diff options
-rw-r--r-- | design-documents/007-payment.rst | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst index aacd163a..09205705 100644 --- a/design-documents/007-payment.rst +++ b/design-documents/007-payment.rst @@ -37,8 +37,7 @@ Storefront When *resource-URL* is requested, the storefront runs the following steps: 1. Extract the the *order-ID* (or null) and *resource name* from the *resource-URL*. -2. Extract the *session-ID* (or null) from the request's signed cookie. - -------- DISCUSS: 'signed'? Since when are cookies signed??? +2. Extract the *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies). 3. If *session-ID* and *order-ID* is non-null and the storefront's *session-payment-cache* contains the tuple (*order-ID*, *resource-name*, *session-ID*), return to the client the resource associated with *resource name*. **Terminate.** @@ -48,8 +47,9 @@ When *resource-URL* is requested, the storefront runs the following steps: 6. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``. This results in the *order-status*, *refund-amount* and the *client-order-status-URL*. 7. If the *order-status* is paid and *refund-amount* is non-zero, - return to the client the refund info page for *resource name*. **Terminate.** - ---------- DISCUSS: what is a 'refund info page'? What should be on it? Explain better! + return to the client a page with an explanation that the payment has been refunded. + If the client has not (fully) obtained the granted refunds yet, show a link to the public order page + of the backend to allow the client to obtain the refund. **Terminate.** 8. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache* and return to the client the resource associated with *resource name*. **Terminate.** 9. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.** |