fix(router): add customer_id validation for payment method create flow (#2543)

crates/router/src/core/payment_methods/cards.rs

@@ -54,6 +54,7 @@ use crate::{
 };
 
 #[instrument(skip_all)]
+#[allow(clippy::too_many_arguments)]
 pub async fn create_payment_method(
     db: &dyn db::StorageInterface,
     req: &api::PaymentMethodCreate,
@@ -62,7 +63,12 @@ pub async fn create_payment_method(
     merchant_id: &str,
     pm_metadata: Option<serde_json::Value>,
     payment_method_data: Option<Encryption>,
-) -> errors::CustomResult<storage::PaymentMethod, errors::StorageError> {
+    key_store: &domain::MerchantKeyStore,
+) -> errors::CustomResult<storage::PaymentMethod, errors::ApiErrorResponse> {
+    db.find_customer_by_customer_id_merchant_id(customer_id, merchant_id, key_store)
+        .await
+        .to_not_found_response(errors::ApiErrorResponse::CustomerNotFound)?;
+
     let response = db
         .insert_payment_method(storage::PaymentMethodNew {
             customer_id: customer_id.to_string(),
@@ -76,7 +82,9 @@ pub async fn create_payment_method(
             payment_method_data,
             ..storage::PaymentMethodNew::default()
         })
-        .await?;
+        .await
+        .change_context(errors::ApiErrorResponse::InternalServerError)
+        .attach_printable("Failed to add payment method in db")?;
 
     Ok(response)
 }
@@ -141,10 +149,9 @@ pub async fn add_payment_method(
             &resp.merchant_id,
             pm_metadata.cloned(),
             pm_data_encrypted,
+            key_store,
         )
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Failed to save Payment Method")?;
+        .await?;
     }
 
     Ok(resp).map(services::ApplicationResponse::Json)

crates/router/src/core/payments/tokenization.rs

@@ -126,12 +126,9 @@ where
                                             merchant_id,
                                             pm_metadata,
                                             pm_data_encrypted,
+                                            key_store,
                                         )
                                         .await
-                                        .change_context(
-                                            errors::ApiErrorResponse::InternalServerError,
-                                        )
-                                        .attach_printable("Failed to add payment method in db")
                                     }
                                     _ => {
                                         Err(report!(errors::ApiErrorResponse::InternalServerError)
@@ -155,10 +152,9 @@ where
                         merchant_id,
                         pm_metadata,
                         pm_data_encrypted,
+                        key_store,
                     )
-                    .await
-                    .change_context(errors::ApiErrorResponse::InternalServerError)
-                    .attach_printable("Failed to add payment method in db")?;
+                    .await?;
                 };
                 Some(locker_response.0.payment_method_id)
             } else {

crates/router/src/core/payouts/helpers.rs

@@ -247,10 +247,9 @@ pub async fn save_payout_data_to_locker(
         &merchant_account.merchant_id,
         None,
         card_details_encrypted,
+        key_store,
     )
-    .await
-    .change_context(errors::ApiErrorResponse::InternalServerError)
-    .attach_printable("Failed to save payment method")?;
+    .await?;
 
     Ok(())
 }