fix(router): add customer_id validation for payment method create flow (#2543)

2025-10-30 17:47:54 +08:00 · 2023-10-12 15:00:56 +05:30
parent 0889a6ed06
commit 53d7604603
3 changed files with 17 additions and 15 deletions
--- a/crates/router/src/core/payment_methods/cards.rs
+++ b/crates/router/src/core/payment_methods/cards.rs
@ -54,6 +54,7 @@ use crate::{
 };

 #[instrument(skip_all)]
+#[allow(clippy::too_many_arguments)]
 pub async fn create_payment_method(
    db: &dyn db::StorageInterface,
    req: &api::PaymentMethodCreate,
@ -62,7 +63,12 @@ pub async fn create_payment_method(
    merchant_id: &str,
    pm_metadata: Option<serde_json::Value>,
    payment_method_data: Option<Encryption>,
-) -> errors::CustomResult<storage::PaymentMethod, errors::StorageError> {
+    key_store: &domain::MerchantKeyStore,
+) -> errors::CustomResult<storage::PaymentMethod, errors::ApiErrorResponse> {
+    db.find_customer_by_customer_id_merchant_id(customer_id, merchant_id, key_store)
+        .await
+        .to_not_found_response(errors::ApiErrorResponse::CustomerNotFound)?;
+
    let response = db
        .insert_payment_method(storage::PaymentMethodNew {
            customer_id: customer_id.to_string(),
@ -76,7 +82,9 @@ pub async fn create_payment_method(
            payment_method_data,
            ..storage::PaymentMethodNew::default()
        })
-        .await?;
+        .await
+        .change_context(errors::ApiErrorResponse::InternalServerError)
+        .attach_printable("Failed to add payment method in db")?;

    Ok(response)
 }
@ -141,10 +149,9 @@ pub async fn add_payment_method(
            &resp.merchant_id,
            pm_metadata.cloned(),
            pm_data_encrypted,
+            key_store,
        )
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Failed to save Payment Method")?;
+        .await?;
    }

    Ok(resp).map(services::ApplicationResponse::Json)
--- a/crates/router/src/core/payments/tokenization.rs
+++ b/crates/router/src/core/payments/tokenization.rs
@ -126,12 +126,9 @@ where
                                            merchant_id,
                                            pm_metadata,
                                            pm_data_encrypted,
+                                            key_store,
                                        )
                                        .await
-                                        .change_context(
-                                            errors::ApiErrorResponse::InternalServerError,
-                                        )
-                                        .attach_printable("Failed to add payment method in db")
                                    }
                                    _ => {
                                        Err(report!(errors::ApiErrorResponse::InternalServerError)
@ -155,10 +152,9 @@ where
                        merchant_id,
                        pm_metadata,
                        pm_data_encrypted,
+                        key_store,
                    )
-                    .await
-                    .change_context(errors::ApiErrorResponse::InternalServerError)
-                    .attach_printable("Failed to add payment method in db")?;
+                    .await?;
                };
                Some(locker_response.0.payment_method_id)
            } else {
--- a/crates/router/src/core/payouts/helpers.rs
+++ b/crates/router/src/core/payouts/helpers.rs
@ -247,10 +247,9 @@ pub async fn save_payout_data_to_locker(
        &merchant_account.merchant_id,
        None,
        card_details_encrypted,
+        key_store,
    )
-    .await
-    .change_context(errors::ApiErrorResponse::InternalServerError)
-    .attach_printable("Failed to save payment method")?;
+    .await?;

    Ok(())
 }