I have download-only products on my site, and when I delete the order (the user asked for a refund), his credentials are still accepted in the downloads page. I had to manually delete the row from eshop_download_orders table in order to kill the credentials.
Is there a way to automatically block the credentials upon order deletion, or is this a bug? It would also be nice to have a status "Refunded" under the orders UI.
Cheers, and keep up the good work!