fix(mandate): add validation for currency in MIT recurring payments (#4308)

2025-10-29 00:49:42 +08:00 · 2024-04-10 15:52:55 +05:30
parent 018c5b1064
commit 07c917c055
2 changed files with 24 additions and 5 deletions
--- a/crates/router/src/core/payments.rs
+++ b/crates/router/src/core/payments.rs
@ -21,7 +21,7 @@ use api_models::{
 use common_utils::{ext_traits::AsyncExt, pii, types::Surcharge};
 use data_models::mandates::{CustomerAcceptance, MandateData};
 use diesel_models::{ephemeral_key, fraud_check::FraudCheck};
-use error_stack::ResultExt;
+use error_stack::{report, ResultExt};
 use futures::future::join_all;
 use helpers::ApplePayData;
 use masking::Secret;
@ -3101,6 +3101,17 @@ pub async fn decide_multiplex_connector_for_normal_or_recurring_payment<F: Clone
                            .attach_printable("no eligible connector found for token-based MIT flow since there were no connector mandate details")?
                            .get(merchant_connector_id)
                        {
+                            common_utils::fp_utils::when(
+                                mandate_reference_record
+                                    .original_payment_authorized_currency
+                                    .map(|mandate_currency| mandate_currency != payment_data.currency)
+                                    .unwrap_or(false),
+                                || {
+                                    Err(report!(errors::ApiErrorResponse::MandateValidationFailed {
+                                        reason: "cross currency mandates not supported".into()
+                                    }))
+                                },
+                            )?;
                            let mandate_reference_id =
                                Some(payments_api::MandateReferenceId::ConnectorMandateId(
                                    payments_api::ConnectorMandateReferenceId {
--- a/crates/router/src/core/payments/operations/payment_create.rs
+++ b/crates/router/src/core/payments/operations/payment_create.rs
@ -13,7 +13,7 @@ use diesel_models::{ephemeral_key, PaymentMethod};
 use error_stack::{self, ResultExt};
 use masking::{ExposeInterface, PeekInterface};
 use router_derive::PaymentOperation;
-use router_env::{instrument, tracing};
+use router_env::{instrument, logger, tracing};
 use time::PrimitiveDateTime;

 use super::{BoxedOperation, Domain, GetTracker, Operation, UpdateTracker, ValidateRequest};
@ -782,12 +782,20 @@ impl PaymentCreate {
                        key_store.key.get_inner().peek(),
                    )
                    .await
-                    .change_context(errors::StorageError::DecryptionError)
-                    .attach_printable("unable to decrypt card details")
+                    .map_err(|err| logger::error!("Failed to decrypt card details: {:?}", err))
                    .ok()
                    .flatten()
                    .map(|x| x.into_inner().expose())
-                    .and_then(|v| serde_json::from_value::<PaymentMethodsData>(v).ok())
+                    .and_then(|v| {
+                        serde_json::from_value::<PaymentMethodsData>(v)
+                            .map_err(|err| {
+                                logger::error!(
+                                    "Unable to deserialize payment methods data: {:?}",
+                                    err
+                                )
+                            })
+                            .ok()
+                    })
                    .and_then(|pmd| match pmd {
                        PaymentMethodsData::Card(crd) => Some(api::CardDetailFromLocker::from(crd)),
                        _ => None,