Omit action_code from validate_challenge response

authsignal/client.py

@@ -50,6 +50,18 @@ def _remove_none_values(d: Dict[str, Any]) -> Dict[str, Any]:
         """Remove keys with None values from a dictionary."""
         return {k: v for k, v in d.items() if v is not None}
 
+    def send(self, request, **kwargs):
+        response = super().send(request, **kwargs)
+        if response.headers.get('Content-Type') == 'application/json':
+            try:
+                data = response.json()
+                if isinstance(data, dict) and 'actionCode' in data:
+                    del data['actionCode']
+                response._content = json.dumps(humps.decamelize(data)).encode('utf-8')
+            except json.JSONDecodeError:
+                pass
+        return response
+
 class Client(object):
 
     def __init__(
@@ -109,7 +121,7 @@ def track(self, user_id, action, payload=None, path=None):
                 params=params)
             response.raise_for_status() 
 
-            return humps.decamelize(response.json())
+            return response.json()
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), path) from e
 
@@ -139,7 +151,7 @@ def get_action(self, user_id, action, idempotency_key,  path=None):
                 params=params)
             response.raise_for_status() 
 
-            return humps.decamelize(response.json())
+            return response.json()
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), path) from e
 
@@ -171,7 +183,7 @@ def get_user(self, user_id, redirect_url=None,  path=None):
                 params=params)
             response.raise_for_status()
 
-            return humps.decamelize(response.json())
+            return response.json()
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), path) from e
 
@@ -189,7 +201,7 @@ def delete_user(self, user_id):
                 timeout=self.timeout
             )
             response.raise_for_status()
-            return humps.decamelize(response.json())
+            return response.json()
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), path) from e
 
@@ -210,7 +222,7 @@ def delete_authenticator(self, user_id: str, user_authenticator_id: str) -> Dict
                 timeout=self.timeout
             )
             response.raise_for_status()
-            return humps.decamelize(response.json())
+            return response.json()
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), path) from e
 
@@ -229,7 +241,7 @@ def update_user(self, user_id, data):
 
         response.raise_for_status()
 
-        return humps.decamelize(response.json())
+        return response.json()
 
     def enroll_verified_authenticator(self, user_id, authenticator_payload,  path=None):
         """Enrols an authenticator like a phone number for SMS on behalf of the user
@@ -256,7 +268,7 @@ def enroll_verified_authenticator(self, user_id, authenticator_payload,  path=No
                 timeout=timeout,
                 params=params)
             response.raise_for_status()
-            return humps.decamelize(response.json())
+            return response.json()
         except requests.exceptions.RequestException as e:
             raise ApiException(str(e), path) from e
 
@@ -277,7 +289,7 @@ def validate_challenge(self, token: str, user_id: Optional[str] = None, action:
                 timeout=self.timeout
             )
 
-            response_data = humps.decamelize(response.json())
+            response_data = response.json()
 
             return response_data
         except requests.exceptions.RequestException as e:

authsignal/client_tests.py

@@ -122,7 +122,7 @@ def setUp(self):
                 "tenantId": "555159e4-adc3-454b-82b1-b55a2783f712",
                 "publishableKey": "2fff14a6600b7a58170793109c78b876",
                 "userId": "legitimate_user_id",
-                "actionCode": "alwaysChallenge",
+                "action": "alwaysChallenge",
                 "idempotencyKey": "a682af7d-c929-4c29-9c2a-71e69ab5c603"
             }
         }
@@ -137,7 +137,7 @@ def test_it_returns_success_if_user_id_is_correct(self):
                 'state': 'CHALLENGE_SUCCEEDED', 
                 'stateUpdatedAt': '2024-07-11T22:03:39.037Z', 
                 'userId': 'legitimate_user_id', 
-                'actionCode': 'signin', 
+                'action': 'signin', 
                 'idempotencyKey': 'f2a0275e-bdbb-464a-8398-13c60c98097c'
             },
             status=200
@@ -167,7 +167,7 @@ def test_delete_authenticator(self):
         self.assertEqual(responses.calls[0].response.status_code, 200)
 
     @responses.activate
-    def test_it_returns_success_false_if_user_id_is_incorrect(self):
+    def test_validate_challenge_returns_success_false_if_user_id_is_incorrect(self):
         responses.add(responses.POST, f"{base_url}/validate",
             json={'isValid': False, 'error': 'User is invalid.'},
             status=400
@@ -179,7 +179,7 @@ def test_it_returns_success_false_if_user_id_is_incorrect(self):
         self.assertEqual(response.get("error"), "User is invalid.")
 
     @responses.activate
-    def test_it_returns_isValid_false_if_action_is_incorrect(self):
+    def test_validate_challenge_returns_isValid_false_if_action_is_incorrect(self):
         responses.add(responses.POST, f"{base_url}/validate",
             json={
                 'isValid': False, 
@@ -194,14 +194,14 @@ def test_it_returns_isValid_false_if_action_is_incorrect(self):
         self.assertFalse(response["is_valid"])
 
     @responses.activate
-    def test_it_returns_success_true_if_no_user_id_is_provided(self):
+    def test_validate_challenge_returns_success_true_if_no_user_id_is_provided(self):
         responses.add(responses.POST, f"{base_url}/validate",
             json={
                 'isValid': True, 
                 'state': 'CHALLENGE_SUCCEEDED', 
                 'stateUpdatedAt': '2024-07-11T22:39:23.613Z', 
                 'userId': 'legitimate_user_id', 
-                'actionCode': 'signin', 
+                'action': 'signin',
                 'idempotencyKey': '6d09db21-1aa9-4b7f-826f-dbc6a0af79eb', 
                 'verificationMethod': 'EMAIL_MAGIC_LINK'
             },
@@ -214,5 +214,25 @@ def test_it_returns_success_true_if_no_user_id_is_provided(self):
         self.assertEqual(response["state"], "CHALLENGE_SUCCEEDED")
         self.assertTrue(response["is_valid"])
 
+    @responses.activate
+    def test_action_code_is_omitted_from_validate_challenge_response(self):
+        responses.add(responses.POST, f"{base_url}/validate",
+            json={
+                'isValid': True, 
+                'state': 'CHALLENGE_SUCCEEDED', 
+                'stateUpdatedAt': '2024-07-11T22:39:23.613Z', 
+                'userId': 'legitimate_user_id', 
+                'action': 'signin', 
+                'actionCode': 'signin',
+                'idempotencyKey': '6d09db21-1aa9-4b7f-826f-dbc6a0af79eb', 
+                'verificationMethod': 'EMAIL_MAGIC_LINK'
+            },
+            status=200
+        )
+
+        response = self.authsignal_client.validate_challenge(token=self.jwt_token)
+
+        self.assertNotIn("action_code", response)
+
 if __name__ == "__main__":
     unittest.main()