diff --git a/packages/taler-integrationtests/src/test-merchant-refund-api.ts b/packages/taler-integrationtests/src/test-merchant-refund-api.ts
new file mode 100644
index 000000000..61f08780c
--- /dev/null
+++ b/packages/taler-integrationtests/src/test-merchant-refund-api.ts
@@ -0,0 +1,137 @@
+/*
+ This file is part of GNU Taler
+ (C) 2020 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING. If not, see
+ */
+
+/**
+ * Imports.
+ */
+import { runTest, GlobalTestState, MerchantPrivateApi } from "./harness";
+import { createSimpleTestkudosEnvironment, withdrawViaBank } from "./helpers";
+import { PreparePayResultType, URL } from "taler-wallet-core";
+import axios from "axios";
+
+/**
+ * Test case for the refund API of the merchant backend.
+ */
+runTest(async (t: GlobalTestState) => {
+ // Set up test environment
+
+ const {
+ wallet,
+ bank,
+ exchange,
+ merchant,
+ } = await createSimpleTestkudosEnvironment(t);
+
+ // Withdraw digital cash into the wallet.
+
+ await withdrawViaBank(t, { wallet, bank, exchange, amount: "TESTKUDOS:20" });
+
+ // Set up order.
+
+ const orderResp = await MerchantPrivateApi.createOrder(merchant, "default", {
+ order: {
+ summary: "Buy me!",
+ amount: "TESTKUDOS:5",
+ fulfillment_url: "taler://fulfillment-success/thx",
+ },
+ });
+
+ let orderStatus = await MerchantPrivateApi.queryPrivateOrderStatus(merchant, {
+ orderId: orderResp.order_id,
+ });
+
+ t.assertTrue(orderStatus.order_status === "unpaid");
+
+ const talerPayUri = orderStatus.taler_pay_uri;
+ const orderId = orderResp.order_id;
+
+ // Make wallet pay for the order
+
+ let preparePayResult = await wallet.preparePay({
+ talerPayUri,
+ });
+
+ t.assertTrue(
+ preparePayResult.status === PreparePayResultType.PaymentPossible,
+ );
+
+ const r2 = await wallet.apiRequest("confirmPay", {
+ proposalId: preparePayResult.proposalId,
+ });
+ t.assertTrue(r2.type === "response");
+
+ // Check if payment was successful.
+
+ orderStatus = await MerchantPrivateApi.queryPrivateOrderStatus(merchant, {
+ orderId: orderResp.order_id,
+ });
+
+ t.assertTrue(orderStatus.order_status === "paid");
+
+ preparePayResult = await wallet.preparePay({
+ talerPayUri,
+ });
+
+ t.assertTrue(
+ preparePayResult.status === PreparePayResultType.AlreadyConfirmed,
+ );
+
+ await MerchantPrivateApi.giveRefund(merchant, {
+ amount: "TESTKUDOS:5",
+ instance: "default",
+ justification: "foo",
+ orderId: orderResp.order_id,
+ });
+
+ orderStatus = await MerchantPrivateApi.queryPrivateOrderStatus(merchant, {
+ orderId: orderResp.order_id,
+ });
+
+ t.assertTrue(orderStatus.order_status === "paid");
+
+ t.assertAmountEquals(orderStatus.refund_amount, "TESTKUDOS:5");
+
+ // Now test what the merchant gives as a response for various requests to the
+ // public order status URL!
+
+ let publicOrderStatusUrl = new URL(
+ `orders/${orderId}`,
+ merchant.makeInstanceBaseUrl(),
+ );
+ publicOrderStatusUrl.searchParams.set(
+ "h_contract",
+ preparePayResult.contractTermsHash,
+ );
+
+ let publicOrderStatusResp = await axios.get(publicOrderStatusUrl.href, {
+ validateStatus: () => true,
+ });
+ console.log(publicOrderStatusResp.data);
+ t.assertTrue(publicOrderStatusResp.status === 200);
+ t.assertAmountEquals(publicOrderStatusResp.data.refund_amount, "TESTKUDOS:5");
+
+ publicOrderStatusUrl = new URL(
+ `orders/${orderId}`,
+ merchant.makeInstanceBaseUrl(),
+ );
+
+ publicOrderStatusResp = await axios.get(publicOrderStatusUrl.href, {
+ validateStatus: () => true,
+ });
+ console.log(publicOrderStatusResp.data)
+ // We didn't give any authentication, so this should be forbidden
+ t.assertTrue(publicOrderStatusResp.status === 403);
+});
diff --git a/packages/taler-wallet-core/src/operations/pay.ts b/packages/taler-wallet-core/src/operations/pay.ts
index 327a6c804..565fe9c66 100644
--- a/packages/taler-wallet-core/src/operations/pay.ts
+++ b/packages/taler-wallet-core/src/operations/pay.ts
@@ -1052,6 +1052,7 @@ export async function preparePayForUri(
return {
status: PreparePayResultType.AlreadyConfirmed,
contractTerms: JSON.parse(purchase.contractTermsRaw),
+ contractTermsHash: purchase.contractData.contractTermsHash,
paid: true,
nextUrl: r.nextUrl,
amountRaw: Amounts.stringify(purchase.contractData.amount),
@@ -1061,6 +1062,7 @@ export async function preparePayForUri(
return {
status: PreparePayResultType.AlreadyConfirmed,
contractTerms: JSON.parse(purchase.contractTermsRaw),
+ contractTermsHash: purchase.contractData.contractTermsHash,
paid: false,
amountRaw: Amounts.stringify(purchase.contractData.amount),
amountEffective: Amounts.stringify(purchase.payCostInfo.totalCost),
@@ -1070,6 +1072,7 @@ export async function preparePayForUri(
return {
status: PreparePayResultType.AlreadyConfirmed,
contractTerms: JSON.parse(purchase.contractTermsRaw),
+ contractTermsHash: purchase.contractData.contractTermsHash,
paid,
amountRaw: Amounts.stringify(purchase.contractData.amount),
amountEffective: Amounts.stringify(purchase.payCostInfo.totalCost),
diff --git a/packages/taler-wallet-core/src/types/walletTypes.ts b/packages/taler-wallet-core/src/types/walletTypes.ts
index 511d7766c..921c63a1e 100644
--- a/packages/taler-wallet-core/src/types/walletTypes.ts
+++ b/packages/taler-wallet-core/src/types/walletTypes.ts
@@ -422,6 +422,7 @@ export const codecForPreparePayResultAlreadyConfirmed = (): Codec<
.property("nextUrl", codecForString())
.property("paid", codecForBoolean)
.property("contractTerms", codecForAny())
+ .property("contractTermsHash", codecForString())
.build("PreparePayResultAlreadyConfirmed");
export const codecForPreparePayResult = (): Codec =>
@@ -469,6 +470,8 @@ export interface PreparePayResultAlreadyConfirmed {
amountEffective: string;
// Only specified if paid.
nextUrl?: string;
+
+ contractTermsHash: string;
}
export interface BankWithdrawDetails {