[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: move order-ID into cookie
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: move order-ID into cookie |
Date: |
Sun, 09 Aug 2020 13:15:13 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new cc67333 move order-ID into cookie
cc67333 is described below
commit cc673337e08b66d1adac3ae9bc4e5893e73ab835
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Aug 9 13:15:10 2020 +0200
move order-ID into cookie
---
design-documents/007-payment.rst | 27 +++++++++------------------
1 file changed, 9 insertions(+), 18 deletions(-)
diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst
index 1de6f6f..a4091cb 100644
--- a/design-documents/007-payment.rst
+++ b/design-documents/007-payment.rst
@@ -36,23 +36,22 @@ Storefront
When *resource-URL* is requested, the storefront runs the following steps:
-1. Extract the the *order-ID* (or null) and *resource name* from the
*resource-URL*.
-2. Extract the *session-ID* (or null) from the request's validated cookie (for
example, by using signed cookies).
-3. If *session-ID* and *order-ID* is non-null and the storefront's
+1. Extract the *resource name* from the *resource-URL*.
+2. Extract the *order-ID* and *session-ID* (or null) from the request's
validated cookie (for example, by using signed cookies).
+3. If *session-ID* and *order-ID* are valid and the storefront's
*session-payment-cache* contains the tuple (*order-ID*, *resource-name*,
*session-ID*),
return to the client the resource associated with *resource name*.
**Terminate.**
-4. If the *session-ID* is null, assign a fresh session ID and set it in a
cookie to be sent with the response.
-5. If *order-ID* is null, create a new order for *resource-name* by doing a
``POST /private/orders`` to
- the merchant backend. Store the new order ID as *order-ID*.
-6. Check the status of the payment for *order-ID* under *session-ID* by doing
a ``GET /private/orders/{order-ID}?session_id={session-ID}``.
+4. If *session-ID* and *order-ID* are invalid, assign a fresh session ID and
create a new order for *resource name* by doing a ``POST /private/orders`` to
+ the merchant backend. Set both in the cookie to be sent with the response.
+5. Check the status of the payment for *order-ID* under *session-ID* by doing
a ``GET /private/orders/{order-ID}?session_id={session-ID}``.
This results in the *order-status*, *refund-amount* and the
*client-order-status-URL*.
-7. If the *order-status* is paid and *refund-amount* is non-zero,
+6. If the *order-status* is paid and *refund-amount* is non-zero,
return to the client a page with an explanation that the payment has been
refunded.
If the client has not (fully) obtained the granted refunds yet, show a link
to the public order page
of the backend to allow the client to obtain the refund. **Terminate.**
-8. If the *order-status* is paid, store the tuple (*order-ID*,
*resource-name*, *session-ID*) in *session-payment-cache*
+7. If the *order-status* is paid, store the tuple (*order-ID*,
*resource-name*, *session-ID*) in *session-payment-cache*
and return to the client the resource associated with *resource name*.
**Terminate.**
-9. Otherwise, the *order-status* is unpaid. Redirect the client to
*client-order-status-URL*. **Terminate.**
+8. Otherwise, the *order-status* is unpaid. Redirect the client to
*client-order-status-URL*. **Terminate.**
.. note::
@@ -183,14 +182,6 @@ Covered Scenarios
Problematic Scenarios
---------------------
-Link sharing
-^^^^^^^^^^^^
-
-Right now, sharing the /orders/{order-ID} link with the session ID will
-allow someone who did not purchase the order to still get a 'paid' response
-from the backend. (Will fulfillment then work? => Check!)
-
-
Bookmarks of Lost Purchases / Social Sharing of Fulfillment URLs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-docs] branch master updated: move order-ID into cookie,
gnunet <=