rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-30 01:27:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: check if saved payment method and that in request are for the same customer (#260)

Browse Source
This commit is contained in:
Manoj Ghorela
2023-01-05 16:09:10 +05:30
committed by GitHub
parent 0e04341f80
commit 3c1406787e
12 changed files with 92 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
crates/router/src/core/payment_methods/cards.rs
View File

@ -155,7 +155,7 @@ pub async fn add_card(
response
} else {
let card_id = generate_id(consts::ID_LENGTH, "card");
mock_add_card(db, &card_id, &card, None, None).await?
mock_add_card(db, &card_id, &card, None, None, Some(&customer_id)).await?
};
if let Some(false) = response.duplicate {
@ -188,6 +188,7 @@ pub async fn mock_add_card(
card: &api::CardDetail,
card_cvc: Option<String>,
payment_method_id: Option<String>,
customer_id: Option<&str>,
) -> errors::CustomResult<payment_methods::AddCardResponse, errors::CardVaultError> {
let locker_mock_up = storage::LockerMockUpNew {
card_id: card_id.to_string(),
@ -200,6 +201,7 @@ pub async fn mock_add_card(
card_exp_month: card.card_exp_month.peek().to_string(),
card_cvc,
payment_method_id,
customer_id: customer_id.map(str::to_string),
};
let response = db
@ -615,6 +617,7 @@ impl BasiliskCardSupport {
&card_detail,
None,
Some(pm.payment_method_id.to_string()),
Some(&pm.customer_id),
)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
@ -758,16 +761,9 @@ pub async fn delete_payment_method(
) -> errors::RouterResponse<api::DeletePaymentMethodResponse> {
let (_, value2) =
helpers::Vault::get_payment_method_data_from_locker(state, &pm.payment_method_id).await?;
let payment_method_id = value2.map_or(
Err(errors::ApiErrorResponse::PaymentMethodNotFound),
|pm_value2| {
pm_value2
.payment_method_id
.map_or(Err(errors::ApiErrorResponse::PaymentMethodNotFound), |x| {
Ok(x)
})
},
)?;
let payment_method_id = value2
.payment_method_id
.map_or(Err(errors::ApiErrorResponse::PaymentMethodNotFound), Ok)?;
let pm = state
.store
.delete_payment_method_by_merchant_id_payment_method_id(

16
crates/router/src/core/payments.rs
View File

@ -92,24 +92,12 @@ where
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;
let (operation, payment_method_data, payment_token) = operation
let (operation, payment_method_data) = operation
.to_domain()?
.make_pm_data(
state,
payment_data.payment_attempt.payment_method,
&payment_data.payment_attempt.attempt_id,
&payment_data.payment_attempt,
&payment_data.payment_method_data,
&payment_data.token,
payment_data.card_cvc.clone(),
validate_result.storage_scheme,
)
.make_pm_data(state, &mut payment_data, validate_result.storage_scheme)
.await?;
payment_data.payment_method_data = payment_method_data;
if let Some(token) = payment_token {
payment_data.token = Some(token)
}
let connector_details = operation
.to_domain()?

89
crates/router/src/core/payments/helpers.rs
View File

@ -19,7 +19,6 @@ use crate::{
},
db::StorageInterface,
logger,
pii::Secret,
routes::AppState,
scheduler::{metrics, workflows::payment_sync},
services,
@ -750,48 +749,71 @@ pub async fn create_customer_if_not_exist<'a, F: Clone, R>(
pub async fn make_pm_data<'a, F: Clone, R>(
operation: BoxedOperation<'a, F, R>,
state: &'a AppState,
payment_method_type: Option<storage_enums::PaymentMethodType>,
txn_id: &str,
_payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
) -> RouterResult<(
BoxedOperation<'a, F, R>,
Option<api::PaymentMethod>,
Option<String>,
)> {
let (payment_method, payment_token) = match (request, token) {
payment_data: &mut PaymentData<F>,
) -> RouterResult<(BoxedOperation<'a, F, R>, Option<api::PaymentMethod>)> {
let payment_method_type = payment_data.payment_attempt.payment_method;
let attempt_id = &payment_data.payment_attempt.attempt_id;
let request = &payment_data.payment_method_data;
let token = payment_data.token.clone();
let card_cvc = payment_data.card_cvc.clone();
let payment_method = match (request, token) {
(_, Some(token)) => Ok::<_, error_stack::Report<errors::ApiErrorResponse>>(
if payment_method_type == Some(storage_enums::PaymentMethodType::Card) {
// TODO: Handle token expiry
let (pm, _) = Vault::get_payment_method_data_from_locker(state, token).await?;
let updated_pm = match (pm.clone(), card_cvc) {
let (pm, tokenize_value2) =
Vault::get_payment_method_data_from_locker(state, &token).await?;
utils::when(
tokenize_value2
.customer_id
.ne(&payment_data.payment_intent.customer_id),
|| {
Err(errors::ApiErrorResponse::PreconditionFailed { message: "customer payment method and customer passed in payment are not same".into() })
},
)?;
payment_data.token = Some(token.to_string());
match (pm.clone(), card_cvc) {
(Some(api::PaymentMethod::Card(card)), Some(card_cvc)) => {
let mut updated_card = card;
updated_card.card_cvc = card_cvc;
Vault::store_payment_method_data_in_locker(state, txn_id, &updated_card)
.await?;
Vault::store_payment_method_data_in_locker(
state,
&token,
&updated_card,
payment_data.payment_intent.customer_id.to_owned(),
)
.await?;
Some(api::PaymentMethod::Card(updated_card))
}
(_, _) => pm,
};
(updated_pm, Some(token.to_string()))
}
} else {
utils::when(payment_method_type.is_none(), || {
Err(errors::ApiErrorResponse::MissingRequiredField {
field_name: "payment_method_type".to_owned(),
})
})?;
// TODO: Implement token flow for other payment methods
(None, Some(token.to_string()))
None
},
),
(pm @ Some(api::PaymentMethod::Card(card)), _) => {
Vault::store_payment_method_data_in_locker(state, txn_id, card).await?;
Ok((pm.to_owned(), Some(txn_id.to_string())))
Vault::store_payment_method_data_in_locker(
state,
attempt_id,
card,
payment_data.payment_intent.customer_id.to_owned(),
)
.await?;
payment_data.token = Some(attempt_id.to_string());
Ok(pm.to_owned())
}
(pm @ Some(api::PaymentMethod::PayLater(_)), _) => Ok((pm.to_owned(), None)),
(pm @ Some(api::PaymentMethod::Wallet(_)), _) => Ok((pm.to_owned(), None)),
_ => Ok((None, None)),
(pm @ Some(api::PaymentMethod::PayLater(_)), _) => Ok(pm.to_owned()),
(pm @ Some(api::PaymentMethod::Wallet(_)), _) => Ok(pm.to_owned()),
_ => Ok(None),
}?;
Ok((operation, payment_method, payment_token))
Ok((operation, payment_method))
}
pub struct Vault {}
@ -802,7 +824,7 @@ impl Vault {
pub async fn get_payment_method_data_from_locker(
state: &AppState,
lookup_key: &str,
) -> RouterResult<(Option<api::PaymentMethod>, Option<api::TokenizedCardValue2>)> {
) -> RouterResult<(Option<api::PaymentMethod>, api::TokenizedCardValue2)> {
let (resp, card_cvc) = cards::mock_get_card(&*state.store, lookup_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;
@ -831,10 +853,10 @@ impl Vault {
card_security_code: None,
card_fingerprint: None,
external_id: None,
customer_id: None,
customer_id: card.customer_id,
payment_method_id: Some(card.card_id),
};
Ok((Some(pm), Some(value2)))
Ok((Some(pm), value2))
}
#[instrument(skip_all)]
@ -842,6 +864,7 @@ impl Vault {
state: &AppState,
txn_id: &str,
card: &api::CCard,
customer_id: Option<String>,
) -> RouterResult<String> {
let card_detail = api::CardDetail {
card_number: card.card_number.clone(),
@ -856,6 +879,7 @@ impl Vault {
&card_detail,
Some(card.card_cvc.peek().clone()),
None,
customer_id.as_deref(),
)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
@ -887,7 +911,7 @@ impl Vault {
pub async fn get_payment_method_data_from_locker(
state: &AppState,
lookup_key: &str,
) -> RouterResult<(Option<api::PaymentMethod>, Option<api::TokenizedCardValue2>)> {
) -> RouterResult<(Option<api::PaymentMethod>, api::TokenizedCardValue2)> {
let de_tokenize = cards::get_tokenized_data(state, lookup_key, true).await?;
let value1: api::TokenizedCardValue1 = de_tokenize
.value1
@ -907,7 +931,7 @@ impl Vault {
card_holder_name: value1.name_on_card.unwrap_or_default().into(),
card_cvc: value2.card_security_code.clone().unwrap_or_default().into(),
});
Ok((Some(card), Some(value2)))
Ok((Some(card), value2))
}
#[instrument(skip_all)]
@ -915,6 +939,7 @@ impl Vault {
state: &AppState,
txn_id: &str,
card: &api::CCard,
customer_id: Option<String>,
) -> RouterResult<String> {
let value1 = transformers::mk_card_value1(
card.card_number.peek().clone(),
@ -931,7 +956,7 @@ impl Vault {
Some(card.card_cvc.peek().clone()),
None,
None,
None,
customer_id,
None,
)
.change_context(errors::ApiErrorResponse::InternalServerError)

54
crates/router/src/core/payments/operations.rs
View File

@ -24,7 +24,6 @@ use super::{helpers, CustomerDetails, PaymentData};
use crate::{
core::errors::{self, CustomResult, RouterResult},
db::StorageInterface,
pii::Secret,
routes::AppState,
types::{
self,
@ -111,18 +110,9 @@ pub trait Domain<F: Clone, R>: Send + Sync {
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
_payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, R>,
Option<api::PaymentMethod>,
Option<String>,
)>;
) -> RouterResult<(BoxedOperation<'a, F, R>, Option<api::PaymentMethod>)>;
async fn add_task_to_process_tracker<'a>(
&'a self,
@ -212,29 +202,13 @@ where
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsRetrieveRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await
helpers::make_pm_data(Box::new(self), state, payment_data).await
}
}
@ -272,19 +246,13 @@ where
async fn make_pm_data<'a>(
&'a self,
_state: &'a AppState,
_payment_method: Option<enums::PaymentMethodType>,
_txn_id: &str,
_payment_attempt: &storage::PaymentAttempt,
_request: &Option<api::PaymentMethod>,
_token: &Option<String>,
_card_cvc: Option<Secret<String>>,
_payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsCaptureRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
Ok((Box::new(self), None, None))
Ok((Box::new(self), None))
}
async fn get_connector<'a>(
@ -332,19 +300,13 @@ where
async fn make_pm_data<'a>(
&'a self,
_state: &'a AppState,
_payment_method: Option<enums::PaymentMethodType>,
_txn_id: &str,
_payment_attempt: &storage::PaymentAttempt,
_request: &Option<api::PaymentMethod>,
_token: &Option<String>,
_card_cvc: Option<Secret<String>>,
_payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsCancelRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
Ok((Box::new(self), None, None))
Ok((Box::new(self), None))
}
async fn get_connector<'a>(

26
crates/router/src/core/payments/operations/payment_confirm.rs
View File

@ -2,7 +2,6 @@ use std::marker::PhantomData;
use async_trait::async_trait;
use error_stack::{report, ResultExt};
use masking::Secret;
use router_derive::PaymentOperation;
use router_env::{instrument, tracing};
@ -209,37 +208,22 @@ impl<F: Clone + Send> Domain<F, api::PaymentsRequest> for PaymentConfirm {
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
let (op, payment_method_data, payment_token) = helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await?;
let (op, payment_method_data) =
helpers::make_pm_data(Box::new(self), state, payment_data).await?;
if payment_method != Some(enums::PaymentMethodType::Paypal) {
if payment_data.payment_attempt.payment_method != Some(enums::PaymentMethodType::Paypal) {
utils::when(payment_method_data.is_none(), || {
Err(errors::ApiErrorResponse::PaymentMethodNotFound)
})?;
}
Ok((op, payment_method_data, payment_token))
Ok((op, payment_method_data))
}
#[instrument(skip_all)]

21
crates/router/src/core/payments/operations/payment_create.rs
View File

@ -3,7 +3,6 @@ use std::marker::PhantomData;
use async_trait::async_trait;
use common_utils::ext_traits::AsyncExt;
use error_stack::ResultExt;
use masking::Secret;
use router_derive::PaymentOperation;
use router_env::{instrument, tracing};
use uuid::Uuid;
@ -271,29 +270,13 @@ impl<F: Clone + Send> Domain<F, api::PaymentsRequest> for PaymentCreate {
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await
helpers::make_pm_data(Box::new(self), state, payment_data).await
}
#[instrument(skip_all)]

21
crates/router/src/core/payments/operations/payment_method_validate.rs
View File

@ -16,7 +16,6 @@ use crate::{
utils as core_utils,
},
db::StorageInterface,
pii::Secret,
routes::AppState,
types::{
self,
@ -237,29 +236,13 @@ where
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<storage_enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: storage_enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::VerifyRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await
helpers::make_pm_data(Box::new(self), state, payment_data).await
}
async fn get_connector<'a>(

10
crates/router/src/core/payments/operations/payment_session.rs
View File

@ -253,20 +253,14 @@ where
async fn make_pm_data<'b>(
&'b self,
_state: &'b AppState,
_payment_method: Option<enums::PaymentMethodType>,
_txn_id: &str,
_payment_attempt: &storage::PaymentAttempt,
_request: &Option<api::PaymentMethod>,
_token: &Option<String>,
_card_cvc: Option<Secret<String>>,
_payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'b, F, api::PaymentsSessionRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
//No payment method data for this operation
Ok((Box::new(self), None, None))
Ok((Box::new(self), None))
}
async fn get_connector<'a>(

20
crates/router/src/core/payments/operations/payment_start.rs
View File

@ -238,29 +238,13 @@ where
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsStartRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await
helpers::make_pm_data(Box::new(self), state, payment_data).await
}
async fn get_connector<'a>(

21
crates/router/src/core/payments/operations/payment_status.rs
View File

@ -2,7 +2,6 @@ use std::marker::PhantomData;
use async_trait::async_trait;
use error_stack::ResultExt;
use masking::Secret;
use router_derive::PaymentOperation;
use router_env::{instrument, tracing};
@ -79,29 +78,13 @@ impl<F: Clone + Send> Domain<F, api::PaymentsRequest> for PaymentStatus {
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await
helpers::make_pm_data(Box::new(self), state, payment_data).await
}
#[instrument(skip_all)]

21
crates/router/src/core/payments/operations/payment_update.rs
View File

@ -3,7 +3,6 @@ use std::marker::PhantomData;
use async_trait::async_trait;
use common_utils::ext_traits::AsyncExt;
use error_stack::{report, ResultExt};
use masking::Secret;
use router_derive::PaymentOperation;
use router_env::{instrument, tracing};
@ -232,29 +231,13 @@ impl<F: Clone + Send> Domain<F, api::PaymentsRequest> for PaymentUpdate {
async fn make_pm_data<'a>(
&'a self,
state: &'a AppState,
payment_method: Option<enums::PaymentMethodType>,
txn_id: &str,
payment_attempt: &storage::PaymentAttempt,
request: &Option<api::PaymentMethod>,
token: &Option<String>,
card_cvc: Option<Secret<String>>,
payment_data: &mut PaymentData<F>,
_storage_scheme: enums::MerchantStorageScheme,
) -> RouterResult<(
BoxedOperation<'a, F, api::PaymentsRequest>,
Option<api::PaymentMethod>,
Option<String>,
)> {
helpers::make_pm_data(
Box::new(self),
state,
payment_method,
txn_id,
payment_attempt,
request,
token,
card_cvc,
)
.await
helpers::make_pm_data(Box::new(self), state, payment_data).await
}
#[instrument(skip_all)]

1
crates/storage_models/src/locker_mock_up.rs
View File

@ -35,4 +35,5 @@ pub struct LockerMockUpNew {
pub card_exp_month: String,
pub card_cvc: Option<String>,
pub payment_method_id: Option<String>,
pub customer_id: Option<String>,
}