diff options
author | Florian Dold <florian@dold.me> | 2021-08-16 13:02:05 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-08-16 13:02:05 +0200 |
commit | 73acf3905c6e628f1022c706557c4955d52e13b6 (patch) | |
tree | e023ae4efa3a04f93e672e4944fe4c5a8a98c560 /merchant-spec/public-orders-get.ts | |
parent | 2268e4b9c7de07f753dc817616e730766eacffe9 (diff) | |
download | docs-73acf3905c6e628f1022c706557c4955d52e13b6.tar.gz docs-73acf3905c6e628f1022c706557c4955d52e13b6.tar.bz2 docs-73acf3905c6e628f1022c706557c4955d52e13b6.zip |
address CG's spec comment
Diffstat (limited to 'merchant-spec/public-orders-get.ts')
-rw-r--r-- | merchant-spec/public-orders-get.ts | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts index ef9eee3f..4a98aab4 100644 --- a/merchant-spec/public-orders-get.ts +++ b/merchant-spec/public-orders-get.ts @@ -59,14 +59,9 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp { (ord.requireClaimToken && ord.claimToken === req.claimToken) || !ord.requireClaimToken; - if (authMissing) { - // Client is trying to get the order status of a claimed, - // unpaid order. However, the client is not showing authentication. - // - // CG-FIXME: Eh, nothing here suggests the order is _claimed_. - // The branch above is wrong, as an unclaimed order without - // requireClaimToken must not end up here! So I think - // we here need authMissing && !authOk in the branch above! + if (authMissing && ord.requireClaimToken) { + // Client is trying to get the order status of an + // order. However, the client is not showing authentication. // // This can happen when the fulfillment URL includes the order ID, // and the storefront redirects the user to the backend QR code |