[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-blog] branch master updated: check that requested ar
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-blog] branch master updated: check that requested article name actually matches order |
Date: |
Thu, 01 Feb 2018 07:20:18 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository blog.
The following commit(s) were added to refs/heads/master by this push:
new 0e9953d check that requested article name actually matches order
0e9953d is described below
commit 0e9953d1f905bf313a1bbe9581cac01c556a33e8
Author: Florian Dold <address@hidden>
AuthorDate: Thu Feb 1 07:20:12 2018 +0100
check that requested article name actually matches order
---
talerblog/blog/blog.py | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py
index 92b6de4..02d10d0 100644
--- a/talerblog/blog/blog.py
+++ b/talerblog/blog/blog.py
@@ -123,7 +123,6 @@ except ImportError:
paid_articles_cache = SimpleCache()
-
# Triggers the refund by serving /refund/test?order_id=XY.
# Will be triggered by a "refund button".
@app.route("/refund/<order_id>", methods=["POST"])
@@ -152,7 +151,6 @@ def refund(order_id):
json=resp, stack=traceback.format_exc())
-
def render_article(article_name, data, order_id):
article_info = ARTICLES.get(article_name)
if article_info is None:
@@ -163,7 +161,7 @@ def render_article(article_name, data, order_id):
return flask.send_file(get_image_file(data))
m = "Supplemental file ({}) for article ({}) not found.".format(
data, article_name)
- err_abort(500, message=m)
+ err_abort(404, message=m)
# the order_id is needed for refunds
return flask.render_template("templates/article_frame.html",
article_file=get_article_file(article_info),
@@ -216,16 +214,17 @@ def article(article_name, data=None):
pay_status = backend_get("check-payment", pay_params)
- if pay_status.get("payment_redirect_url"):
- return flask.redirect(pay_status["payment_redirect_url"])
-
- if pay_status.get("refunded"):
- return flask.render_template("templates/article_refunded.html",
- article_name=article_name)
-
if pay_status.get("paid"):
+ if pay_status["contract_terms"]["extra"]["article_name"] !=
article_name:
+ err_abort(402, message="You did not pay for this article (nice
try!)", json=pay_status)
+ if pay_status.get("refunded"):
+ return flask.render_template("templates/article_refunded.html",
+ article_name=article_name)
paid_articles_cache.set(session_id + "-" + article_name, order_id)
return render_article(article_name, data, order_id)
+ else:
+ if pay_status.get("payment_redirect_url"):
+ return flask.redirect(pay_status["payment_redirect_url"])
# no pay_redirect but article not paid, this should never happen!
err_abort(500, message="Internal error, invariant failed", json=pay_status)
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-blog] branch master updated: check that requested article name actually matches order,
gnunet <=