From 054d9d0f6eaca6c90cc576d568066464d0040003 Mon Sep 17 00:00:00 2001
From: Marcello Stanisci <stanisci.m@gmail.com>
Date: Tue, 21 Nov 2017 17:12:48 +0100
Subject: forging response headers

---
 talersurvey/survey/survey.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/talersurvey/survey/survey.py b/talersurvey/survey/survey.py
index 2ea7ac2..8697ddf 100644
--- a/talersurvey/survey/survey.py
+++ b/talersurvey/survey/survey.py
@@ -19,6 +19,7 @@ import os
 import base64
 import requests
 import logging
+from .amount import Amount
 from talersurvey.talerconfig import TalerConfig
 from urllib.parse import urljoin
 
@@ -72,13 +73,21 @@ def index():
 @app.route("/survey", methods=["GET", "POST"])
 def survey():
     success = False
+    amount = Amount(CURRENCY, 1)
     if flask.request.method == "POST":
         r = requests.post(urljoin(BACKEND_URL, 'tip-authorize'),
-                          json=dict(amount=dict(value=1, fraction=0, currency=CURRENCY),
+                          json=dict(amount=amount.dump(),
                                     instance="default",
                                     justification="Payment methods survey"))
         if 200 != r.status_code:
             return backend_error(r)
         else:
             success = True
-    return flask.render_template("templates/index.html", success=success)
+
+    response = flask.make_response(flask.render_template("templates/index.html", success=success), 402)
+    response.headers["X-Taler-Tipping-Url"] = "%s/%s?id=%s" % (flask.request.script_root, "pick", r.json().get("tip_id"))
+    response.headers["X-Taler-Tipping-Exchange"] = r.json().get("exchange_uri")
+    response.headers["X-Taler-Tipping-Amount"] = amount.stringify(2)
+    response.headers["X-Taler-Tipping-Deadline"] = r.json().get("expiration")
+
+    return response
-- 
cgit v1.2.3