commit 9d25f3c0f66e30f6dd15a8dd53a80328054aac8d
parent 5466b9471cc85ff5ad9719ed61aaa474ae5b4c23
Author: Florian Dold <florian.dold@gmail.com>
Date: Tue, 29 Sep 2020 17:30:02 +0530
look up claim token and include it in claimed but unpaid order URLs to avoid redirect loop
Diffstat:
1 file changed, 51 insertions(+), 11 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
@@ -834,15 +834,6 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
&gorc->order_serial);
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
- struct GNUNET_HashCode unused;
-
- /* We don't have contract terms, but the order may still exist. */
- qs = TMH_db->lookup_order (TMH_db->cls,
- hc->instance->settings.id,
- hc->infix,
- &claim_token,
- &unused,
- &gorc->contract_terms);
order_only = true;
}
if (0 > qs)
@@ -864,6 +855,48 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
TALER_EC_GET_ORDERS_ORDER_NOT_FOUND,
hc->infix);
}
+
+ {
+ struct GNUNET_HashCode unused;
+ json_t *ct = NULL;
+
+ /* We need the order for two cases: Either when the contract doesn't exist yet,
+ * or when the order is claimed but unpaid, and we need the claim token. */
+ qs = TMH_db->lookup_order (TMH_db->cls,
+ hc->instance->settings.id,
+ hc->infix,
+ &claim_token,
+ &unused,
+ &ct);
+
+ if (0 > qs)
+ {
+ /* single, read-only SQL statements should never cause
+ serialization problems */
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs);
+ /* Always report on hard error as well to enable diagnostics */
+ GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GET_ORDERS_DB_FETCH_CONTRACT_TERMS_ERROR,
+ NULL);
+ }
+ if (order_only && (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) )
+ {
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_NOT_FOUND,
+ TALER_EC_GET_ORDERS_ORDER_NOT_FOUND,
+ hc->infix);
+ }
+ if (order_only)
+ {
+ gorc->contract_terms = ct;
+ }
+ else if (NULL != ct)
+ {
+ json_decref (ct);
+ }
+ }
/* extract the fulfillment URL and total amount from the contract terms! */
{
struct GNUNET_JSON_Specification spec[] = {
@@ -1069,17 +1102,24 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
char *taler_pay_uri;
char *order_status_url;
MHD_RESULT ret;
+ struct TALER_ClaimTokenP *ct = NULL;
+
+ /* Already claimed, so we include the claim token so that
+ * the order status page will show the QR code and won't run
+ * into a redirect loop. */
+ if (! order_only)
+ ct = &claim_token;
taler_pay_uri = TMH_make_taler_pay_uri (connection,
hc->infix,
gorc->session_id,
hc->instance->settings.id,
- &claim_token);
+ ct);
order_status_url = TMH_make_order_status_url (connection,
hc->infix,
gorc->session_id,
hc->instance->settings.id,
- &claim_token,
+ ct,
NULL);
ret = TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,
