From ea0ceae42cf19e47e31d12d6fec5a609a6f89835 Mon Sep 17 00:00:00 2001
From: barredterra <14891507+barredterra@users.noreply.github.com>
Date: Mon, 28 Sep 2020 11:01:16 +0200
Subject: [PATCH] fix: validate token_type, use cstr

---
 .../doctype/token_cache/token_cache.py        | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/frappe/integrations/doctype/token_cache/token_cache.py b/frappe/integrations/doctype/token_cache/token_cache.py
index 12f473addc..2d3b3f9b4d 100644
--- a/frappe/integrations/doctype/token_cache/token_cache.py
+++ b/frappe/integrations/doctype/token_cache/token_cache.py
@@ -3,10 +3,11 @@
 # For license information, please see license.txt
 
 from __future__ import unicode_literals
-import frappe
-import requests
-from urllib.parse import urlencode
 from datetime import datetime, timedelta
+
+import frappe
+from frappe import _
+from frappe.utils import cstr
 from frappe.model.document import Document
 
 class TokenCache(Document):
@@ -19,10 +20,16 @@ class TokenCache(Document):
 		raise frappe.exceptions.DoesNotExistError
 
 	def update_data(self, data):
-		self.access_token = data.get('access_token')
-		self.refresh_token = data.get('refresh_token')
-		self.expires_in = data.get('expires_in')
-		self.token_type = data.get('token_type')
+		token_type = cstr(data.get('token_type', '')).lower()
+		if token_type not in ['bearer', 'mac']:
+			frappe.throw(_('Received an invalid token type.'))
+		# 'Bearer' or 'MAC'
+		token_type = token_type.title() if token_type == 'bearer' else token_type.upper()
+
+		self.token_type = token_type
+		self.access_token = cstr(data.get('access_token', ''))
+		self.refresh_token = cstr(data.get('refresh_token', ''))
+		self.expires_in = cstr(data.get('expires_in', ''))
 
 		new_scopes = data.get('scope')
 		if new_scopes: