commit 45c5cae232f6a9717590a9eae3474cee337cb3f4
parent e28129903772b99ad63613ba203c2d0dd20937c9
Author: Florian Dold <florian@dold.me>
Date: Sun, 8 Aug 2021 18:38:18 +0200
allow h_contract as auth once order is claimed
Diffstat:
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts
@@ -65,7 +65,8 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp {
}
if (!ord.paid) {
- if (ord.requireClaimToken && ord.claimToken !== req.claimToken) {
+ const hcOk = ord.contractHash === req.contractHash;
+ if (!hcOk && ord.requireClaimToken && ord.claimToken !== req.claimToken) {
// This can happen when the fulfillment URL page detects
// the user has not paid under the current session.
return {
@@ -109,8 +110,8 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp {
responseType: "StatusGotoResponse",
response: {
already_paid_order_id: alreadyPaidOrd.orderId,
- }
- }
+ },
+ };
}
return {
httpStatus: "402 Payment Required",
