feat(router): Validate payment method type in payments request against given payment method data for non-card flows (#1236)

Co-authored-by: pixincreate@work <69745008+pixincreate@users.noreply.github.com> Co-authored-by: Narayan Bhat <narayan.bhat@juspay.in> Co-authored-by: Kritik Modi <kritik.modi@Kritik-Modi-G7YQRXF3XF.local> Co-authored-by: Prajjwal Kumar <prajjwal.kumar@juspay.in> Co-authored-by: ItsMeShashank <shashank.attarde@juspay.in> Co-authored-by: Sanchith Hegde <22217505+SanchithHegde@users.noreply.github.com>
2025-11-01 19:42:27 +08:00 · 2023-07-27 10:34:35 +05:30
parent b207eaad27
commit 7607b6b671
1 changed files with 63 additions and 0 deletions
--- a/crates/router/src/core/payments/helpers.rs
+++ b/crates/router/src/core/payments/helpers.rs
@ -37,6 +37,7 @@ use crate::{
            types::{self, AsyncLift},
        },
        storage::{self, enums as storage_enums, ephemeral_key, CustomerUpdate::Update},
+        transformers::ForeignInto,
        ErrorResponse, RouterData,
    },
    utils::{
@ -1371,6 +1372,18 @@ pub(crate) fn validate_payment_method_fields_present(
        },
    )?;

+    utils::when(
+        !matches!(
+            req.payment_method,
+            Some(api_enums::PaymentMethod::Card) | None
+        ) && (req.payment_method_type.is_none()),
+        || {
+            Err(errors::ApiErrorResponse::MissingRequiredField {
+                field_name: "payment_method_type",
+            })
+        },
+    )?;
+
    utils::when(
        req.payment_method.is_some()
            && req.payment_method_data.is_none()
@ -1382,6 +1395,56 @@ pub(crate) fn validate_payment_method_fields_present(
        },
    )?;

+    let payment_method: Option<api_enums::PaymentMethod> =
+        (req.payment_method_type).map(ForeignInto::foreign_into);
+
+    utils::when(
+        req.payment_method.is_some()
+            && req.payment_method_type.is_some()
+            && (req.payment_method != payment_method),
+        || {
+            Err(errors::ApiErrorResponse::InvalidRequestData {
+                message: ("payment_method_type doesn't correspond to the specified payment_method"
+                    .to_string()),
+            })
+        },
+    )?;
+
+    utils::when(
+        !matches!(
+            req.payment_method
+                .as_ref()
+                .zip(req.payment_method_data.as_ref()),
+            Some(
+                (
+                    api_enums::PaymentMethod::Card,
+                    api::PaymentMethodData::Card(..)
+                ) | (
+                    api_enums::PaymentMethod::Wallet,
+                    api::PaymentMethodData::Wallet(..)
+                ) | (
+                    api_enums::PaymentMethod::PayLater,
+                    api::PaymentMethodData::PayLater(..)
+                ) | (
+                    api_enums::PaymentMethod::BankRedirect,
+                    api::PaymentMethodData::BankRedirect(..)
+                ) | (
+                    api_enums::PaymentMethod::BankDebit,
+                    api::PaymentMethodData::BankDebit(..)
+                ) | (
+                    api_enums::PaymentMethod::Crypto,
+                    api::PaymentMethodData::Crypto(..)
+                )
+            ) | None
+        ),
+        || {
+            Err(errors::ApiErrorResponse::InvalidRequestData {
+                message: "payment_method_data doesn't correspond to the specified payment_method"
+                    .to_string(),
+            })
+        },
+    )?;
+
    Ok(())
 }