fix(payment): disable payment update via client config (#7970)

crates/common_utils/src/id_type/merchant.rs

@@ -219,4 +219,11 @@ impl MerchantId {
             ),
         }
     }
+    /// allow payment update via client auth default should be false
+    pub fn get_payment_update_enabled_for_client_auth_key(&self) -> String {
+        format!(
+            "payment_update_enabled_for_client_auth_{}",
+            self.get_string_repr()
+        )
+    }
 }

crates/router/src/core/payments/helpers.rs

@@ -7431,3 +7431,38 @@ pub async fn validate_allowed_payment_method_types_request(
 
     Ok(())
 }
+
+async fn get_payment_update_enabled_for_client_auth(
+    merchant_id: &id_type::MerchantId,
+    state: &SessionState,
+) -> bool {
+    let key = merchant_id.get_payment_update_enabled_for_client_auth_key();
+    let db = &*state.store;
+    let update_enabled = db.find_config_by_key(key.as_str()).await;
+
+    match update_enabled {
+        Ok(conf) => conf.config.to_lowercase() == "true",
+        Err(error) => {
+            logger::error!(?error);
+            false
+        }
+    }
+}
+
+pub async fn allow_payment_update_enabled_for_client_auth(
+    merchant_id: &id_type::MerchantId,
+    state: &SessionState,
+    auth_flow: services::AuthFlow,
+) -> Result<(), error_stack::Report<errors::ApiErrorResponse>> {
+    match auth_flow {
+        services::AuthFlow::Client => {
+            if get_payment_update_enabled_for_client_auth(merchant_id, state).await {
+                Ok(())
+            } else {
+                Err(errors::ApiErrorResponse::InternalServerError)
+                    .attach_printable("Client auth for payment update is not enabled.")
+            }
+        }
+        services::AuthFlow::Merchant => Ok(()),
+    }
+}

crates/router/src/core/payments/operations/payment_update.rs

@@ -67,7 +67,8 @@ impl<F: Send + Clone + Sync> GetTracker<F, PaymentData<F>, api::PaymentsRequest>
 
         let db = &*state.store;
         let key_manager_state = &state.into();
-
+        helpers::allow_payment_update_enabled_for_client_auth(merchant_id, state, auth_flow)
+            .await?;
         payment_intent = db
             .find_payment_intent_by_payment_id_merchant_id(
                 key_manager_state,