From f6b5dd04e06198a023eb38945c963a9128065786 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 7 Sep 2020 15:38:34 +0530 Subject: append h_contract when appropriate --- .../taler-merchant-httpd_private-get-orders-ID.c | 31 +++++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) (limited to 'src/backend/taler-merchant-httpd_private-get-orders-ID.c') diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c index 550b9df2..a57845d4 100644 --- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c @@ -978,7 +978,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + &claim_token, + NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s, s:s, s:s, s:s, s:s?}", @@ -1056,7 +1057,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + &claim_token, + NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s, s:s, s:s}", @@ -1184,11 +1186,26 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, } } - order_status_url = TMH_make_order_status_url (connection, - hc->infix, - gorc->session_id, - hc->instance->settings.id, - &claim_token); + { + struct GNUNET_HashCode *h_contract = NULL; + + /* In a session-bound payment, allow the browser to check the order + * status page (e.g. to get a refund). + * + * Note that we don't allow this outside of session-based payment, as + * otherwise this becomes an oracle to convert order_id to h_contract. + */ + if (NULL != gorc->session_id) + h_contract = &gorc->h_contract_terms; + + order_status_url = + TMH_make_order_status_url (connection, + hc->infix, + gorc->session_id, + hc->instance->settings.id, + &claim_token, + h_contract); + } ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, -- cgit v1.2.3