From 6d3e9bce5f6bcecd6f4eec555cbdffd8f1df62e3 Mon Sep 17 00:00:00 2001
From: Sagar Vora <sagar@resilient.tech>
Date: Fri, 12 Nov 2021 14:24:33 +0530
Subject: [PATCH] fix(M-Pesa): validate type before executing `get_doc`
 (#28369)

---
 .../doctype/mpesa_settings/mpesa_settings.py                | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py b/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py
index d2b6190a29..e7b4a30e0a 100644
--- a/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py
+++ b/erpnext/erpnext_integrations/doctype/mpesa_settings/mpesa_settings.py
@@ -141,6 +141,9 @@ def verify_transaction(**kwargs):
 	transaction_response = frappe._dict(kwargs["Body"]["stkCallback"])
 
 	checkout_id = getattr(transaction_response, "CheckoutRequestID", "")
+	if not isinstance(checkout_id, str):
+		frappe.throw(_("Invalid Checkout Request ID"))
+
 	integration_request = frappe.get_doc("Integration Request", checkout_id)
 	transaction_data = frappe._dict(loads(integration_request.data))
 	total_paid = 0 # for multiple integration request made against a pos invoice
@@ -231,6 +234,9 @@ def process_balance_info(**kwargs):
 	account_balance_response = frappe._dict(kwargs["Result"])
 
 	conversation_id = getattr(account_balance_response, "ConversationID", "")
+	if not isinstance(conversation_id, str):
+		frappe.throw(_("Invalid Conversation ID"))
+
 	request = frappe.get_doc("Integration Request", conversation_id)
 
 	if request.status == "Completed":