From 0d714498d331d5ff3bdded8f42e3656cc6df6eba Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sun, 9 Aug 2020 12:38:50 +0200
Subject: revise storefront

---
 design-documents/007-payment.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst
index aacd163a..09205705 100644
--- a/design-documents/007-payment.rst
+++ b/design-documents/007-payment.rst
@@ -37,8 +37,7 @@ Storefront
 When *resource-URL* is requested, the storefront runs the following steps:
 
 1. Extract the the *order-ID* (or null) and *resource name* from the *resource-URL*.
-2. Extract the *session-ID* (or null) from the request's signed cookie.
-   -------- DISCUSS: 'signed'? Since when are cookies signed???
+2. Extract the *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies).
 3. If *session-ID* and *order-ID* is non-null and the storefront's
    *session-payment-cache* contains the tuple (*order-ID*, *resource-name*, *session-ID*),
    return to the client the resource associated with *resource name*.  **Terminate.**
@@ -48,8 +47,9 @@ When *resource-URL* is requested, the storefront runs the following steps:
 6. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``.
    This results in the *order-status*, *refund-amount* and the *client-order-status-URL*.
 7. If the *order-status* is paid and *refund-amount* is non-zero,
-   return to the client the refund info page for *resource name*.  **Terminate.**
-   ---------- DISCUSS: what is a 'refund info page'? What should be on it? Explain better!
+   return to the client a page with an explanation that the payment has been refunded.
+   If the client has not (fully) obtained the granted refunds yet, show a link to the public order page
+   of the backend to allow the client to obtain the refund.  **Terminate.**
 8. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache*
    and return to the client the resource associated with *resource name*.  **Terminate.**
 9. Otherwise, the *order-status* is unpaid.  Redirect the client to *client-order-status-URL*. **Terminate.**
-- 
cgit v1.2.3