refactor(payments): update authentication logic for global_payment_id in V2ClientAuth

GauravRawat369 · GauravRawat369 · commit 9668c90c6ac3 · 2025-03-27T12:28:56.000+05:30
diff --git a/crates/router/src/core/payments/operations/payment_confirm_intent.rs b/crates/router/src/core/payments/operations/payment_confirm_intent.rs
@@ -169,10 +169,10 @@ impl<F: Send + Clone + Sync> GetTracker<F, PaymentConfirmData<F>, PaymentsConfir
         // TODO (#7195): Add platform merchant account validation once publishable key auth is solved
 
         self.validate_status_for_operation(payment_intent.status)?;
-        let client_secret = header_payload
-            .client_secret
-            .as_ref()
-            .get_required_value("client_secret header")?;
+        // let client_secret = header_payload
+        //     .client_secret
+        //     .as_ref()
+        //     .get_required_value("client_secret header")?;
         // payment_intent.validate_client_secret(client_secret)?;
 
         let cell_id = state.conf.cell_information.id.clone();
diff --git a/crates/router/src/core/payments/payment_methods.rs b/crates/router/src/core/payments/payment_methods.rs
@@ -36,13 +36,13 @@ pub async fn list_payment_methods(
 
     validate_payment_status_for_payment_method_list(payment_intent.status)?;
 
-    let client_secret = header_payload
-        .client_secret
-        .as_ref()
-        .get_required_value("client_secret header")
-        .change_context(errors::ApiErrorResponse::MissingRequiredField {
-            field_name: "client_secret header",
-        })?;
+    // let client_secret = header_payload
+    //     .client_secret
+    //     .as_ref()
+    //     .get_required_value("client_secret header")
+    //     .change_context(errors::ApiErrorResponse::MissingRequiredField {
+    //         field_name: "client_secret header",
+    //     })?;
 
     // payment_intent.validate_client_secret(client_secret)?;
 
diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs
@@ -1971,8 +1971,12 @@ where
                 .get_required_value(headers::X_PROFILE_ID)?;
 
         match db_client_secret.resource_id {
-            common_utils::types::authentication::ResourceId::Payment(global_payment_id) => {
-                return Err(errors::ApiErrorResponse::Unauthorized.into())
+            common_utils::types::authentication::ResourceId::Payment(
+                global_payment_id
+            ) => {
+                if global_payment_id.get_string_repr() != self.0.to_str() {
+                    return Err(errors::ApiErrorResponse::Unauthorized.into())
+                }
             }
             common_utils::types::authentication::ResourceId::Customer(global_customer_id) => {
                 if global_customer_id.get_string_repr() != self.0.to_str() {
