[GNUnet-SVN] [taler-blog] branch master updated: check that requested ar

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-blog] branch master updated: check that requested ar

From:	gnunet
Subject:	[GNUnet-SVN] [taler-blog] branch master updated: check that requested article name actually matches order
Date:	Thu, 01 Feb 2018 07:20:18 +0100

This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository blog.

The following commit(s) were added to refs/heads/master by this push:
     new 0e9953d  check that requested article name actually matches order
0e9953d is described below

commit 0e9953d1f905bf313a1bbe9581cac01c556a33e8
Author: Florian Dold <address@hidden>
AuthorDate: Thu Feb 1 07:20:12 2018 +0100

    check that requested article name actually matches order
---
 talerblog/blog/blog.py | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py
index 92b6de4..02d10d0 100644
--- a/talerblog/blog/blog.py
+++ b/talerblog/blog/blog.py
@@ -123,7 +123,6 @@ except ImportError:
     paid_articles_cache = SimpleCache()
 
 
-
 # Triggers the refund by serving /refund/test?order_id=XY.
 # Will be triggered by a "refund button".
 @app.route("/refund/<order_id>", methods=["POST"])
@@ -152,7 +151,6 @@ def refund(order_id):
                 json=resp, stack=traceback.format_exc())
 
 
-
 def render_article(article_name, data, order_id):
     article_info = ARTICLES.get(article_name)
     if article_info is None:
@@ -163,7 +161,7 @@ def render_article(article_name, data, order_id):
             return flask.send_file(get_image_file(data))
         m = "Supplemental file ({}) for article ({}) not found.".format(
                 data, article_name)
-        err_abort(500, message=m)
+        err_abort(404, message=m)
     # the order_id is needed for refunds
     return flask.render_template("templates/article_frame.html",
                                  article_file=get_article_file(article_info),
@@ -216,16 +214,17 @@ def article(article_name, data=None):
 
     pay_status = backend_get("check-payment", pay_params)
 
-    if pay_status.get("payment_redirect_url"):
-        return flask.redirect(pay_status["payment_redirect_url"])
-
-    if pay_status.get("refunded"):
-        return flask.render_template("templates/article_refunded.html",
-                                     article_name=article_name)
-
     if pay_status.get("paid"):
+        if pay_status["contract_terms"]["extra"]["article_name"] != 
article_name:
+            err_abort(402, message="You did not pay for this article (nice 
try!)", json=pay_status)
+        if pay_status.get("refunded"):
+            return flask.render_template("templates/article_refunded.html",
+                                         article_name=article_name)
         paid_articles_cache.set(session_id + "-" + article_name, order_id)
         return render_article(article_name, data, order_id)
+    else:
+        if pay_status.get("payment_redirect_url"):
+            return flask.redirect(pay_status["payment_redirect_url"])
 
     # no pay_redirect but article not paid, this should never happen!
     err_abort(500, message="Internal error, invariant failed", json=pay_status)

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [taler-blog] branch master updated: check that requested article name actually matches order, gnunet <=

Prev by Date: [GNUnet-SVN] [taler-wallet-webex] branch master updated: fix performance and UI issues with tipping
Next by Date: [GNUnet-SVN] [taler-survey] branch master updated: add survey stats
Previous by thread: [GNUnet-SVN] [taler-wallet-webex] branch master updated: fix performance and UI issues with tipping
Next by thread: [GNUnet-SVN] [taler-survey] branch master updated: add survey stats
Index(es):
- Date
- Thread