frappe · ruthra-kumar · Nov 7, 2024 · Nov 4, 2024
diff --git a/payments/templates/pages/paytm_checkout.py b/payments/templates/pages/paytm_checkout.py
@@ -9,13 +9,16 @@
 	get_paytm_config,
 	get_paytm_params,
 )
+from payments.utils.utils import validate_integration_request
 
 
 def get_context(context):
 	context.no_cache = 1
 	paytm_config = get_paytm_config()
 
 	try:
+		validate_integration_request(frappe.form_dict["order_id"])
+
 		doc = frappe.get_doc("Integration Request", frappe.form_dict["order_id"])
 
 		context.payment_details = get_paytm_params(json.loads(doc.data), doc.name, paytm_config)

diff --git a/payments/templates/pages/razorpay_checkout.py b/payments/templates/pages/razorpay_checkout.py
@@ -6,6 +6,8 @@
 from frappe import _
 from frappe.utils import cint, flt
 
+from payments.utils.utils import validate_integration_request
+
 no_cache = 1
 
 expected_keys = (
@@ -26,7 +28,10 @@ def get_context(context):
 	context.api_key = get_api_key()
 
 	try:
+		validate_integration_request(frappe.form_dict["token"])
+
 		doc = frappe.get_doc("Integration Request", frappe.form_dict["token"])
+
 		payment_details = json.loads(doc.data)
 
 		for key in expected_keys:

diff --git a/payments/utils/utils.py b/payments/utils/utils.py
@@ -6,6 +6,11 @@
 from frappe.custom.doctype.custom_field.custom_field import create_custom_fields
 
 
+def validate_integration_request(docname: str | None):
+	if frappe.db.get_value("Integration Request", docname, "status") == "Cancelled":
+		frappe.throw(_("Expired Token"))
+
+
 def get_payment_gateway_controller(payment_gateway):
 	"""Return payment gateway controller"""
 	gateway = frappe.get_doc("Payment Gateway", payment_gateway)