From cc673337e08b66d1adac3ae9bc4e5893e73ab835 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 9 Aug 2020 13:15:10 +0200 Subject: move order-ID into cookie --- design-documents/007-payment.rst | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) (limited to 'design-documents/007-payment.rst') diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst index 1de6f6fc..a4091cb0 100644 --- a/design-documents/007-payment.rst +++ b/design-documents/007-payment.rst @@ -36,23 +36,22 @@ Storefront When *resource-URL* is requested, the storefront runs the following steps: -1. Extract the the *order-ID* (or null) and *resource name* from the *resource-URL*. -2. Extract the *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies). -3. If *session-ID* and *order-ID* is non-null and the storefront's +1. Extract the *resource name* from the *resource-URL*. +2. Extract the *order-ID* and *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies). +3. If *session-ID* and *order-ID* are valid and the storefront's *session-payment-cache* contains the tuple (*order-ID*, *resource-name*, *session-ID*), return to the client the resource associated with *resource name*. **Terminate.** -4. If the *session-ID* is null, assign a fresh session ID and set it in a cookie to be sent with the response. -5. If *order-ID* is null, create a new order for *resource-name* by doing a ``POST /private/orders`` to - the merchant backend. Store the new order ID as *order-ID*. -6. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``. +4. If *session-ID* and *order-ID* are invalid, assign a fresh session ID and create a new order for *resource name* by doing a ``POST /private/orders`` to + the merchant backend. Set both in the cookie to be sent with the response. +5. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``. This results in the *order-status*, *refund-amount* and the *client-order-status-URL*. -7. If the *order-status* is paid and *refund-amount* is non-zero, +6. If the *order-status* is paid and *refund-amount* is non-zero, return to the client a page with an explanation that the payment has been refunded. If the client has not (fully) obtained the granted refunds yet, show a link to the public order page of the backend to allow the client to obtain the refund. **Terminate.** -8. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache* +7. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache* and return to the client the resource associated with *resource name*. **Terminate.** -9. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.** +8. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.** .. note:: @@ -183,14 +182,6 @@ Covered Scenarios Problematic Scenarios --------------------- -Link sharing -^^^^^^^^^^^^ - -Right now, sharing the /orders/{order-ID} link with the session ID will -allow someone who did not purchase the order to still get a 'paid' response -from the backend. (Will fulfillment then work? => Check!) - - Bookmarks of Lost Purchases / Social Sharing of Fulfillment URLs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- cgit v1.2.3