summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcello Stanisci <stanisci.m@gmail.com>2017-11-21 17:12:48 +0100
committerMarcello Stanisci <stanisci.m@gmail.com>2017-11-21 17:12:48 +0100
commit054d9d0f6eaca6c90cc576d568066464d0040003 (patch)
tree2e1cd239a3bd2ee54a7402ada6c9f1afb7deb7eb
parent11a4fb101bb2bd8dc00c2f5de3033f4c42161bfc (diff)
downloadsurvey-054d9d0f6eaca6c90cc576d568066464d0040003.tar.gz
survey-054d9d0f6eaca6c90cc576d568066464d0040003.tar.bz2
survey-054d9d0f6eaca6c90cc576d568066464d0040003.zip
forging response headers
-rw-r--r--talersurvey/survey/survey.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/talersurvey/survey/survey.py b/talersurvey/survey/survey.py
index 2ea7ac2..8697ddf 100644
--- a/talersurvey/survey/survey.py
+++ b/talersurvey/survey/survey.py
@@ -19,6 +19,7 @@ import os
import base64
import requests
import logging
+from .amount import Amount
from talersurvey.talerconfig import TalerConfig
from urllib.parse import urljoin
@@ -72,13 +73,21 @@ def index():
@app.route("/survey", methods=["GET", "POST"])
def survey():
success = False
+ amount = Amount(CURRENCY, 1)
if flask.request.method == "POST":
r = requests.post(urljoin(BACKEND_URL, 'tip-authorize'),
- json=dict(amount=dict(value=1, fraction=0, currency=CURRENCY),
+ json=dict(amount=amount.dump(),
instance="default",
justification="Payment methods survey"))
if 200 != r.status_code:
return backend_error(r)
else:
success = True
- return flask.render_template("templates/index.html", success=success)
+
+ response = flask.make_response(flask.render_template("templates/index.html", success=success), 402)
+ response.headers["X-Taler-Tipping-Url"] = "%s/%s?id=%s" % (flask.request.script_root, "pick", r.json().get("tip_id"))
+ response.headers["X-Taler-Tipping-Exchange"] = r.json().get("exchange_uri")
+ response.headers["X-Taler-Tipping-Amount"] = amount.stringify(2)
+ response.headers["X-Taler-Tipping-Deadline"] = r.json().get("expiration")
+
+ return response