diff options
Diffstat (limited to 'src/backend/taler-merchant-httpd_private-get-orders-ID.c')
-rw-r--r-- | src/backend/taler-merchant-httpd_private-get-orders-ID.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c index 550b9df2..a57845d4 100644 --- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c @@ -978,7 +978,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + &claim_token, + NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s, s:s, s:s, s:s, s:s?}", @@ -1056,7 +1057,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + &claim_token, + NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s, s:s, s:s}", @@ -1184,11 +1186,26 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, } } - order_status_url = TMH_make_order_status_url (connection, - hc->infix, - gorc->session_id, - hc->instance->settings.id, - &claim_token); + { + struct GNUNET_HashCode *h_contract = NULL; + + /* In a session-bound payment, allow the browser to check the order + * status page (e.g. to get a refund). + * + * Note that we don't allow this outside of session-based payment, as + * otherwise this becomes an oracle to convert order_id to h_contract. + */ + if (NULL != gorc->session_id) + h_contract = &gorc->h_contract_terms; + + order_status_url = + TMH_make_order_status_url (connection, + hc->infix, + gorc->session_id, + hc->instance->settings.id, + &claim_token, + h_contract); + } ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, |