commit cc673337e08b66d1adac3ae9bc4e5893e73ab835
parent 9c7765447e2a84a6dbfa4e908981542461a28538
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 9 Aug 2020 13:15:10 +0200
move order-ID into cookie
Diffstat:
1 file changed, 9 insertions(+), 18 deletions(-)
diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst
@@ -36,23 +36,22 @@ Storefront
When *resource-URL* is requested, the storefront runs the following steps:
-1. Extract the the *order-ID* (or null) and *resource name* from the *resource-URL*.
-2. Extract the *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies).
-3. If *session-ID* and *order-ID* is non-null and the storefront's
+1. Extract the *resource name* from the *resource-URL*.
+2. Extract the *order-ID* and *session-ID* (or null) from the request's validated cookie (for example, by using signed cookies).
+3. If *session-ID* and *order-ID* are valid and the storefront's
*session-payment-cache* contains the tuple (*order-ID*, *resource-name*, *session-ID*),
return to the client the resource associated with *resource name*. **Terminate.**
-4. If the *session-ID* is null, assign a fresh session ID and set it in a cookie to be sent with the response.
-5. If *order-ID* is null, create a new order for *resource-name* by doing a ``POST /private/orders`` to
- the merchant backend. Store the new order ID as *order-ID*.
-6. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``.
+4. If *session-ID* and *order-ID* are invalid, assign a fresh session ID and create a new order for *resource name* by doing a ``POST /private/orders`` to
+ the merchant backend. Set both in the cookie to be sent with the response.
+5. Check the status of the payment for *order-ID* under *session-ID* by doing a ``GET /private/orders/{order-ID}?session_id={session-ID}``.
This results in the *order-status*, *refund-amount* and the *client-order-status-URL*.
-7. If the *order-status* is paid and *refund-amount* is non-zero,
+6. If the *order-status* is paid and *refund-amount* is non-zero,
return to the client a page with an explanation that the payment has been refunded.
If the client has not (fully) obtained the granted refunds yet, show a link to the public order page
of the backend to allow the client to obtain the refund. **Terminate.**
-8. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache*
+7. If the *order-status* is paid, store the tuple (*order-ID*, *resource-name*, *session-ID*) in *session-payment-cache*
and return to the client the resource associated with *resource name*. **Terminate.**
-9. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.**
+8. Otherwise, the *order-status* is unpaid. Redirect the client to *client-order-status-URL*. **Terminate.**
.. note::
@@ -183,14 +182,6 @@ Covered Scenarios
Problematic Scenarios
---------------------
-Link sharing
-^^^^^^^^^^^^
-
-Right now, sharing the /orders/{order-ID} link with the session ID will
-allow someone who did not purchase the order to still get a 'paid' response
-from the backend. (Will fulfillment then work? => Check!)
-
-
Bookmarks of Lost Purchases / Social Sharing of Fulfillment URLs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
