From 74e9963ccc3d58ff0475449765174c8695c68a66 Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Mon, 14 Nov 2022 16:47:32 +0100
Subject: [PATCH] prevent canceling a completed order

---
 pass/app/Order.js                | 4 ++++
 pass/routes/checkout/checkout.js | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pass/app/Order.js b/pass/app/Order.js
index d859d78..b6ac4ec 100644
--- a/pass/app/Order.js
+++ b/pass/app/Order.js
@@ -81,6 +81,10 @@ class Order {
     return this.#payment_method_link;
   }
 
+  isPaymentComplete() {
+    return this.#payment_completed;
+  }
+
   setPaymentMethodLink(payment_method_link) {
     this.#payment_method_link = payment_method_link;
   }
diff --git a/pass/routes/checkout/checkout.js b/pass/routes/checkout/checkout.js
index d60c1bb..229098e 100644
--- a/pass/routes/checkout/checkout.js
+++ b/pass/routes/checkout/checkout.js
@@ -126,8 +126,13 @@ router.use(
 /** Cancel is the same for all payment gateways */
 router.post("/payment/order/*/cancel", (req, res) => {
   Order.LOAD_ORDER_FROM_ID(req.body.order_id).then((loaded_order) => {
+    if (loaded_order.isPaymentComplete()) {
+      res.status(400).json({
+        msg: "Cannot delete a completed order",
+      });
+      return;
+    }
     loaded_order.delete().then((success) => {
-      console.log(success);
       if (success) {
         res.status(200).json({
           msg: "Order deleted",
-- 
GitLab