commit 73acf3905c6e628f1022c706557c4955d52e13b6
parent 2268e4b9c7de07f753dc817616e730766eacffe9
Author: Florian Dold <florian@dold.me>
Date: Mon, 16 Aug 2021 13:02:05 +0200
address CG's spec comment
Diffstat:
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts
@@ -59,14 +59,9 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp {
(ord.requireClaimToken && ord.claimToken === req.claimToken) ||
!ord.requireClaimToken;
- if (authMissing) {
- // Client is trying to get the order status of a claimed,
- // unpaid order. However, the client is not showing authentication.
- //
- // CG-FIXME: Eh, nothing here suggests the order is _claimed_.
- // The branch above is wrong, as an unclaimed order without
- // requireClaimToken must not end up here! So I think
- // we here need authMissing && !authOk in the branch above!
+ if (authMissing && ord.requireClaimToken) {
+ // Client is trying to get the order status of an
+ // order. However, the client is not showing authentication.
//
// This can happen when the fulfillment URL includes the order ID,
// and the storefront redirects the user to the backend QR code
