2 files changed, 48 insertions, 12 deletions

diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c
index 638db2a5..c289ea22 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -43,14 +43,12 @@ struct GetOrderData
 {
 
   /**
-   * Hashed version of contract terms. All zeros if
-   * not provided.
+   * Hashed version of contract terms. All zeros if not provided.
    */
   struct GNUNET_HashCode h_contract_terms;
 
   /**
-   * Claim token used for access control. All zeros if
-   * not provided.
+   * Claim token used for access control. All zeros if not provided.
    */
   struct TALER_ClaimTokenP claim_token;
 
@@ -91,8 +89,8 @@ struct GetOrderData
   const char *contract_url;
 
   /**
-   * fulfillment URL of the contract (valid as long as
-   * @e contract_terms is valid).
+   * fulfillment URL of the contract (valid as long as @e contract_terms is
+   * valid).
    */
   const char *fulfillment_url;
 
@@ -143,8 +141,7 @@ struct GetOrderData
   bool refund_available;
 
   /**
-   * Set to true if the client requested HTML, otherwise
-   * we generate JSON.
+   * Set to true if the client requested HTML, otherwise we generate JSON.
    */
   bool generate_html;
 
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
index 7d947d22..a0fa4575 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
@@ -40,12 +40,14 @@
  * @param connection MHD connection to take host and path from
  * @param instance_id merchant's instance ID, must not be NULL
  * @param order_id order ID to show a refund for, must not be NULL
+ * @param h_contract hash of the contract to pass for authorization
  * @returns the URI, must be freed with #GNUNET_free
  */
 static char *
 make_taler_refund_uri (struct MHD_Connection *connection,
                        const char *instance_id,
-                       const char *order_id)
+                       const char *order_id,
+                       const struct GNUNET_HashCode *h_contract)
 {
   const char *host;
   const char *forwarded_host;
@@ -87,7 +89,11 @@ make_taler_refund_uri (struct MHD_Connection *connection,
   GNUNET_buffer_write_path (&buf, order_id);
   GNUNET_buffer_write_path (&buf,
                             ""); // Trailing slash
-
+  GNUNET_buffer_write_str (&buf,
+                           "?h_contract");
+  GNUNET_buffer_write_data_encoded (&buf,
+                                    &h_contract,
+                                    sizeof (*h_contract));
   return GNUNET_buffer_reap_str (&buf);
 }
 
@@ -114,6 +120,7 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
     GNUNET_JSON_spec_end ()
   };
   enum TALER_MERCHANTDB_RefundStatus rs;
+  struct GNUNET_HashCode h_contract;
 
   {
     enum GNUNET_GenericReturnValue res;
@@ -196,8 +203,9 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
                                           hc->infix,
                                           &contract_terms,
                                           &order_serial);
-      if (qs == 1)
+      if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
       {
+        json_decref (contract_terms);
         return TALER_MHD_reply_with_error (connection,
                                            MHD_HTTP_CONFLICT,
                                            TALER_EC_REFUND_ORDER_ID_UNPAID,
@@ -212,6 +220,36 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
       }
     }
   case TALER_MERCHANTDB_RS_SUCCESS:
+    {
+      enum GNUNET_DB_QueryStatus qs;
+      json_t *contract_terms;
+      uint64_t order_serial;
+
+      qs = TMH_db->lookup_contract_terms (TMH_db->cls,
+                                          hc->instance->settings.id,
+                                          hc->infix,
+                                          &contract_terms,
+                                          &order_serial);
+      if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs)
+      {
+        return TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_NOT_FOUND,
+                                           TALER_EC_REFUND_ORDER_ID_UNKNOWN,
+                                           "Order unknown when looking up contract");
+      }
+      if (GNUNET_OK !=
+          TALER_JSON_contract_hash (contract_terms,
+                                    &h_contract))
+      {
+        GNUNET_break (0);
+        json_decref (contract_terms);
+        return TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           TALER_EC_INTERNAL_LOGIC_ERROR,
+                                           "Could not hash contract terms");
+      }
+      json_decref (contract_terms);
+    }
     break;
   }
 
@@ -256,7 +294,8 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh,
 
     taler_refund_uri = make_taler_refund_uri (connection,
                                               hc->instance->settings.id,
-                                              hc->infix);
+                                              hc->infix,
+                                              &h_contract);
     ret = TALER_MHD_reply_json_pack (connection,
                                      MHD_HTTP_OK,
                                      "{s:s}",