diff --git a/pass/routes/authentication.js b/pass/routes/authentication.js
index 76855b5ac9d9afdb1cf7092f984cad573c833e22..27306e228c61b2a7e8cc4c34358aded2ff02b228 100644
--- a/pass/routes/authentication.js
+++ b/pass/routes/authentication.js
@@ -43,12 +43,13 @@ router.use(
claimCheck((req, claims) => {
if (req.oidc.isAuthenticated()) {
if (
- claims.resource_access !== undefined &&
- claims.resource_access["metager-key"] !== undefined &&
- claims.resource_access["metager-key"].roles !== undefined &&
- claims.resource_access["metager-key"].roles.includes("metager-key")
+ claims["metager-key_roles"] !== undefined &&
+ claims["metager-key_roles"].includes("metager-key")
) {
+ console.log("admin");
req.data.admin = true;
+ req.data.auth_session_expiration_seconds =
+ auth_session_expiration_seconds;
}
return true;
}
diff --git a/pass/routes/orders/refund.js b/pass/routes/orders/refund.js
index 8dac122dc9c9ce43d841d20016c42a9f9d217b11..93ce050bb1a0cc0c7d70d3194db46e62e81414b1 100644
--- a/pass/routes/orders/refund.js
+++ b/pass/routes/orders/refund.js
@@ -3,7 +3,7 @@ var router = express.Router({ mergeParams: true });
const config = require("config");
-// Base URLÖ: /key/:key/orders/:order/refund
+// Base URL: /key/:key/orders/:order/refund
router.use("/", (req, res, next) => {
let refund_count = Math.min(
req.data.key.charge,
@@ -41,9 +41,9 @@ router.post("/", (req, res, next) => {
amount: req.data.order.refund.amount,
count: req.data.order.refund.count,
};
- req.data.order.refund.moderation_url = `/key/${
+ req.data.order.refund.moderation_url = `${config.get("app.url")}/key/${
req.data.key.key
- }/orders/${req.data.order.order.getOrderID()}/refund${new URLSearchParams(
+ }/orders/${req.data.order.order.getOrderID()}/refund?${new URLSearchParams(
request_data
).toString()}`;
// Render the message
@@ -91,4 +91,20 @@ router.post("/", (req, res, next) => {
}
});
+router.put(
+ "/",
+ (req, res, next) => {
+ if (!req.data.admin) {
+ res.locals.error = { status: 401 };
+ res.locals.message = "Unauthorized";
+ res.render("error");
+ } else {
+ next();
+ }
+ },
+ (req, res) => {
+ console.log("test");
+ }
+);
+
module.exports = router;
diff --git a/pass/views/orders/refund.ejs b/pass/views/orders/refund.ejs
index 52ca0b4afe26e8963d50858b03a13ec1235bfcdc..66a5dede70e5028e56d12345d792d620b34a272f 100644
--- a/pass/views/orders/refund.ejs
+++ b/pass/views/orders/refund.ejs
@@ -9,6 +9,15 @@
<%_ if (typeof order.refund.success !== "undefined" && order.refund.success === true) { _%>
<p>Ihre Anfrage wurde uns erfolgreich zugestellt. Wir bearbeiten diese so schnell wie möglich. Je nach Zahlungsmethode kann es einige Tage dauern, bis eine Erstattung in Ihren Umsätzen sichtbar wird.</p>
<%_ } else { _%>
+ <%_ if (admin === true) { _%>
+ <form id="refund-form" method="post">
+ <input type="hidden" name="_method" value="put">
+ <button class="button">
+ <img src="/images/money.svg" alt="" aria-hidden="true">
+ <span><%= order.refund.amount.toFixed(2) %>€ erstatten</span>
+ </button>
+ </form>
+ <%_ } else { _%>
<form id="refund-form" method="post">
<input type="hidden" name="amount" value="<%= order.refund.amount.toFixed(2) %>">
<input type="hidden" name="count" value="<%= order.refund.count %>">
@@ -27,4 +36,5 @@
</button>
</form>
<%_ } _%>
+ <%_ } _%>
</div>
\ No newline at end of file
diff --git a/pass/views/templates/page_header.ejs b/pass/views/templates/page_header.ejs
index 9792503cac0c7a996c1e23fe9a5d6a003d67b2e9..05bf1e91952867b2f425e3c5ab0b47311eb169c2 100644
--- a/pass/views/templates/page_header.ejs
+++ b/pass/views/templates/page_header.ejs
@@ -4,6 +4,9 @@
<head>
<title>MetaGer - Pass</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+ <%_ if (typeof auth_session_expiration_seconds !== "undefined") { _%>
+ <meta http-equiv="refresh" content="<%= auth_session_expiration_seconds %>; URL=/">
+ <%_ } _%>
<link rel='stylesheet' href='/styles/base.css' />
<%_ if (typeof css !=='undefined' ) { -%>
<%_ css.forEach(css_file=> { -%>