Merge branch 'main' of https://github.com/juspay/hyperswitch into logging-wrapper-fix-ucs

Author: AmitsinghTanwar007

CHANGELOG.md

@@ -4,6 +4,31 @@ All notable changes to HyperSwitch will be documented here.
 
 - - -
 
+## 2025.12.09.0
+
+### Features
+
+- **core:** Consume Card Holder Name in Payment Method Batch Migrations ([#10551](https://github.com/juspay/hyperswitch/pull/10551)) ([`a690a40`](https://github.com/juspay/hyperswitch/commit/a690a40bab3deae2f79ff9717b8eee81bec29462))
+- **platform:** Implement platform-connected setup for publishable key authentication ([#10475](https://github.com/juspay/hyperswitch/pull/10475)) ([`3831a52`](https://github.com/juspay/hyperswitch/commit/3831a526358bb79091bc51f7bfa7b4bd05518ccb))
+- **revenue_recovery:** Enable multiple retries for partial charged payments ([#9818](https://github.com/juspay/hyperswitch/pull/9818)) ([`e7fe480`](https://github.com/juspay/hyperswitch/commit/e7fe4804acd86ae0cc561cbe71d1ea227e4452cc))
+
+### Bug Fixes
+
+- Send customer_name to ucs during customer create ([#10561](https://github.com/juspay/hyperswitch/pull/10561)) ([`eb6080f`](https://github.com/juspay/hyperswitch/commit/eb6080fe1a6025acf631694278cadaad97c4ff2b))
+- Use proper masked deserialize method to deserialize ucs response ([#10566](https://github.com/juspay/hyperswitch/pull/10566)) ([`d42c447`](https://github.com/juspay/hyperswitch/commit/d42c447bd8d709dd451193540c140ce9fd2c5ce2))
+
+### Miscellaneous Tasks
+
+- **postman:** Update Postman collection files ([`f436d7b`](https://github.com/juspay/hyperswitch/commit/f436d7b80692588655f102eb3e02c1cabc534242))
+
+### Revert
+
+- **postman:** Postman tests for bluesnap and stripe failure scenarios ([#10527](https://github.com/juspay/hyperswitch/pull/10527)) ([`d84e66b`](https://github.com/juspay/hyperswitch/commit/d84e66b88cbb4ed9c4557b8fcb92ab6529769e9a))
+
+**Full Changelog:** [`2025.12.08.0...2025.12.09.0`](https://github.com/juspay/hyperswitch/compare/2025.12.08.0...2025.12.09.0)
+
+- - -
+
 ## 2025.12.08.0
 
 ### Features

crates/router/src/routes/payments.rs

@@ -857,7 +857,10 @@ pub async fn payments_post_session_tokens(
                 header_payload.clone(),
             )
         },
-        &auth::PublishableKeyAuth,
+        &auth::PublishableKeyAuth {
+            is_connected_allowed: false,
+            is_platform_allowed: false,
+        },
         locking_action,
     ))
     .await
@@ -1113,7 +1116,10 @@ pub async fn payments_dynamic_tax_calculation(
                 header_payload.clone(),
             )
         },
-        &auth::PublishableKeyAuth,
+        &auth::PublishableKeyAuth {
+            is_connected_allowed: false,
+            is_platform_allowed: false,
+        },
         locking_action,
     ))
     .await
@@ -1237,7 +1243,10 @@ pub async fn payments_connector_session(
                 header_payload.clone(),
             )
         },
-        &auth::HeaderAuth(auth::PublishableKeyAuth),
+        &auth::HeaderAuth(auth::PublishableKeyAuth {
+            is_connected_allowed: false,
+            is_platform_allowed: false,
+        }),
         locking_action,
     ))
     .await
@@ -2409,7 +2418,10 @@ pub async fn payments_external_authentication(
                 hyperswitch_domain_models::router_flow_types::Authenticate,
             >(state, platform, req)
         },
-        &auth::HeaderAuth(auth::PublishableKeyAuth),
+        &auth::HeaderAuth(auth::PublishableKeyAuth {
+            is_connected_allowed: false,
+            is_platform_allowed: false,
+        }),
         locking_action,
     ))
     .await

crates/router/src/routes/poll.rs

@@ -43,7 +43,10 @@ pub async fn retrieve_poll_status(
             let platform = auth.into();
             poll::retrieve_poll_status(state, req, platform)
         },
-        &auth::HeaderAuth(auth::PublishableKeyAuth),
+        &auth::HeaderAuth(auth::PublishableKeyAuth {
+            is_connected_allowed: false,
+            is_platform_allowed: false,
+        }),
         api_locking::LockAction::NotApplicable,
     ))
     .await

crates/router/src/services/authentication.rs

@@ -2731,8 +2731,11 @@ where
         api_auth
     }
 }
-#[derive(Debug)]
-pub struct PublishableKeyAuth;
+#[derive(Debug, Default)]
+pub struct PublishableKeyAuth {
+    pub is_connected_allowed: bool,
+    pub is_platform_allowed: bool,
+}
 
 #[cfg(feature = "partial-auth")]
 impl GetAuthType for PublishableKeyAuth {
@@ -2744,10 +2747,10 @@ impl GetAuthType for PublishableKeyAuth {
 #[cfg(feature = "partial-auth")]
 impl GetMerchantAccessFlags for PublishableKeyAuth {
     fn get_is_connected_allowed(&self) -> bool {
-        false // Publishable key doesn't support connected merchant operations currently
+        self.is_connected_allowed
     }
     fn get_is_platform_allowed(&self) -> bool {
-        false // Publishable key doesn't support platform merchant operations currently
+        self.is_platform_allowed
     }
 }
 
@@ -2762,29 +2765,45 @@ where
         request_headers: &HeaderMap,
         state: &A,
     ) -> RouterResult<(AuthenticationData, AuthenticationType)> {
-        if state.conf().platform.enabled {
-            throw_error_if_platform_merchant_authentication_required(request_headers)?;
-        }
-
         let publishable_key =
             get_api_key(request_headers).change_context(errors::ApiErrorResponse::Unauthorized)?;
-        state
+
+        // Find initiator merchant and key store
+        let (initiator_merchant, key_store) = state
             .store()
             .find_merchant_account_by_publishable_key(publishable_key)
             .await
-            .to_not_found_response(errors::ApiErrorResponse::Unauthorized)
-            .map(|(merchant_account, key_store)| {
-                let merchant_id = merchant_account.get_id().clone();
-                (
-                    AuthenticationData {
-                        merchant_account,
-                        platform_account_with_key_store: None,
-                        key_store,
-                        profile_id: None,
-                    },
-                    AuthenticationType::PublishableKey { merchant_id },
-                )
-            })
+            .to_not_found_response(errors::ApiErrorResponse::Unauthorized)?;
+
+        // Check access permissions using existing function
+        check_merchant_access(
+            state,
+            initiator_merchant.merchant_account_type,
+            self.is_connected_allowed,
+            self.is_platform_allowed,
+        )?;
+
+        // Resolve merchant relationships using existing function
+        let (merchant, key_store, platform_account_with_key_store) =
+            resolve_merchant_accounts_and_key_stores(
+                state,
+                request_headers,
+                initiator_merchant.clone(),
+                key_store,
+            )
+            .await?;
+
+        Ok((
+            AuthenticationData {
+                merchant_account: merchant,
+                platform_account_with_key_store,
+                key_store,
+                profile_id: None,
+            },
+            AuthenticationType::PublishableKey {
+                merchant_id: initiator_merchant.get_id().clone(),
+            },
+        ))
     }
 }
 
@@ -2805,25 +2824,51 @@ where
             get_id_type_by_key_from_headers(headers::X_PROFILE_ID.to_string(), request_headers)?
                 .get_required_value(headers::X_PROFILE_ID)?;
 
-        let (merchant_account, key_store) = state
+        // Find initiator merchant and key store
+        let (initiator_merchant, key_store) = state
             .store()
             .find_merchant_account_by_publishable_key(publishable_key)
             .await
             .to_not_found_response(errors::ApiErrorResponse::Unauthorized)?;
-        let merchant_id = merchant_account.get_id().clone();
+
+        // Check access permissions using existing function
+        check_merchant_access(
+            state,
+            initiator_merchant.merchant_account_type,
+            self.is_connected_allowed,
+            self.is_platform_allowed,
+        )?;
+
+        // Resolve merchant relationships using existing function
+        let (merchant, key_store, platform_account_with_key_store) =
+            resolve_merchant_accounts_and_key_stores(
+                state,
+                request_headers,
+                initiator_merchant.clone(),
+                key_store,
+            )
+            .await?;
+
+        // Find and validate profile after merchant resolution
         let profile = state
             .store()
-            .find_business_profile_by_merchant_id_profile_id(&key_store, &merchant_id, &profile_id)
+            .find_business_profile_by_merchant_id_profile_id(
+                &key_store,
+                merchant.get_id(),
+                &profile_id,
+            )
             .await
             .to_not_found_response(errors::ApiErrorResponse::Unauthorized)?;
         Ok((
             AuthenticationData {
-                merchant_account,
+                merchant_account: merchant,
+                platform_account_with_key_store,
                 key_store,
                 profile,
-                platform_account_with_key_store: None,
             },
-            AuthenticationType::PublishableKey { merchant_id },
+            AuthenticationType::PublishableKey {
+                merchant_id: initiator_merchant.get_id().clone(),
+            },
         ))
     }
 }
@@ -4228,7 +4273,10 @@ pub fn get_auth_type_and_flow<A: SessionStateInfo + Sync + Send>(
 
     if api_key.starts_with("pk_") {
         return Ok((
-            Box::new(HeaderAuth(PublishableKeyAuth)),
+            Box::new(HeaderAuth(PublishableKeyAuth {
+                is_connected_allowed: api_auth.is_connected_allowed,
+                is_platform_allowed: api_auth.is_platform_allowed,
+            })),
             api::AuthFlow::Client,
         ));
     }
@@ -4257,7 +4305,10 @@ where
                 field_name: "client_secret",
             })?;
         return Ok((
-            Box::new(HeaderAuth(PublishableKeyAuth)),
+            Box::new(HeaderAuth(PublishableKeyAuth {
+                is_connected_allowed: api_auth.is_connected_allowed,
+                is_platform_allowed: api_auth.is_platform_allowed,
+            })),
             api::AuthFlow::Client,
         ));
     }

postman/collection-dir/bluesnap/Flow Testcases/Happy Cases/Scenario11-Pass Invalid CVV for save card flow and verify failed payment Copy/Save card payments - Confirm/event.test.js

@@ -97,7 +97,7 @@ if (jsonData?.error_message) {
   pm.test(
     "[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'Order creation failure due to problematic input. & There is a mismatch between the Credit Card American Express and Security Code. '",
     function () {
-      pm.expect(jsonData.error_message).to.eql("VALIDATION_GENERAL_FAILURE");
+      pm.expect(jsonData.error_message).to.eql("Order creation failure due to problematic input. & There is a mismatch between the Credit Card American Express and Security Code. ");
     },
   );
 }

postman/collection-dir/stripe/Flow Testcases/Happy Cases/Scenario8-Create a failure card payment with confirm true/Payments - Create/event.test.js

@@ -89,12 +89,12 @@ if (jsonData?.error_code) {
   );
 }
 
-// Response body should have value "Your card has insufficient funds." for "error_message"
+// Response body should have value "message - Your card has insufficient funds., decline_code - insufficient_funds" for "error_message"
 if (jsonData?.error_message) {
   pm.test(
-    "[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'Your card has insufficient funds.'",
+    "[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'message - Your card has insufficient funds., decline_code - insufficient_funds'",
     function () {
-      pm.expect(jsonData.error_message).to.eql("Your card has insufficient funds.");
+      pm.expect(jsonData.error_message).to.eql("message - Your card has insufficient funds., decline_code - insufficient_funds");
     },
   );
 }

postman/collection-dir/stripe/Flow Testcases/Happy Cases/Scenario8-Create a failure card payment with confirm true/Payments - Retrieve/event.test.js

@@ -89,12 +89,12 @@ if (jsonData?.error_code) {
   );
 }
 
-// Response body should have value "Your card has insufficient funds." for "error_message"
+// Response body should have value "message - Your card has insufficient funds., decline_code - insufficient_funds" for "error_message"
 if (jsonData?.error_message) {
   pm.test(
-    "[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'Your card has insufficient funds.'",
+    "[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'message - Your card has insufficient funds., decline_code - insufficient_funds'",
     function () {
-      pm.expect(jsonData.error_message).to.eql("Your card has insufficient funds.");
+      pm.expect(jsonData.error_message).to.eql("message - Your card has insufficient funds., decline_code - insufficient_funds");
     },
   );
 }

postman/collection-json/bluesnap.postman_collection.json

@@ -2230,7 +2230,7 @@
                           "  pm.test(",
                           "    \"[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'Order creation failure due to problematic input. & There is a mismatch between the Credit Card American Express and Security Code. '\",",
                           "    function () {",
-                          "      pm.expect(jsonData.error_message).to.eql(\"VALIDATION_GENERAL_FAILURE\");",
+                          "      pm.expect(jsonData.error_message).to.eql(\"Order creation failure due to problematic input. & There is a mismatch between the Credit Card American Express and Security Code. \");",
                           "    },",
                           "  );",
                           "}"

postman/collection-json/stripe.postman_collection.json

@@ -10152,12 +10152,12 @@
                           "  );",
                           "}",
                           "",
-                          "// Response body should have value \"Your card has insufficient funds.\" for \"error_message\"",
+                          "// Response body should have value \"message - Your card has insufficient funds., decline_code - insufficient_funds\" for \"error_message\"",
                           "if (jsonData?.error_message) {",
                           "  pm.test(",
-                          "    \"[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'Your card has insufficient funds.'\",",
+                          "    \"[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'message - Your card has insufficient funds., decline_code - insufficient_funds'\",",
                           "    function () {",
-                          "      pm.expect(jsonData.error_message).to.eql(\"Your card has insufficient funds.\");",
+                          "      pm.expect(jsonData.error_message).to.eql(\"message - Your card has insufficient funds., decline_code - insufficient_funds\");",
                           "    },",
                           "  );",
                           "}",
@@ -10299,12 +10299,12 @@
                           "  );",
                           "}",
                           "",
-                          "// Response body should have value \"Your card has insufficient funds.\" for \"error_message\"",
+                          "// Response body should have value \"message - Your card has insufficient funds., decline_code - insufficient_funds\" for \"error_message\"",
                           "if (jsonData?.error_message) {",
                           "  pm.test(",
-                          "    \"[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'Your card has insufficient funds.'\",",
+                          "    \"[POST]::/payments/:id/confirm - Content check if value for 'error_message' matches 'message - Your card has insufficient funds., decline_code - insufficient_funds'\",",
                           "    function () {",
-                          "      pm.expect(jsonData.error_message).to.eql(\"Your card has insufficient funds.\");",
+                          "      pm.expect(jsonData.error_message).to.eql(\"message - Your card has insufficient funds., decline_code - insufficient_funds\");",
                           "    },",
                           "  );",
                           "}",