From 4c99f7159d94b8ea6085fa7d0b0651e717acd66a Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Fri, 12 Nov 2021 14:39:47 +0530
Subject: [PATCH] fix(M-Pesa): validate type before executing `get_doc`
 (#28369) (#28373)

(cherry picked from commit 6d3e9bce5f6bcecd6f4eec555cbdffd8f1df62e3)

Co-authored-by: Sagar Vora <sagar@resilient.tech>
---
 .../doctype/mpesa_settings/mpesa_settings.py                | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py b/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py
index 4ce85e58a61..1aef82f9fc3 100644
--- a/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py
+++ b/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py
@@ -143,6 +143,9 @@ def verify_transaction(**kwargs):
 	transaction_response = frappe._dict(kwargs["Body"]["stkCallback"])
 
 	checkout_id = getattr(transaction_response, "CheckoutRequestID", "")
+	if not isinstance(checkout_id, str):
+		frappe.throw(_("Invalid Checkout Request ID"))
+
 	integration_request = frappe.get_doc("Integration Request", checkout_id)
 	transaction_data = frappe._dict(loads(integration_request.data))
 	total_paid = 0 # for multiple integration request made against a pos invoice
@@ -233,6 +236,9 @@ def process_balance_info(**kwargs):
 	account_balance_response = frappe._dict(kwargs["Result"])
 
 	conversation_id = getattr(account_balance_response, "ConversationID", "")
+	if not isinstance(conversation_id, str):
+		frappe.throw(_("Invalid Conversation ID"))
+
 	request = frappe.get_doc("Integration Request", conversation_id)
 
 	if request.status == "Completed":