summaryrefslogtreecommitdiff
path: root/talermerchantdemos
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-10-02 21:39:37 +0200
committerChristian Grothoff <christian@grothoff.org>2020-10-02 21:43:43 +0200
commit120d5d47c9df8c5bae68a0d42ca13d63e5c1f3e4 (patch)
treebd6669f4c5862594170627e1a3bfa61d9d323127 /talermerchantdemos
parent2cfe234822803e4819e4e0481c3aa7a83be562fb (diff)
downloadtaler-merchant-demos-120d5d47c9df8c5bae68a0d42ca13d63e5c1f3e4.tar.gz
taler-merchant-demos-120d5d47c9df8c5bae68a0d42ca13d63e5c1f3e4.tar.bz2
taler-merchant-demos-120d5d47c9df8c5bae68a0d42ca13d63e5c1f3e4.zip
merge #6616 patch
Diffstat (limited to 'talermerchantdemos')
-rw-r--r--talermerchantdemos/blog/blog.py50
1 files changed, 38 insertions, 12 deletions
diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py
index 8de3179..9ef3660 100644
--- a/talermerchantdemos/blog/blog.py
+++ b/talermerchantdemos/blog/blog.py
@@ -227,10 +227,32 @@ def render_article(article_name, data, order_id, refundable):
)
##
+# Setup a fresh order with the backend.
+#
+# @param article_name which article the order is for
+# @param lang which language to use
+#
+def post_order(article_name,lang):
+ order = dict(
+ amount=ARTICLE_AMOUNT,
+ extra=dict(article_name=article_name,lang=lang),
+ fulfillment_url=flask.request.base_url,
+ summary="Essay: " + article_name.replace("_", " "),
+ # 10 minutes time for a refund
+ wire_transfer_deadline=dict(t_ms=1000 * int(time.time() + 15 * 30)),
+ )
+ order_resp = backend_post(
+ BACKEND_URL,
+ "private/orders",
+ dict(order=order, refund_delay=dict(d_ms=1000 * 120)))
+ return order_resp
+
+
+##
# Trigger a article purchase. The logic follows the main steps:
#
# 1. Always check if the article was paid already, via the
-# "/check-payment" API from the backend.
+# "/private/orders/$ORDER_ID" API from the backend.
# 2. If so, return the article.
# 3. If not, redirect the browser to a page where the
# wallet will initiate the payment protocol.
@@ -260,17 +282,9 @@ def article(article_name, data=None):
##
# First-timer; generate order first.
if not order_id:
- order = dict(
- amount=ARTICLE_AMOUNT,
- extra=dict(article_name=article_name),
- fulfillment_url=flask.request.base_url,
- summary="Essay: " + article_name.replace("_", " "),
- wire_transfer_deadline=dict(t_ms=1000 * int(time.time() + 150))
- )
- order_resp = backend_post(
- BACKEND_URL, "private/orders",
- dict(order=order, refund_delay=dict(d_ms=1000 * 120))
- )
+ if not lang:
+ err_abort(403, message="Direct access forbidden")
+ order_resp = post_order(article_name,lang)
order_id = order_resp["order_id"]
# Ask the backend for the status of the payment
@@ -278,6 +292,18 @@ def article(article_name, data=None):
BACKEND_URL, f"private/orders/{order_id}", params=dict(session_id=session_id)
)
order_status = pay_status.get("order_status")
+ if order_status == "claimed":
+ if not lang:
+ err_abort(403, message="Direct access forbidden")
+ # Order already claimed, must setup fresh order
+ order_resp = post_order(article_name,lang)
+ order_id = order_resp["order_id"]
+ pay_status = backend_get(
+ BACKEND_URL, f"private/orders/{order_id}", params=dict(session_id=session_id)
+ )
+ order_status = pay_status.get("order_status")
+ # This really must be 'unpaid' now...
+
if order_status == "paid":
refunded = pay_status["refunded"]
if refunded: