feat(router): Block list spm customer for payment link flow (#3500)

crates/openapi/src/routes/payment_method.rs

@@ -86,7 +86,7 @@ pub async fn list_payment_method_api() {}
 )]
 pub async fn list_customer_payment_method_api() {}
 
-/// List payment methods for a Payment
+/// List customer saved payment methods for a Payment
 ///
 /// Lists all the applicable payment methods for a particular payment tied to the `client_secret`.
 #[utoipa::path(

crates/router/src/core/payment_link/payment_link_status/status.js

@@ -336,44 +336,8 @@ function initializeEventListeners(paymentDetails) {
     "hyper-checkout-status-redirect-message"
   );
 
-  if (window.innerWidth <= 1400) {
-    if (statusRedirectTextNode instanceof HTMLDivElement) {
-      statusRedirectTextNode.style.color = "#333333";
-    }
-  } else if (window.innerWidth > 1400) {
   if (statusRedirectTextNode instanceof HTMLDivElement) {
     statusRedirectTextNode.style.color = contrastBWColor;
   }
-  }
+  };
 
-  window.addEventListener("resize", function (event) {
-    var currentHeight = window.innerHeight;
-    var currentWidth = window.innerWidth;
-    // @ts-ignore
-    if (currentWidth <= 1400 && window.state.prevWidth > 1400) {
-      try {
-        if (statusRedirectTextNode instanceof HTMLDivElement) {
-          statusRedirectTextNode.style.color = "#333333";
-        }
-      } catch (error) {
-        console.error("Failed to fetch primary-color, using default", error);
-      }
-      // @ts-ignore
-    } else if (currentWidth > 1400 && window.state.prevWidth <= 1400) {
-      try {
-        if (statusRedirectTextNode instanceof HTMLDivElement) {
-          statusRedirectTextNode.style.color = contrastBWColor;
-        }
-      } catch (error) {
-        console.error("Failed to revert back to default colors", error);
-      }
-    }
-
-    // @ts-ignore
-    window.state.prevHeight = currentHeight;
-    // @ts-ignore
-    window.state.prevWidth = currentWidth;
-    // @ts-ignore
-    window.state.isMobileView = currentWidth <= 1400;
-  });
-}

crates/router/src/core/payment_methods/cards.rs

@@ -2477,6 +2477,7 @@ pub async fn do_list_customer_pm_fetch_customer_if_not_passed(
                 cloned_secret,
             )
             .await?;
+
         let customer_id = payment_intent
             .as_ref()
             .and_then(|intent| intent.customer_id.to_owned())
@@ -2500,6 +2501,15 @@ pub async fn list_customer_payment_method(
     customer_id: &str,
 ) -> errors::RouterResponse<api::CustomerPaymentMethodsListResponse> {
     let db = &*state.store;
+
+    if let Some(ref payment_intent) = payment_intent {
+        if payment_intent.payment_link_id.is_some() {
+            Err(errors::ApiErrorResponse::AccessForbidden {
+                resource: "saved payment methods".to_string(),
+            })?
+        }
+    };
+
     db.find_customer_by_customer_id_merchant_id(
         customer_id,
         &merchant_account.merchant_id,

openapi/openapi_spec.json

@@ -1319,8 +1319,8 @@
         "tags": [
           "Payment Methods"
         ],
-        "summary": "List payment methods for a Payment",
+        "summary": "List customer saved payment methods for a Payment",
-        "description": "List payment methods for a Payment\n\nLists all the applicable payment methods for a particular payment tied to the `client_secret`.",
+        "description": "List customer saved payment methods for a Payment\n\nLists all the applicable payment methods for a particular payment tied to the `client_secret`.",
         "operationId": "List all Payment Methods for a Customer",
         "parameters": [
           {