rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-11-01 19:42:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(router): added validation to check total orderDetails amount equal to amount in request (#2965)

Browse Source 
Co-authored-by: Sahkal Poddar <sahkal.poddar@juspay.in>
This commit is contained in:
Sahkal Poddar
2023-11-27 10:43:59 +05:30
committed by GitHub
parent 04b7c0384d
commit 37532d46f5
4 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/router/src/core/payments/helpers.rs
View File

@ -3686,3 +3686,22 @@ pub async fn get_gsm_record(
}) })
.ok() .ok()
} }
pub fn validate_order_details_amount(
order_details: Vec<api_models::payments::OrderDetailsWithAmount>,
amount: i64,
) -> Result<(), errors::ApiErrorResponse> {
let total_order_details_amount: i64 = order_details
.iter()
.map(|order| order.amount * i64::from(order.quantity))
.sum();
if total_order_details_amount != amount {
Err(errors::ApiErrorResponse::InvalidRequestData {
message: "Total sum of order details doesn't match amount in payment request"
.to_string(),
})
} else {
Ok(())
}
}

7
crates/router/src/core/payments/operations/payment_confirm.rs
View File

@ -102,6 +102,13 @@ impl<F: Send + Clone, Ctx: PaymentMethodRetrieve>
utils::flatten_join_error(mandate_details_fut) utils::flatten_join_error(mandate_details_fut)
)?; )?;
if let Some(order_details) = &request.order_details {
helpers::validate_order_details_amount(
order_details.to_owned(),
payment_intent.amount,
)?;
}
helpers::validate_customer_access(&payment_intent, auth_flow, request)?; helpers::validate_customer_access(&payment_intent, auth_flow, request)?;
helpers::validate_payment_status_against_not_allowed_statuses( helpers::validate_payment_status_against_not_allowed_statuses(

7
crates/router/src/core/payments/operations/payment_create.rs
View File

@ -186,6 +186,13 @@ impl<F: Send + Clone, Ctx: PaymentMethodRetrieve>
payment_id: payment_id.clone(), payment_id: payment_id.clone(),
})?; })?;
if let Some(order_details) = &request.order_details {
helpers::validate_order_details_amount(
order_details.to_owned(),
payment_intent.amount,
)?;
}
payment_attempt = db payment_attempt = db
.insert_payment_attempt(payment_attempt_new, storage_scheme) .insert_payment_attempt(payment_attempt_new, storage_scheme)
.await .await

7
crates/router/src/core/payments/operations/payment_update.rs
View File

@ -60,6 +60,13 @@ impl<F: Send + Clone, Ctx: PaymentMethodRetrieve>
.await .await
.to_not_found_response(errors::ApiErrorResponse::PaymentNotFound)?; .to_not_found_response(errors::ApiErrorResponse::PaymentNotFound)?;
if let Some(order_details) = &request.order_details {
helpers::validate_order_details_amount(
order_details.to_owned(),
payment_intent.amount,
)?;
}
payment_intent.setup_future_usage = request payment_intent.setup_future_usage = request
.setup_future_usage .setup_future_usage
.or(payment_intent.setup_future_usage); .or(payment_intent.setup_future_usage);