents/007-payment.rst')
-rw-r--r--design-documents/007-payment.rst8
1 files changed, 4 insertions, 4 deletions
diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst
index aacd163a..09205705 100644
--- a/design-documents/007-payment.rst
+++ b/design-documents/007-payment.rst
@@ -37,8 +37,7 @@ Storefront
When *resource-URL* is requested, the storefront runs the following steps:
1. Extract the the *order-ID* (or null) and *resource name* from the *resource-URL*.
-2. Extract the *session-ID* (or null) from the request's signed cookie.
- -------- DISCUSS: 'signed'? Since when are cookies signed???
+2. Extract the *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies).
3. If *session-ID* and *order-ID* is non-null and the storefront's
*session-payment-cache* contains the tuple (*order-ID*, *resource-name*, *session-ID*),
return to the client the resource associated with *resource name*. **Terminate.**
@@ -48,8 +47,9 @@ When *resource-URL* is requested, the storefront runs the following steps:
6. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``.
This results in the *order-status*, *refund-amount* and the *client-order-status-URL*.
7. If the *order-status* is paid and *refund-amount* is non-zero,
- return to the client the refund info page for *resource name*. **Terminate.**
- ---------- DISCUSS: what is a 'refund info page'? What should be on it? Explain better!
+ return to the client a page with an explanation that the payment has been refunded.
+ If the client has not (fully) obtained the granted refunds yet, show a link to the public order page
+ of the backend to allow the client to obtain the refund. **Terminate.**
8. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache*
and return to the client the resource associated with *resource name*. **Terminate.**
9. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.**