diff options
Diffstat (limited to 'talermerchantdemos/blog/blog.py')
-rw-r--r-- | talermerchantdemos/blog/blog.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py index 0d7b06a..61c0131 100644 --- a/talermerchantdemos/blog/blog.py +++ b/talermerchantdemos/blog/blog.py @@ -96,10 +96,12 @@ def index(): @app.route("/confirm-refund/<order_id>", methods=["GET"]) def confirm_refund(order_id): - # Here we don't care about the session ID - pay_params = dict(order_id=order_id) - pay_status = backend_get(BACKEND_URL, "check-payment", pay_params) - if not pay_status.get("paid"): + session_id = flask.session.get("session_id", "") + pay_status = backend_get( + BACKEND_URL, f"private/orders/{order_id}", params=dict(session_id=session_id) + ) + order_status = pay_status.get("order_status") + if order_status != "paid": err_abort( 400, message="can't refund unpaid article", ) |