5 files changed, 109 insertions, 252 deletions
diff --git a/src/frontend/checkout.php b/src/frontend/checkout.php
index ec9245f8..f0394bd7 100644
--- a/src/frontend/checkout.php
+++ b/src/frontend/checkout.php
@@ -3,34 +3,35 @@
 <head>
   <title>Toy Store - Payment method - Taler Demo</title>
   <link rel="stylesheet" type="text/css" href="style.css">
-    <script>
-        /*
-        @licstart  The following is the entire license notice for the
-        JavaScript code in this page.
-
-        Copyright (C) 2014,2015 GNUnet e.V.
-
-        The JavaScript code in this page is free software: you can
-        redistribute it and/or modify it under the terms of the GNU
-        Lesser General Public License (GNU LGPL) as published by the
-	Free Software
-        Foundation, either version 3 of the License, or (at your option)
-        any later version.  The code is distributed WITHOUT ANY WARRANTY;
-        without even the implied warranty of MERCHANTABILITY or FITNESS
-        FOR A PARTICULAR PURPOSE.  See the GNU LGPL for more details.
-
-        As additional permission under GNU LGPL version 3 section 7, you
-        may distribute non-source (e.g., minimized or compacted) forms of
-        that code without the copy of the GNU LGPL normally required by
-        section 4, provided you include this license notice and a URL
-        through which recipients can access the Corresponding Source.
-
-        @licend  The above is the entire license notice
-        for the JavaScript code in this page.
-        */
-    </script>
+  <script>
+      /*
+      @licstart  The following is the entire license notice for the
+      JavaScript code in this page.
+
+      Copyright (C) 2014,2015 GNUnet e.V.
+
+      The JavaScript code in this page is free software: you can
+      redistribute it and/or modify it under the terms of the GNU
+      Lesser General Public License (GNU LGPL) as published by the
+      Free Software
+      Foundation, either version 3 of the License, or (at your option)
+      any later version.  The code is distributed WITHOUT ANY WARRANTY;
+      without even the implied warranty of MERCHANTABILITY or FITNESS
+      FOR A PARTICULAR PURPOSE.  See the GNU LGPL for more details.
+
+      As additional permission under GNU LGPL version 3 section 7, you
+      may distribute non-source (e.g., minimized or compacted) forms of
+      that code without the copy of the GNU LGPL normally required by
+      section 4, provided you include this license notice and a URL
+      through which recipients can access the Corresponding Source.
+
+      @licend  The above is the entire license notice
+      for the JavaScript code in this page.
+      */
+  </script>
+  <script type="application/javascript" src="taler-presence.js"></script>
 </head>
-<body onload="signal_taler_wallet_onload()">
+<body>
 <!--
   This main goal of this page is to show to the customer all the accepted
   payments methods and actually implementing just Taler; technically
@@ -115,7 +116,8 @@
           <input type="radio" name="payment_system" value="cardme">Card Me</input>
           <br/>
           <input type="radio" name="payment_system" value="taler"
-                 id="taler-radio-button-id" disabled="true">Taler</input>
+                 checked
+                 id="taler-radio-button-id" class="taler-installed-enable">Taler</input>
           <br/>
           <input type="button" onclick="pay(this.form)" value="Ok"></input>
         </div>
@@ -129,18 +131,15 @@
 /* This function is called from "taler_pay" after
    we downloaded the JSON contract from the merchant.
    We now need to pass it to the extension. */
-function handle_contract(json_contract)
-{
+function handle_contract(json_contract) {
   var cEvent = new CustomEvent('taler-contract', { detail: json_contract });
-
   document.dispatchEvent(cEvent);
 };
 
 
 /* Trigger Taler contract generation on the server, and pass the
    contract to the extension once we got it. */
-function taler_pay(form)
-{
+function taler_pay(form) {
   var contract_request = new XMLHttpRequest();
 
   /* Note that the URL we give here is specific to the Demo-shop
@@ -149,19 +148,14 @@ function taler_pay(form)
      contract, there just must be a way to get the contract
      and to pass it to the wallet when the user selects 'Pay'. */
   contract_request.open("GET", "generate_taler_contract.php", true);
-  contract_request.onload = function (e)
-  {
-    if (contract_request.readyState == 4)
-    {
-      if (contract_request.status == 200)
-      {
+  contract_request.onload = function (e) {
+    if (contract_request.readyState == 4) {
+      if (contract_request.status == 200) {
         /* display contract_requestificate (i.e. it sends the JSON string
           to the extension) alert (contract_request.responseText); */
         console.log("response text:", contract_request.responseText);
-        //handle_contract(contract_request.responseText);
-      }
-      else
-      {
+        handle_contract(contract_request.responseText);
+      } else {
         /* There was an error obtaining the contract from the merchant,
            obviously this should not happen. To keep it simple, we just
            alert the user to the error. */
@@ -171,14 +165,13 @@ function taler_pay(form)
       }
     }
   };
-  contract_request.onerror = function (e)
-  {
+  contract_request.onerror = function (e) {
     /* There was an error obtaining the contract from the merchant,
        obviously this should not happen. To keep it simple, we just
        alert the user to the error. */
     alert("Failure requesting the contract:\n" + contract_request.statusText);
   };
-  contract_request.send(null);
+  contract_request.send();
 }
 
 
@@ -186,89 +179,16 @@ function taler_pay(form)
    'Ok' button.  We are now supposed to trigger the
    "corret" payment system logic. For this demo, we
    only handle "taler". */
-function pay(form)
-{
-  for (var cnt=0; cnt < form.payment_system.length; cnt++)
-  {
-    var choice = form.payment_system[cnt];
-    if (choice.checked)
-    {
-       if (choice.value == "taler")
-       {
-         taler_pay(form);
-       }
-       else
-       {
-         alert(choice.value + ": NOT available in this demo!");
-       }
-    }
+function pay(form) {
+  var choice = form.elements["payment_system"].value;
+  if (choice == "taler") {
+    taler_pay(form);
+  }
+  else {
+    alert("You selected '" + choice + "', but we do not support this payment system in the demo.");
   }
 };
 
-
-/* The following event gets fired whenever a customer has a Taler
-   wallet installed in his browser. In that case, the webmaster can decide
-   whether or not to display/enable Taler as a payment option in the dialog. */
-function has_taler_wallet_cb(aEvent)
-{
-  // enable the Taler payment option from the form
-  var tbutton = document.getElementById("taler-radio-button-id");
-  tbutton.removeAttribute("disabled");
-  tbutton.setAttribute("checked", "true");
-};
-
-
-/* Function called when the Taler extension was unloaded;
-   here we disable the Taler option and check "Lisa", as
-   some "valid" option should always be selected. */
-function taler_wallet_unload_cb(aEvent)
-{
-  var tbutton = document.getElementById("taler-radio-button-id");
-  tbutton.setAttribute("disabled", "true");
-  var lbutton = document.getElementById("lisa-radio-button-id");
-  lbutton.setAttribute("checked", "true");
-};
-
-
-/* The merchant signals its taler-friendlyness to the wallet,
-   thereby causing the wallet to make itself more visible in the menu.
-   This function should be called both when the page is loaded
-   (i.e. via body's onload) and when we receive a "taler-load" signal
-   (as the extension may be loaded/enabled after the page was loaded) */
-function signal_taler_wallet_onload()
-{
-  var eve = new Event('taler-probe');
-  document.dispatchEvent(eve);
-};
-
-
-// function included to be run to test the page despite a
-// wallet not being present in the browser.  Enables the
-// Taler option. NOT needed in real deployments.
-function test_without_wallet(){
-  var tbutton = document.getElementById("taler-radio-button-id");
-  tbutton.removeAttribute("disabled");
-};
-
-
-// /////////////// Main logic run first ////////////////////////
-
-// Register event to be triggered by the wallet as a response to our
-// first event
-document.addEventListener("taler-wallet-present",
-                          has_taler_wallet_cb,
-			  false);
-
-// Register event to be triggered by the wallet when it gets enabled while
-// the user is on the payment page
-document.addEventListener("taler-load",
-                          signal_taler_wallet_onload,
-			  false);
-
-// Register event to be triggered by the wallet when it is unloaded
-document.addEventListener("taler-unload",
-                          taler_wallet_unload_cb,
-	                  false);
 </script>
 </body>
 </html>
diff --git a/src/frontend/fulfillment.php b/src/frontend/fulfillment.php
index 32f3c0cd..6d49971b 100644
--- a/src/frontend/fulfillment.php
+++ b/src/frontend/fulfillment.php
@@ -40,9 +40,6 @@
 
 */
 
-$cli_debug = false;
-$backend_test = true;
-
 function generate_msg ($link){
   $msg = "<p>Thanks for donating to " . $_SESSION['receiver'] . ".</p>";
   if (false != $link)
@@ -50,22 +47,17 @@ function generate_msg ($link){
   return $msg;
 }
 
-if ($_GET['cli_debug'] == 'yes')
-  $cli_debug = true;
+session_start();
 
-if ($_GET['backend_test'] == 'no')
+if (!isset ($_SESSION['payment_ok']))
 {
-  $cli_debug = true;
-  $backend_test = false;
+  echo "<p>Please come here after a successful payment!</p>";
 }
-
-session_start();
-
-if (! isset ($_SESSION['payment_ok']))
-  echo "<p>Please land here after a successful payment!</p>";
-else{
+else
+{
   $news = false;
-  switch ($_SESSION['receiver']){
+  switch ($_SESSION['receiver'])
+  {
     case "Taler":
       $news = "https://taler.net/news";
       break;
diff --git a/src/frontend/generate_taler_contract.php b/src/frontend/generate_taler_contract.php
index 14add359..e44a4d9b 100644
--- a/src/frontend/generate_taler_contract.php
+++ b/src/frontend/generate_taler_contract.php
@@ -14,62 +14,24 @@
   You should have received a copy of the GNU Lesser General Public License along with
   TALER; see the file COPYING.  If not, If not, see <http://www.gnu.org/licenses/>
 
-*/
+ */
 
-/*  
-  This code generates a Taler contract in JSON format. Key steps are:
 
-  1. recover the PHP session with the contract information
-  2. generate the JSON to forward to the backend
-  3. forward the response with the contract from the backend to
-     to the wallet
+include 'util.php';
 
-  To test this feature from the command line, issue:
-
-  - $ curl http://merchant_url/generate_taler_contract.php?cli_debug=yes
-    if the whole "journey" to the backend is begin tested
-  - $ curl http://merchant_url/generate_taler_contract.php?backend_test=no
-    if just the frontend job is being tested
-*/
-
-$cli_debug = false;
-$backend_test = true;
-
-if (isset($_GET['cli_debug']) && $_GET['cli_debug'] == 'yes')
-  $cli_debug = true;
-
-if (isset($_GET['backend_test']) && $_GET['backend_test'] == 'no')
-{
-  $cli_debug = true;
-  $backend_test = false;
-}
-
-// 1) recover the session information
 session_start();
-if (!$cli_debug && (! isset($_SESSION['receiver'])))
-{
-  http_response_code (404);
-  echo "Please select a contract before getting to this page...";
-  echo "attempted : " . $_SESSION['receiver'];
-  exit (0);
-}
 
-/* Obtain session state */
-if (!$cli_debug)
+if (!isset($_SESSION['receiver']))
 {
-  $receiver = $_SESSION['receiver'];
-  $amount_value = intval ($_SESSION['amount_value']);
-  $amount_fraction = intval ($_SESSION['amount_fraction']);
-  $currency = $_SESSION['currency'];
+  http_response_code (400);
+  die();
 }
-else
-{
-  $receiver = "Test Receiver";
-  $amount_value = 5;
-  $amount_fraction = 5;
-  $currency = "KUDOS";
 
-}
+$receiver = $_SESSION['receiver'];
+$receiver = $_SESSION['receiver'];
+$amount_value = intval ($_SESSION['amount_value']);
+$amount_fraction = intval ($_SESSION['amount_fraction']);
+$currency = $_SESSION['currency'];
 
 /* Fill in variables for simple JSON contract */
 // fake product id 
@@ -90,9 +52,6 @@ $teatax = array ('value' => 1,
 // Take a timestamp
 $now = new DateTime('now');
 
-$PAY_URL = "pay.php";
-$EXEC_URL = "execute.php";
-
 // pack the JSON for the contract 
 // --- FIXME: exact format needs review!
 $contract = array ('amount' => array ('value' => $amount_value,
@@ -113,8 +72,6 @@ $contract = array ('amount' => array ('value' => $amount_value,
 			              'delivery_date' => "Some Date Format",
 			              'delivery_location' => 'LNAME1')),
 			    'timestamp' => "/Date(" . $now->getTimestamp() . ")/",
-			    'pay_url' => $PAY_URL,
-			    'exec_url' => $EXEC_URL, 
 			    'expiry' => "/Date(" . $now->add(new DateInterval('P2W'))->getTimestamp() . ")/",
 			    'refund_deadline' => "/Date(" . $now->add(new DateInterval('P3M'))->getTimestamp() . ")/",
 			    'merchant' => array ('address' => 'LNAME2',
@@ -142,17 +99,11 @@ $contract = array ('amount' => array ('value' => $amount_value,
 						                     'state' => 'Test State',
 							             'region' => 'Test Region',
 								     'province' => 'Test Province',
-								     'ZIP code' => 4908)));
-$json = json_encode (array ('contract' => $contract, 'exec_url' => $EXEC_URL, 'pay_url' => $PAY_URL), JSON_PRETTY_PRINT);
-if ($cli_debug && !$backend_test)
-{
-  echo $json . "\n";
-  exit;
-}
+                                                                     'ZIP code' => 4908)));
 
+$json = json_encode(array('contract' => $contract, JSON_PRETTY_PRINT));
 
-$url = (new http\URL("http://".$_SERVER["HTTP_HOST"]))
-  ->mod(array ("path" => "backend/contract"), http\Url::JOIN_PATH);
+$url = url_join("http://".$_SERVER["HTTP_HOST"], "backend/contract");
 
 $req = new http\Client\Request("POST",
                                $url,
@@ -178,8 +129,11 @@ if ($status_code != 200)
   echo $resp->body->toString ();
 }
 else
-{ $got_json = json_decode ($resp->body->toString ());
-  $_SESSION['H_contract'] = $got_json->H_contract;
-  echo $resp->body->toString ();
+{
+  $got_json = json_decode ($resp->body->toString (), true);
+  $got_json['pay_url'] = url_rel("pay.php");
+  $got_json['exec_url'] = url_rel("execute.php") . "?H_contract=" . $got_json["H_contract"];
+  $_SESSION['H_contract'] = $got_json["H_contract"];
+  echo json_encode ($got_json, JSON_PRETTY_PRINT);
 }
 ?>
diff --git a/src/frontend/pay.php b/src/frontend/pay.php
index bf0be438..9fbf5f87 100644
--- a/src/frontend/pay.php
+++ b/src/frontend/pay.php
@@ -25,36 +25,30 @@
 
  */
 
-session_start();
-
-$cli_debug = false;
-$backend_test = true;
+include 'util.php';
 
-if (isset($_GET['cli_debug']) && $_GET['cli_debug'] == 'yes')
-{
-  $cli_debug = true;
+function respond_success() {
+  $_SESSION['payment_ok'] = true;
+  $json = json_encode(
+    array(
+      "fulfillment_url" => url_rel("fulfillment.php")));
+  echo $json;
 }
 
-if (isset($_GET['backend_test']) &&  $_GET['backend_test'] == 'no')
-{
-  $cli_debug = true;
-  $backend_test = false;
-}
+session_start();
 
 if (!isset($_SESSION['H_contract']))
 {
-  echo "No session active.";
-  http_response_code (301);
-  return;
+  $json = json_encode(
+    array("error" => "No session active"));
+  echo $json;
+  http_response_code (401);
+  die();
 }
 
 if (isset($_SESSION['payment_ok']) && $_SESSION['payment_ok'] == true)
 {
-  $_SESSION['payment_ok'] = true;
-  http_response_code (301);
-  $url = (new http\URL($_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']))
-    ->mod(array ("path" => "fulfillment.php"), http\Url::JOIN_PATH);
-  header("Location: $url");
+  respond_success();
   die();
 }
 
@@ -80,26 +74,13 @@ $new_deposit_permission_edate = array_merge($new_deposit_permission, $edate);
   could be on an entirely different machine if
   desired. */
 
-if ($cli_debug && !$backend_test)
-{
-
-  /* DO NOTE the newline at the end of 'echo's argument */
-  //echo json_encode ($new_deposit_permission_edate, JSON_PRETTY_PRINT)
-  echo json_encode($new_deposit_permission, JSON_PRETTY_PRINT)
-  . "\n";
-  exit;
-}
-
-
 // Backend is relative to the shop site.
 /**
  * WARNING: the "shop site" is '"http://".$_SERVER["HTTP_HOST"]'
  * So do not attach $_SERVER["REQUEST_URI"] before proxying requests
  * to the backend
  */
-//$url = (new http\URL("http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]))
-$url = (new http\URL("http://".$_SERVER["HTTP_HOST"]))
-  ->mod(array ("path" => "backend/pay"), http\Url::JOIN_PATH);
+$url = url_join("http://".$_SERVER["HTTP_HOST"], "backend/pay");
 
 $req = new http\Client\Request("POST",
                                $url,
@@ -120,21 +101,16 @@ http_response_code ($status_code);
 // Now generate our body  
 if ($status_code != 200)
 {
-  /* error: just forwarding to the wallet what
-    gotten from the backend (which is forwarding 'as is'
-    the error gotten from the mint) */
-  echo json_encode ($new_deposit_permission);
-  echo "Error came from the backend, status $status_code\n";
-  echo "\n";
-  echo $resp->body->toString ();
+  $json = json_encode(
+    array(
+      "error" => "backend error",
+      "status" => $status_code,
+      "detail" => $resp->body->toString ()));
+  echo $json;
 }
 else
 {
-  $_SESSION['payment_ok'] = true;
-  http_response_code (301);
-  $url = (new http\URL($_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']))
-    ->mod(array ("path" => "fulfillment.php"), http\Url::JOIN_PATH);
-  header("Location: $url");
+  respond_success();
   die();
 }
 
diff --git a/src/frontend/util.php b/src/frontend/util.php
new file mode 100644
index 00000000..a758d113
--- /dev/null
+++ b/src/frontend/util.php
@@ -0,0 +1,15 @@
+<?php
+function url_join($base, $path) {
+  $url = (new http\URL($base))
+    ->mod(array ("path" => $path), http\Url::JOIN_PATH|http\URL::SANITIZE_PATH);
+  return $url->toString();
+}
+
+// Get a url with a path relative to the
+// current script's path.
+function url_rel($path) {
+  return url_join(
+    $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],
+    $path);
+}
+?>