feat(payments): add client_secret auth for payments retrieve (#1663)

crates/router/src/compatibility/stripe/payment_intents.rs

@@ -70,6 +70,7 @@ pub async fn payment_intents_retrieve(
     state: web::Data<routes::AppState>,
     req: HttpRequest,
     path: web::Path<String>,
+    query_payload: web::Query<types::StripePaymentRetrieveBody>,
 ) -> HttpResponse {
     let payload = payment_types::PaymentsRetrieveRequest {
         resource_id: api_types::PaymentIdType::PaymentIntentId(path.to_string()),
@@ -78,12 +79,14 @@ pub async fn payment_intents_retrieve(
         connector: None,
         param: None,
         merchant_connector_details: None,
+        client_secret: query_payload.client_secret.clone(),
     };
 
-    let (auth_type, auth_flow) = match auth::get_auth_type_and_flow(req.headers()) {
-        Ok(auth) => auth,
-        Err(err) => return api::log_and_return_error_response(report!(err)),
-    };
+    let (auth_type, auth_flow) =
+        match auth::check_client_secret_and_get_auth(req.headers(), &payload) {
+            Ok(auth) => auth,
+            Err(err) => return api::log_and_return_error_response(report!(err)),
+        };
 
     let flow = Flow::PaymentsRetrieve;
 

crates/router/src/compatibility/stripe/payment_intents/types.rs

@@ -718,3 +718,8 @@ pub(crate) fn into_stripe_next_action(
         }
     })
 }
+
+#[derive(Deserialize, Clone)]
+pub struct StripePaymentRetrieveBody {
+    pub client_secret: Option<String>,
+}

crates/router/src/compatibility/stripe/setup_intents.rs

@@ -6,7 +6,10 @@ use error_stack::report;
 use router_env::{instrument, tracing, Flow};
 
 use crate::{
-    compatibility::{stripe::errors, wrap},
+    compatibility::{
+        stripe::{errors, payment_intents::types as stripe_payment_types},
+        wrap,
+    },
     core::payments,
     routes,
     services::{api, authentication as auth},
@@ -71,6 +74,7 @@ pub async fn setup_intents_retrieve(
     state: web::Data<routes::AppState>,
     req: HttpRequest,
     path: web::Path<String>,
+    query_payload: web::Query<stripe_payment_types::StripePaymentRetrieveBody>,
 ) -> HttpResponse {
     let payload = payment_types::PaymentsRetrieveRequest {
         resource_id: api_types::PaymentIdType::PaymentIntentId(path.to_string()),
@@ -79,12 +83,14 @@ pub async fn setup_intents_retrieve(
         connector: None,
         param: None,
         merchant_connector_details: None,
+        client_secret: query_payload.client_secret.clone(),
     };
 
-    let (auth_type, auth_flow) = match auth::get_auth_type_and_flow(req.headers()) {
-        Ok(auth) => auth,
-        Err(err) => return api::log_and_return_error_response(report!(err)),
-    };
+    let (auth_type, auth_flow) =
+        match auth::check_client_secret_and_get_auth(req.headers(), &payload) {
+            Ok(auth) => auth,
+            Err(err) => return api::log_and_return_error_response(report!(err)),
+        };
 
     let flow = Flow::PaymentsRetrieve;
 

crates/router/src/core/payments.rs

@@ -486,6 +486,7 @@ impl PaymentRedirectFlow for PaymentRedirectSync {
                     encoded_data: None,
                 }
             }),
+            client_secret: None,
         };
         payments_core::<api::PSync, api::PaymentsResponse, _, _, _>(
             state,

crates/router/src/core/webhooks.rs

@@ -55,6 +55,7 @@ pub async fn payments_incoming_webhook_flow<W: api::OutgoingWebhookType>(
                     connector: None,
                     param: None,
                     merchant_connector_details: None,
+                    client_secret: None,
                 },
                 services::AuthFlow::Merchant,
                 consume_or_trigger_flow,

crates/router/src/routes/payments.rs

@@ -148,12 +148,14 @@ pub async fn payments_retrieve(
         resource_id: payment_types::PaymentIdType::PaymentIntentId(path.to_string()),
         merchant_id: json_payload.merchant_id.clone(),
         force_sync: json_payload.force_sync.unwrap_or(false),
+        client_secret: json_payload.client_secret.clone(),
         ..Default::default()
     };
-    let (auth_type, _auth_flow) = match auth::get_auth_type_and_flow(req.headers()) {
-        Ok(auth) => auth,
-        Err(err) => return api::log_and_return_error_response(report!(err)),
-    };
+    let (auth_type, auth_flow) =
+        match auth::check_client_secret_and_get_auth(req.headers(), &payload) {
+            Ok(auth) => auth,
+            Err(err) => return api::log_and_return_error_response(report!(err)),
+        };
 
     api::server_wrap(
         flow,
@@ -167,7 +169,7 @@ pub async fn payments_retrieve(
                 auth.key_store,
                 payments::PaymentStatus,
                 req,
-                api::AuthFlow::Merchant,
+                auth_flow,
                 payments::CallConnectorAction::Trigger,
             )
         },

crates/router/src/services/authentication.rs

@@ -372,6 +372,12 @@ impl ClientSecretFetch for api_models::cards_info::CardsInfoRequest {
     }
 }
 
+impl ClientSecretFetch for api_models::payments::PaymentsRetrieveRequest {
+    fn get_client_secret(&self) -> Option<&String> {
+        self.client_secret.as_ref()
+    }
+}
+
 pub fn get_auth_type_and_flow<A: AppStateInfo + Sync>(
     headers: &HeaderMap,
 ) -> RouterResult<(