diff --git a/app/Http/Controllers/ClientPortal/InvitationController.php b/app/Http/Controllers/ClientPortal/InvitationController.php
index 7cd2d273174a..26c3f671c4d9 100644
--- a/app/Http/Controllers/ClientPortal/InvitationController.php
+++ b/app/Http/Controllers/ClientPortal/InvitationController.php
@@ -239,7 +239,7 @@ class InvitationController extends Controller
             $invitation->contact->restore();
         
         auth()->guard('contact')->loginUsingId($invitation->contact->id, true);
-
+        
         $invoice = $invitation->invoice;
 
         if($invoice->partial > 0)
diff --git a/app/Http/Controllers/ClientPortal/PaymentController.php b/app/Http/Controllers/ClientPortal/PaymentController.php
index 1459af1bf596..add7551bd9de 100644
--- a/app/Http/Controllers/ClientPortal/PaymentController.php
+++ b/app/Http/Controllers/ClientPortal/PaymentController.php
@@ -90,14 +90,17 @@ class PaymentController extends Controller
 
     public function response(PaymentResponseRequest $request)
     {
-        
+
         $gateway = CompanyGateway::findOrFail($request->input('company_gateway_id'));
-        $payment_hash = PaymentHash::where('hash', $request->payment_hash)->first();
+        $payment_hash = PaymentHash::where('hash', $request->payment_hash)->firstOrFail();
         $invoice = Invoice::with('client')->find($payment_hash->fee_invoice_id);
-        $client = $invoice ? $invoice->client : auth()->user()->client;
+        $client = $invoice ? $invoice->client : auth()->guard('contact')->user()->client;
+
+        // 09-07-2022 catch duplicate responses for invoices that already paid here.
+        if($invoice && $invoice->status_id == Invoice::STATUS_PAID)
+            abort(400, 'Invoice paid. Duplicate submission');
 
             return $gateway
-                // ->driver(auth()->user()->client)
                 ->driver($client)
                 ->setPaymentMethod($request->input('payment_method_id'))
                 ->setPaymentHash($payment_hash)
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 9557ade3a718..d73386f10960 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -44,6 +44,7 @@ use App\Http\Middleware\UrlSetDb;
 use App\Http\Middleware\UserVerified;
 use App\Http\Middleware\VendorLocale;
 use App\Http\Middleware\VerifyCsrfToken;
+use App\Http\Middleware\VerifyHash;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Auth\Middleware\EnsureEmailIsVerified;
@@ -161,6 +162,7 @@ class Kernel extends HttpKernel
         'locale' => Locale::class,
         'vendor_locale' => VendorLocale::class,
         'contact_register' => ContactRegister::class,
+        'verify_hash' => VerifyHash::class,
         'shop_token_auth' => ShopTokenAuth::class,
         'phantom_secret' => PhantomSecret::class,
         'contact_key_login' => ContactKeyLogin::class,
diff --git a/routes/client.php b/routes/client.php
index b6750d0ca76a..db7a50434008 100644
--- a/routes/client.php
+++ b/routes/client.php
@@ -53,8 +53,9 @@ Route::group(['middleware' => ['auth:contact', 'locale', 'domain_db','check_clie
 
     Route::get('payments', 'ClientPortal\PaymentController@index')->name('payments.index')->middleware('portal_enabled');
     Route::get('payments/{payment}', 'ClientPortal\PaymentController@show')->name('payments.show');
-    Route::post('payments/process/response', 'ClientPortal\PaymentController@response')->name('payments.response');
-    Route::get('payments/process/response', 'ClientPortal\PaymentController@response')->name('payments.response.get');
+
+    // Route::post('payments/process/response', 'ClientPortal\PaymentController@response')->name('payments.response');
+    // Route::get('payments/process/response', 'ClientPortal\PaymentController@response')->name('payments.response.get');
 
     Route::get('profile/{client_contact}/edit', 'ClientPortal\ProfileController@edit')->name('profile.edit');
     Route::put('profile/{client_contact}/edit', 'ClientPortal\ProfileController@update')->name('profile.update');
@@ -99,6 +100,9 @@ Route::group(['middleware' => ['auth:contact', 'locale', 'domain_db','check_clie
 
 });
 
+Route::post('payments/process/response', 'ClientPortal\PaymentController@response')->name('client.payments.response')->middleware(['locale', 'domain_db', 'verify_hash']);
+Route::get('payments/process/response', 'ClientPortal\PaymentController@response')->name('client.payments.response.get')->middleware(['locale', 'domain_db', 'verify_hash']);
+
 Route::get('client/subscriptions/{subscription}/purchase', 'ClientPortal\SubscriptionPurchaseController@index')->name('client.subscription.purchase')->middleware('domain_db');
 
 Route::group(['middleware' => ['invite_db'], 'prefix' => 'client', 'as' => 'client.'], function () {