From 58af97724593e6d9cf423035f46da8f88c29526c Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 2 Oct 2020 21:39:37 +0200
Subject: fix logic to match spec changes of #6616

---
 talermerchantdemos/blog/blog.py | 43 ++++++++++++++++++++++++++++++-----------
 1 file changed, 32 insertions(+), 11 deletions(-)

(limited to 'talermerchantdemos')

diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py
index 1268d6b..865605b 100644
--- a/talermerchantdemos/blog/blog.py
+++ b/talermerchantdemos/blog/blog.py
@@ -194,12 +194,31 @@ def render_article(article_name, data, order_id):
         order_id=order_id,
     )
 
+##
+# Setup a fresh order with the backend.
+#
+# @param article_name which article the order is for
+# @param lang which language to use
+#
+def post_order(article_name,lang):
+    order = dict(
+        amount=ARTICLE_AMOUNT,
+        extra=dict(article_name=article_name,lang=lang),
+        fulfillment_url=flask.request.base_url,
+        summary="Essay: " + article_name.replace("_", " "),
+        # 10 minutes time for a refund
+        refund_deadline=dict(t_ms=1000 * int(time.time() + 10 * 30)),
+        wire_transfer_deadline=dict(t_ms=1000 * int(time.time() + 15 * 30)),
+    )
+    order_resp = backend_post(BACKEND_URL, "private/orders", dict(order=order))
+    return order_resp
+
 
 ##
 # Trigger a article purchase.  The logic follows the main steps:
 #
 # 1. Always check if the article was paid already, via the
-#    "/check-payment" API from the backend.
+#    "/private/orders/$ORDER_ID" API from the backend.
 # 2. If so, return the article.
 # 3. If not, redirect the browser to a page where the
 #    wallet will initiate the payment protocol.
@@ -232,16 +251,7 @@ def article(article_name, lang=None, data=None):
     if not order_id:
         if not lang:
             err_abort(403, message="Direct access forbidden")
-        order = dict(
-            amount=ARTICLE_AMOUNT,
-            extra=dict(article_name=article_name,lang=lang),
-            fulfillment_url=flask.request.base_url,
-            summary="Essay: " + article_name.replace("_", " "),
-            # 10 minutes time for a refund
-            refund_deadline=dict(t_ms=1000 * int(time.time() + 10 * 30)),
-            wire_transfer_deadline=dict(t_ms=1000 * int(time.time() + 15 * 30)),
-        )
-        order_resp = backend_post(BACKEND_URL, "private/orders", dict(order=order))
+        order_resp = post_order(article_name,lang)
         order_id = order_resp["order_id"]
 
     # Ask the backend for the status of the payment
@@ -250,6 +260,17 @@ def article(article_name, lang=None, data=None):
     )
 
     order_status = pay_status.get("order_status")
+    if order_status == "claimed":
+        if not lang:
+            err_abort(403, message="Direct access forbidden")
+        # Order already claimed, must setup fresh order
+        order_resp = post_order(article_name,lang)
+        order_id = order_resp["order_id"]
+        pay_status = backend_get(
+            BACKEND_URL, f"private/orders/{order_id}", params=dict(session_id=session_id)
+        )
+        order_status = pay_status.get("order_status")
+        # This really must be 'unpaid' now...
 
     if order_status == "paid":
         refunded = pay_status["refunded"]
-- 
cgit v1.2.3