diff options
author | Florian Dold <florian@dold.me> | 2021-08-08 18:38:18 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-08-08 18:38:18 +0200 |
commit | 45c5cae232f6a9717590a9eae3474cee337cb3f4 (patch) | |
tree | 0bd00f84c6841ef6fca4e02ad7a206dacad1eb33 /merchant-spec | |
parent | e28129903772b99ad63613ba203c2d0dd20937c9 (diff) | |
download | docs-45c5cae232f6a9717590a9eae3474cee337cb3f4.tar.gz docs-45c5cae232f6a9717590a9eae3474cee337cb3f4.tar.bz2 docs-45c5cae232f6a9717590a9eae3474cee337cb3f4.zip |
allow h_contract as auth once order is claimed
Diffstat (limited to 'merchant-spec')
-rw-r--r-- | merchant-spec/public-orders-get.ts | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts index 20b893a6..225cc253 100644 --- a/merchant-spec/public-orders-get.ts +++ b/merchant-spec/public-orders-get.ts @@ -65,7 +65,8 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp { } if (!ord.paid) { - if (ord.requireClaimToken && ord.claimToken !== req.claimToken) { + const hcOk = ord.contractHash === req.contractHash; + if (!hcOk && ord.requireClaimToken && ord.claimToken !== req.claimToken) { // This can happen when the fulfillment URL page detects // the user has not paid under the current session. return { @@ -109,8 +110,8 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp { responseType: "StatusGotoResponse", response: { already_paid_order_id: alreadyPaidOrd.orderId, - } - } + }, + }; } return { httpStatus: "402 Payment Required", |