diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-08-09 12:38:50 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-08-09 12:38:50 +0200 |
commit | 0d714498d331d5ff3bdded8f42e3656cc6df6eba (patch) | |
tree | fa73a02da3d32bb06c25abae10b15f0973ef74b3 /design-documents/007-payment.rst | |
parent | 551739c033f29fd21d6110def4f8ad87615b1b93 (diff) | |
download | docs-0d714498d331d5ff3bdded8f42e3656cc6df6eba.tar.gz docs-0d714498d331d5ff3bdded8f42e3656cc6df6eba.tar.bz2 docs-0d714498d331d5ff3bdded8f42e3656cc6df6eba.zip |
revise storefront
Diffstat (limited to 'design-documents/007-payment.rst')
-rw-r--r-- | design-documents/007-payment.rst | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst index aacd163a..09205705 100644 --- a/design-documents/007-payment.rst +++ b/design-documents/007-payment.rst @@ -37,8 +37,7 @@ Storefront When *resource-URL* is requested, the storefront runs the following steps: 1. Extract the the *order-ID* (or null) and *resource name* from the *resource-URL*. -2. Extract the *session-ID* (or null) from the request's signed cookie. - -------- DISCUSS: 'signed'? Since when are cookies signed??? +2. Extract the *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies). 3. If *session-ID* and *order-ID* is non-null and the storefront's *session-payment-cache* contains the tuple (*order-ID*, *resource-name*, *session-ID*), return to the client the resource associated with *resource name*. **Terminate.** @@ -48,8 +47,9 @@ When *resource-URL* is requested, the storefront runs the following steps: 6. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``. This results in the *order-status*, *refund-amount* and the *client-order-status-URL*. 7. If the *order-status* is paid and *refund-amount* is non-zero, - return to the client the refund info page for *resource name*. **Terminate.** - ---------- DISCUSS: what is a 'refund info page'? What should be on it? Explain better! + return to the client a page with an explanation that the payment has been refunded. + If the client has not (fully) obtained the granted refunds yet, show a link to the public order page + of the backend to allow the client to obtain the refund. **Terminate.** 8. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache* and return to the client the resource associated with *resource name*. **Terminate.** 9. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.** |